© 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice HP Library Encryption - LTO4 Key.

Slides:



Advertisements
Similar presentations
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
Advertisements

Copyright Hub Software Engineering Ltd 2010All rights reserved Hub Document Exchange Product Overview Secure Transmission for Transaction-based Documents.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.
Point-to-Point Protocol
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Lesson 17: Configuring Security Policies
Chapter 4 Authentication Applications. Objectives: authentication functions developed to support application-level authentication & digital signatures.
Introduction to push technology © 2009 Research In Motion Limited.
12/2/2003chow1 Network and System Support for Multi-Level Security C. Edward Chow Department of Computer Science University of Colorado At Colorado Springs.
16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
6/4/2015Page 1 Enterprise Service Bus (ESB) B. Ramamurthy.
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
Distributed Systems Fall 2009 Replication Fall 20095DV0203 Outline Group communication Fault-tolerant services –Passive and active replication Highly.
Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.
Lesson 18: Configuring Application Restriction Policies
Check Disk. Disk Defragmenter Using Disk Defragmenter Effectively Run Disk Defragmenter when the computer will receive the least usage. Educate users.
Chapter 9 Overview  Reasons to monitor SQL Server  Performance Monitoring and Tuning  Tools for Monitoring SQL Server  Common Monitoring and Tuning.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 7 Configuring File Services in Windows Server 2008.
CVSQL 2 The Design. System Overview System Components CVSQL Server –Three network interfaces –Modular data source provider framework –Decoupled SQL parsing.
Overview What are the provisioning methods used in the Australian registry system? How are these provisioning systems secured?
Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.
Upcoming Enhancements to the HST Archive Mark Kyprianou Operations and Engineering Division Data System Branch.
High-Speed, High Volume Document Storage, Retrieval, and Manipulation with Documentum and Snowbound March 8, 2007.
MCTS Guide to Configuring Microsoft Windows Server 2008 Active Directory Chapter 6: Windows File and Print Services.
Obsydian OLE Automation Ranjit Sahota Chief Architect Obsydian Development Ranjit Sahota Chief Architect Obsydian Development.
W. Sliwinski – eLTC – 7March08 1 LSA & Safety – Integration of RBAC and MCS in the LHC control system.
Software Updates © Copyright 2011 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
© 2010 IBM Corporation 23 September 2015 KMIP Server-to-server: use-cases and status Marko Vukolic Robert Haas
Behzad Akbari Spring 2012 (These slides are based on lecture slides by Lawrie Brown)
By Lecturer / Aisha Dawood 1.  You can control the number of dispatcher processes in the instance. Unlike the number of shared servers, the number of.
20411B 8: Installing, Configuring, and Troubleshooting the Network Policy Server Role Presentation: 60 minutes Lab: 60 minutes After completing this module,
MINT Working Group Jan 9-10 at Harris FBC Melbourne, FL.
Designing Authentication for a Microsoft Windows 2000 Network Designing Authentication in a Microsoft Windows 2000 Network Designing Kerberos Authentication.
Wyoming Online Career and Technical Assessment System Student Registration Training.
Feedback #2 (under assignments) Lecture Code:
Web Security : Secure Socket Layer Secure Electronic Transaction.
(Business) Process Centric Exchanges
Compatibility and Interoperability Requirements
1 Schema Registries Steven Hughes, Lou Reich, Dan Crichton NASA 21 October 2015.
Advanced Computer Networks Topic 2: Characterization of Distributed Systems.
Systems Management Server 2.0: Backup and Recovery Overview SMS Recovery Web Site location: Updated.
Module 4: Configuring and Troubleshooting DHCP
Chapter 10 Chapter 10: Managing the Distributed File System, Disk Quotas, and Software Installation.
Cryptography and Network Security Chapter 14 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
© 2005 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Introducing ASAP Hybrid January,
Strictly Business Using “StrictlyFused” to Create an Extensible Knowledge Portal.
Security fundamentals Topic 5 Using a Public Key Infrastructure.
Database Security Cmpe 226 Fall 2015 By Akanksha Jain Jerry Mengyuan Zheng.
Office of Housing Choice Voucher Program Voucher Management System – VMS Version Released October 2011.
ICM – API Server & Forms Gary Ratcliffe.
ICM – API Server Gary Ratcliffe. 2 Agenda Webinar Programme API Server Overview JSON-RPC iCM API Service API Server and Forms New services under.
© Copyright 2009 SSLPost 01. © Copyright 2009 SSLPost 02 a recipient is sent an encrypted that contains data specific to that recipient the data.
ASP-2-1 SERVER AND CLIENT SIDE SCRITPING Colorado Technical University IT420 Tim Peterson.
Steven Perry Dave Vieglais. W a s a b i Web Applications for the Semantic Architecture of Biodiversity Informatics Overview WASABI is a framework for.
Institute for the Protection and Security of the Citizen HAZAS – Hazard Assessment ECCAIRS Technical Course Provided by the Joint Research Centre - Ispra.
AFS/OSD Project R.Belloni, L.Giammarino, A.Maslennikov, G.Palumbo, H.Reuter, R.Toebbicke.
© 2003 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Industry Standard Server Support.
5 Copyright © 2008, Oracle. All rights reserved. Testing and Validating a Repository.
Maintaining and Updating Windows Server 2008 Lesson 8.
1 Example security systems n Kerberos n Secure shell.
Amazon Web Services. Amazon Web Services (AWS) - robust, scalable and affordable infrastructure for cloud computing. This session is about:
Configuring the User and Computer Environment Using Group Policy Lesson 8.
Point-Point Protocol (PPP) by William F. Widulski.
Architecture Review 10/11/2004
Module Overview Installing and Configuring a Network Policy Server
Cryptography and Network Security
Overview Multimedia: The Role of WINS in the Network Infrastructure
(Includes setup) FAQ ON DOCUMENTS (Includes setup)
Presentation transcript:

