Sun Microsystems, Inc.  Oracle System Handbook - ISO 7.0 May 2018 Internal/Partner Edition
   Home | Current Systems | Former STK Products | EOL Systems | Components | General Info | Search | Feedback

Asset ID: 1-71-1915287.1
Update Date:2014-08-14
Keywords:
Solution Type  Technical Instruction Sure

Solution  1915287.1 :   KMS 1.x - Need Instructions To Initialize Token For KMS System  

Related Items 
    

  • Sun StorageTek Crypto Key Management System
    •  
Related Categories 
    

  • PLA-Support>Sun Systems>TAPE>Backup Software-Filesystems>SN-TP: Encryption
    •  






In this Document


Goal


Solution



Created from <SR 3-9391595750>


Applies to:  

Sun StorageTek Crypto Key Management System - Version All Versions to All Versions [Release All Releases]
Information in this document applies to any platform.



Goal


How do you initialize a token?
 


Solution


Here is the procedure to initialize a token that is used to transfer keys to library drives. 

1. Assign permanent IP settings to the token

    Note 1. In order to perform this activity, you must have a token bay attached directly to Crypto Key Management Station.
    Note 2. Before you perform this activity, you must obtain the following information for the token:
                1) the unique MAC address, which is printed on the token label;
                2) the permanent IP settings to be used by the encryption-capable library drives to communicate with the token.

   a. Power on the Crypto Key Management Station workstation.

   b. Log in to the workstation using the kmsadmin login ID.
      Login: kmsadmin
      Password: password
      where password is the password assigned to the kmsadmin login ID.

   c. Select Launch > Applications > Utilities to open a Terminal window.

   d. Insert a physical token into the token bay attached directly to the Crypto Key Management Station.

   e. Issue the command to assign the permanent IP settings.
      # /opt/SUNWkms/app/tools/send_permanent_ip -i token_IP_address -m netmask -g gateway_IP_address token_MAC_address

      where:
       ■ token_ip_address is the permanent IP address you want to assign to the token. This IP address must be on the same subnet as the library drives.
       ■ netmask is the netmask for the network on which the token resides.
       ■ gateway_IP_address is the IP address of the gateway node on which the token resides.
       ■ token_MAC_address is the MAC address assigned to the token.

   f. Verify that the token has successfully received the settings.
      # /opt/SUNWkms/app/tools/search_tokens

      In the display, use the MAC address to locate the token you have just updated and verify that the IP settings are correct.

   g. For future reference, you may want to write the IP address on the token’s label.



2. On the KMS GUI, log in as Security Officer or User.


3. Select Tokens > Create.


4. Enter Token ID, Description (optional), Token Version, MAC Address, and IP address.

    Note –The IP address is assigned as follows:
    ■ For networked token operations, this is an IP address on the same subnet as the library drives.
    ■ For air gap operations, this is an IP address on the same subnet as the Crypto Key Management Station.

5. Click Apply.
    You can now use the token to transfer keys to the library drives



The KMS User's Guide can be downloaded from here - http://docs.oracle.com/cd/E19519-01/index.html
 



Attachments

This solution has no attachment


















       

Copyright © 2018 Oracle, Inc.  All rights reserved.

 Feedback