Multiple Key Managers for RedundancyThe Encryption Key Manager is designed to work with tape drives and libraries toallow redundancy, and thus high availability, so you can have multiple keymanagers servicing the same tape drives and libraries. Moreover, these keymanagers need not be on the same systems as the tape drives and libraries. Themaximum number of key managers depends on your library or proxy. The onlyrequirement is that they be available to the tape drives through TCP/IPconnectivity.This allows you to have two Encryption Key Managers that are mirror images ofeach other with built-in backup of the critical information about your keystores, aswell as a failover in the event one key manager becomes unavailable. When youconfigure your device (or proxy) you can point it to two key managers. If one keymanager becomes unavailable for any reason, your device (or library) will simplyuse the alternate key manager.You also have the capability to keep the two Encryption Key Managerssynchronized. It is critical that you take advantage of this important function whenneeded, both for its inherent backup of critical data and also for its failovercapability to avoid any outages in your tape operations. Refer to “SynchronizingData Between Two Key Manager Servers” on page 4-2.Note: Synchronization does not include keystores. They must be copied manually.Encryption Key Manager Server ConfigurationsThe Encryption Key Manager may be installed on a single-server or on multipleservers. The following examples show one- and two-key manager configurationsbut your library may allow more.Single-Server ConfigurationA single-server configuration, shown in Figure 2-4, is the simplest Encryption KeyManager configuration. However, because of the lack of redundancy it is notrecommended. In this configuration, all tape drives rely on a single key managerserver with no backup. Should the server go down, the keystore, configuration file,KeyGroups.xml file, and drive table would be unavailable, making any encryptedtape unreadable. In a single-server configuration you must ensure that backupcopies of the keystore, configuration file, KeyGroups.xml file, and drive table aremaintained in a safe place, separate from the Encryption Key Manager, so itsfunction can be rebuilt on a replacement server if the server copies are lost.Key StoreDrive TableConfig FileKey Groupsa14m0256EncryptionKeyManagerTape LibraryATape LibraryBTape LibraryCFigure 2-4. Single Server ConfigurationChapter 2. Planning Your Encryption Key Manager Environment 2-7||||