Configure the KMA to Connect with the SL4000

Setup network routing on the KMAs that reside in the same subnet as the SL4000 OKM network port.

Provide a route between the internal SL4000 drive network and either the Service or Management Network of the OKM appliances. Best practice is to have encrypting tape drives isolated on the service network.

  • All SL4000 library base units are assigned an internal drive IP subnet of 192.168.1.0.
  • Drive Expansion Modules (DEMs) are assigned an IP address with a different third octet based upon whether the module is installed to the left or right of the base module.

    Note:

    You can either add the specific routes to the base drive module, or if you have multiple DEMs adding a route of 192.168.0.0 will enable access to all drives in the base and DEMs.

    Refer to the SL4000 documentation for specifics about subnet values.

Familiarity with OKM network topology is very helpful. For example, there may be KMAs at a remote site that may or may not have service network routes between them depending upon customer tape drive failover requirements. The following figure shows a representation of an OKM Cluster and an SL4000 library. There is a Key Management Network between the workstation and the OKM Cluster. The KMA Service network from the cluster connects to the SL4000 OKM Network.

Figure B-1 OKM Connected with an SL4000 Tape Library

Description of Figure B-1 follows
Description of "Figure B-1 OKM Connected with an SL4000 Tape Library"
  1. Identify the KMAs in the same subnet as the SL4000 that need to access the SL4000 internal drive network. Perform the following on only KMAs that reside on that subnet, not all KMAs in the cluster.
  2. Log in to the OKM console with the Security Officer role, and open the configuration menu.
  3. Enter 5 at the prompt to Modify Gateway Settings.
  4. Select option 1 Add a gateway.
  5. Select option 2 Service to select the network.
  6. Select option 2 Network to select the route type.
  7. Enter the network values:
    • Enter 10.80.46.89 for the Gateway IP Address.
    • Enter 192.168.0.0 for the Destination IP Address.
    • Enter 255.255.0.0 for the Route Subnet Mask.

    The Gateway IP Address is the IP Address assigned to the SL4000 OKM Network port.

  8. Enter y to commit the changes.
  9. Select option 3 Exit gateway configuration.

Repeat this procedure as necessary for any OKM appliance that needs Service Network access to the SL4000 internal drive network.