Source:Saving Encryption Key Store for HPE StoreOnce Catalyst: Difference between revisions
Line 34: | Line 34: | ||
{{note|You have to copy the key store file to a local system immediately after creation; this is especially important for StoreOnce 6500 and 6600 Systems. Make sure that you keep your key store file updated in case of any changes in the StoreOnce configuration.}} | {{note|You have to copy the key store file to a local system immediately after creation; this is especially important for StoreOnce 6500 and 6600 Systems. Make sure that you keep your key store file updated in case of any changes in the StoreOnce configuration.}} | ||
== {{anchor|GUI}} | == {{anchor|GUI}}StoreOnce Management Console - Key Manager== | ||
Back up the local key store file as follows: | Back up the local key store file as follows: | ||
<ol><li>In the main menu, select '''Settings'''.</li> | <ol><li>In the HPE '''StoreOnce Management Console''' main menu, select '''Settings'''.</li> | ||
<li>In the ''Security section'', click '''Key Manager panel'''. ''Key Manager'' window opens.</li> | <li>In the ''Security section'', click '''Key Manager panel'''. ''Key Manager'' window opens.</li> | ||
<li>In the ''Actions'' menu, select '''Backup'''.</li> | <li>In the ''Actions'' menu, select '''Backup'''.</li> |
Revision as of 13:54, 30 April 2019
Overview
The Hewlett Packard Enterprise (HPE) StoreOnce backup appliance allows you to configure additional Catalyst stores to be used for backup storage. When configuring Catalyst stores, you can enable StoreOnce encryption for each individual Catalyst store; once the encryption is enabled, it cannot be disabled. For details on how to configure a Catalyst store, see Creating HPE StoreOnce Catalyst store.
StoreOnce encryption uses encryption keys. If you have enabled encryption during the Catalyst store creation, you must save your key store information to a file that can be retrieved, if needed. As encryption keys are written to a key store, you should back it up and save securely offsite, thus ensuring that the key store is available in case the original key store gets corrupted. Make sure to keep only the latest version of the key store.
Depending on your StoreOnce version, save your key store information as follows:
- In the StoreOnce 4.x.x version, use the StoreOnce Management Console -> Settings -> Key Manager to save your key store information.
- In the StoreOnce 3.x.x version, use the HPE StoreOnce CLI command config save keystore that backs up the key store and encrypts it, thus ensuring that it can only be decrypted by the HP StoreOnce backup system if required.
Note | |
You have to copy the key store file to a local system immediately after creation; this is especially important for StoreOnce 6500 and 6600 Systems. Make sure that you keep your key store file updated in case of any changes in the StoreOnce configuration. |
StoreOnce Management Console - Key Manager
Back up the local key store file as follows:
- In the HPE StoreOnce Management Console main menu, select Settings.
- In the Security section, click Key Manager panel. Key Manager window opens.
- In the Actions menu, select Backup.
- In the Backup dialog, enter and confirm the password for the encrypted StoreOnce key store file.
Note The key store backup file is encrypted with the password that you have specified and can only be restored by providing this password.
CLI command config save keystore
In the StoreOnce 3.x.x version, you have to specify the config save keystore command, which saves the key store information to a file in the config directory that can be retrieved.
Steps
- Access the StoreOnce CLI from an SSH terminal using an SSH client application. The CLI runs on the management console: ssh <username>@<appliance_IP_address>
- Enter the following command as an administrator: # config save keystore Output example: # config save keystore Enter password to encrypt keystore: Reenter password to confirm: Keystore Save Started Keystore Save Completed Enter command "config show list keystore" to see the saved keystores Command Successful
- Enter the password to encrypt the key store. This password is required for restoring the key store to the device.
- Re-enter the password to confirm it.
- Once the key store file is created, copy it to a safe place outside of the backup system directory.
- Optionally, to list all saved key stores use the command: # config show list keystore Output example: # config show list keystore Keystore files: keystore_HPCZ32482R4R_2013-08-02T174433Z.kms Saved configuration files (key stores) are located in the config directory with the .zip extension which is accessible through the SFTP.
For details on StoreOnce CLI commands used to obtain information about a StoreOnce appliance or to control appliance activity, see HPE StoreOnce CLI Reference Guide.