© 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice HP Library Encryption - LTO4 Key Management API

2 Tools Systems Overview Objectives Architecture

3 HP KM API Objectives Objectives Objective 1 is to securely manage key generation policies in the KMA −But minimize library knowledge by the KMA Objective 2 is a standardized key management interface for each library, regardless of the key manager. KMA sets and maintains policy, and library enforces policy.

4 Architecture

5 HP KM API Architecture HP’s KM API lives between the Key Transport (client side), and the Key Mgmt Plug-in (server side) Server-side is a driver, containing KMA-specific code −Calls KMA functions like “create key”, “retrieve key”, “create log entry” −Over time, this component handles all key managers. The KMA owns the Key Generation Policy (KGP) −SO establishes policy for each library and partition. Library’s Key Mgmt Plug-in enforces the KGP Key is always encrypted between library and KMA −Normally via SSL or HTTPS −But key can also be separately encrypted Key Mgmt Plug-in and KMA would agree on the method

6 Tools HP KM API Use Case

7 Example API Use Case Encrypt data to tape Security officer enrolls, or registers, libraries with the KMA (one-time) Security officer configures KGPs for each library/partition (one-time) −Example: Key per partition, or key per tape Libraries login to KMA, receive their specific KGP. Backup app loads media Library’s Key Transport requests a key, via the Get Key API −Provides identifying data with the request. Library’s Key Mgmt Plug-in requests a key from the KMA −Key Transport loads key into drive Backup app reads or writes data to tape

8 Tools Key Management API Log In, Log Out Get Key Get KMA info Get Policies Get Message Record Event

9 API Log In Parameters: The library properties Returns: A session container Behavior: synchronous (client waits for response from KMA) The library properties contain The unique identifier for the library/partition The current library capabilities −Policies supported −Reporting capabilities −Messaging capabilities

