Dell ™ PowerVault ™Encryption Key ManagerQuick Start Guide for LTO Ultrium 4 and LTO Ultrium 5This guide gets you started with a basic configuration for encryption on LTO Gen 4 and LTO Gen 5 tapedrives. Visit http://support.dell.com to download the latest library and drive firmware prior to installingand configuring the Dell PowerVault Encryption Key Manager to ensure that there are no issues.The Dell PowerVault Encryption Key Manager (referred to as the Encryption Key Manager from thispoint forward) is a Java™ software program that assists encryption-enabled tape drives in generating,protecting, storing, and maintaining encryption keys. These keys are used to encrypt information beingwritten to, and decrypt information being read from, LTO tape media. The Encryption Key Manageroperates on Linux® and Windows®, and is designed to be a shared resource deployed in several locationswithin an enterprise.This document shows how quickly you can install and set up the Encryption Key Manager using thegraphical user interface (GUI) or using commands. This document shows how to use the JCEKS keystoretype because the JCEKS keystore type is the easiest and most transportable of the keystores supported. Ifyou want more information about a particular step or another supported keystore type, see the DellEncryption Key Manager User's Guide, which can be found at: http://support.dell.com or on the DellEncryption Key Manager media provided with your product.Note: IMPORTANT Encryption Key Manager HOST SERVER CONFIGURATION INFORMATION: It isrecommended that machines hosting the Dell Encryption Key Manager program use ECC memoryin order to minimize the risk of data loss. The Encryption Key Manager performs the function ofrequesting the generation of encryption keys and passing those keys to the LTO-4 and LTO-5 tapedrives. The key material, in wrapped (encrypted form) resides in system memory duringprocessing by the Encryption Key Manager. Note that the key material must be transferred withouterror to the appropriate tape drive so that data written on a cartridge may be recovered(decrypted). If for some reason key material is corrupted due to a bit error in system memory, andthat key material is used to write data to a cartridge, then the data written to that cartridge willnot be recoverable (i.e. decrypted at a later date). There are safeguards in place to make sure thatsuch data errors do not occur. However, if the machine hosting the Encryption Key Manager is notusing Error Correction Code (ECC) memory there remains a possibility that the key material maybecome corrupted while in system memory and the corruption could then cause data loss. Thechance of this occurrence is small, but it is always recommended that machines hosting criticalapplications (like the Encryption Key Manager) use ECC memory.Do This First: Install Encryption Key Manager Software1. Insert your Dell Encryption Key Manager CD. If installation does not start automatically in Windows,navigate to the CD and double click on Install_Windows.bat.For Linux, installation does not start automatically. Go to the CD root directory and enterInstall_Linux.sh.An end user license agreement is displayed. You must acknowledge this license agreement in orderfor installation to continue.The installation copies all contents (documentation, GUI files, and configuration property files)appropriate to your operating system from the CD to your hard drive. During installation, yoursystem is checked for the correct IBM Java Runtime Environment. If not found, it is automaticallyinstalled.When installation is complete, the Graphical User Interface (GUI) is started.