Planning Your Q-EKM Environment
Q-EKM Server Configurations
Quantum Encryption Key Manager User’s Guide 12
Q-EKM Server Configurations
Q-EKM can be installed as a Single-Server Configuration or as a Two-
Server Configuration.
Single-Server
Configuration 2
A single-server configuration, shown in Figure 2, is the simplest Q-EKM
configuration. However, because of the lack of redundancy, it is not
recommended. In this configuration, all tape drives rely on a single key
manager server with no backup. Should the server go down, the keystore
becomes unavailable, making any encrypted tape unreadable (and
preventing encrypted writes). In a single-server configuration, you must
make sure that current, non-encrypted backup copies of the keystore and
configuration files are maintained in a safe place, separate from Q-EKM,
so its function can be rebuilt on a replacement server if the server copies
are lost.
The keystore and configuration files are:
•
ClientKeyManagerConfig.properties
• EKMKeys.jck
• KeyManagerConfig.properties
• library_serialnum
• library_wwnamekey
• QEKMIEKey<librarySN>.pk12
The files are all in the root QEKM directory located here:
Windows
c:\Program Files\Quantum\QEKM
Linux
/opt/Quantum/QEKM
Comments to this Manuals