10 API Log In (continued) The session container contains A unique identifier for the session The current policies for the library −Cached or interactive mode (advanced feature) −Events library will record −Frequency to check for new policies (advanced feature) −Distributed policies for key generation (advanced feature) −Key usage policies Directs when or where a key may be used −Clock synchronization policy Logs use library or KMA clock −Key Generation Policy Example: key per tape, key per partition A message indicator −Indicates a message from the KMA is available

11 API Log In (continued) Notes The KMA notifies the library if policies change while it’s logged in −Message field is a method of notification

12 API Log Out Parameters: The library/partition identifier Returns: Status container Behavior: synchronous Status includes Status of the log out operation a message indicator. Notes Logging out will close the session. No further API calls may be placed by the library, until it re- authenticates, and logs in again.

13 API Get Key Parameters: key meta data Returns: a key container Behavior: synchronous (client waits for response) Key meta-data includes −Media identifier(s) −Library/partition ID. 32 bytes, ASCII alpha-numeric. (Library vendor ID and serial number) −Drive ID. 32 bytes, ASCII alpha-numeric. (Drive vendor ID and serial number)

14 API Get Key (continued) A key container includes − the data encryption key Key maybe encrypted separately, or plain text −Key usage restrictions Read-only, for a specific drive, etc. −A message indicator −The container may contain multiple keys (advanced feature)

15 API Get Key (continued) Notes: −Get Key must have very low latency, high reliability −Could return a set of keys to support caching (advanced feature)

16 API Get KMA Info Parameters: Library/partition identifier Returns: KMA information Behavior: synchronous KMA Information includes −KMA Description. Vendor ID, model number, serial number, firmware version of the KMA −KMA Database Status. Current operational state of the KMA database (available, offline, initializing) −KMA time of day information. −KMA physical (data center/site) location −KMA API version. −A message indicator Notes: The API version info must have the same format in all API versions

17 API Get Policies Parameters: library/partition identifier Returns: Policy information for this library Behavior: synchronous Policy information includes The current policies for the library −Cached or interactive mode (advanced feature) −Events library will record −Frequency to check for new policies (advanced feature) −Distributed policies for key generation (advanced feature) −Key usage policies Directs when or where a key may be used −Clock synchronization policy Logs use library or KMA clock −Key Generation Policy Example: key per tape, key per partition A message indicator −All API calls can indicate a message from the KMA is available

18 API Get Policies (continued) Notes: This API returns the same policy information as the login It is used to refresh policy information without closing the session Could be called in response to a policy-changed message on the previous API call The purpose is to allow automatic configuration updates at the libraries in response to changes in KMA policy −Use cases: SO changed partition key, or changed reporting policy

19 API Get Message Parameters: library/partition identifier Returns: Message information Behavior: synchronous Message information includes Message text Message recipient −Example: Service log, key manager A message indicator Notes Advanced feature The KMA can issue messages to the clients, such as ‘policy changed’ or ‘KMA changed’.

20 API Record Event Parameters: Event information Returns: Status Behavior: synchronous Event information includes Originator ID: Library, drive, and media IDs Event type: examples are “key was used”. “Decrypt error”. Event payload: The event message text. Timestamp: SO can select whether to use library’s timestamp, or KMA’s Status (from KMA) includes Number of event bytes recorded Message indicator

21 API Record Event (continued) Notes SO sets reporting policies for the library Library executes the reporting policy Use cases −Record security-related configuration changes (Password changes, firmware updates, component replacements) −Record security-related errors. (decrypt failures, key mismatch, authentication failure) −Records key usage.

22 Tools Supplemental Caching

23 Caching May not be necessary for tape applications −If latencies are acceptable −Can be used if performance becomes an issue Expected to be a requirement for disk/server applications −Key changes may be needed per mount point, per volume, etc. −High performance requirements may not tolerate network latencies, unpredictability Example usage. Cached write-key −A write-key is cached at the library/partition −Is only updated when the policy changes −Library uses cached key without a Get Key call −Reduces latencies in the key-per-library polic

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.