EKM Path Diagnostics
The EKM Path Diagnostics consists of a series of short tests to validate whether the key servers are running, connected, and able to serve keys as required.
Run the Manual EKM Path Diagnostics any time you change the EKM server settings or library encryption settings, and when you replace a tape drive. It is recommended to test each drive that communicates with key manager servers.
The diagnostics consists of the following tests:
- Ping — Verifies the Ethernet communication link between the library and the EKM servers. If the partition in which the selected drive resides uses EKM server overrides, then the override IP addresses are tested (see Setup > Encryption > Partition Configuration). If the partition does not use overrides, the default system IP addresses are tested (see Setup > Encryption > System Configuration).
- Drive — Verifies the drive's path in the library (communication from library to tape drive sled and from tape drive sled to tape drive). The tape drive must be unloaded, ready, and online in order to run this test. If this test fails, the Path and Config tests are not performed.
- Path — Verifies that EKM services are running on the key servers. This test cannot run if the Drive test fails.
- Config — Verifies that the key servers are capable of serving encryption keys. This test cannot run if the Drive test fails.
If any of the tests fail, try the following resolutions and run the diagnostics again to make sure all tests pass:
- Ping Test Failure — Verify that the server host is running and accessible from the network to which the library is connected.
- Drive Test Failure — Look for any tape drive RAS tickets and follow the resolution instructions in the ticket. See Viewing RAS Ticket Details or Subsystem Status for more information.
- Path Test Failure — Verify that the server is actually running and that the port/SSL settings match the library configuration settings. See Configuring Encryption Key Server Access or Configuring Partition Encryption for Dell EKM for more information.
- Config Test Failure — Verify that the server is set up to accept the tape drive you are testing.
|
CAUTION: Performing this action takes the partition in which the selected drive resides offline.
|
This topic explains how to run EKM Path Diagnosis manually. If desired, you can set up the library to run EKM Path Diagnostics automatically at configurable intervals (see Automatic EKM Path Diagnostics). Note that the Manal diagnostics differs from the Manual diagnostics in the following ways:
- The Manual diagnostics takes affected partitions offline.
- The Automatic diagnostics does not take partitions offline, but it may delay moves to tape drives while they are being tested.
- The Manual diagnostics requires that you select one tape drive to use for the test. Since the test only validates the selected drive, if you want to test the path for each tape drive, you must run the test multiple times (once for each drive). To test all servers, you must run the diagnostics once for each Library Managed Encryption enabled partition (each server pair is connected to a unique partition and tape drive). In addition, if the tape drive is not available (it must be unloaded, ready, and online), the Drive, Path, and Config tests are not performed.
- The Automatic diagnostics tests every connected EKM server in turn, and the library selects the tape drive to use for each test. If the selected tape drive is not available (it must be unloaded, ready, and online), then the library tries another tape drive that is connected to the key server until it finds one that is available. If no tape drives connected to a particular key server are available, then that server is skipped and the tests are not performed. If a server is skipped for “X” number of consecutive test intervals (where “X” is configurable on the Web client), the library generates a RAS ticket. If a tape drive remains loaded for a long time, it is possible that it will never be tested. If you want to test a specific tape drive, then you should use the Manual EKM Path Diagnostics. In particular, if you replace a tape drive, run the Manual EKM Path Diagnostics (see below).
Follow the steps below to run EKM Path Diagnosis manually.
- Access the EKM Path Diagnostics screen in one of two ways:
- Enter library Diagnostics (select Tools > Diagnostics) and then select EKM > EKM Path Diagnostics. Note that entering Diagnostics will log off all other users of the same or lower privileges and take your partitions offline. When you exit Diagnostics, the partitions automatically come back online. See About Library Diagnostics for more information.
- Select Setup > Encryption > System Configuration or Setup > Encryption > Partition Configuration and click the link that says "Click here to run EKM Path Diagnostics." Note that performing this action takes the partition in which the selected tape drive resides offline. When the test completes, the partition automatically comes back online.
A list of all the tape drives enabled for library-managed encryption is displayed, along with the drive status and the partition in which each drive resides.
- Select the tape drive on which you want to perform diagnostics and click Apply. Tape drives must be unloaded, ready, and online in order for the test to run.
A dialog box displays telling you that the selected partition will be taken offline.
- Click OK to start the diagnostics.
The Progress Window displays. The Progress Window contains information on the action, elapsed time, and status of the requested operation.
The library performs the diagnostics and reports pass/fail results on each of the tests in the Progress Window.
- Do one of the following:
- If Completed displays in the Progress Window, the diagnostics were performed (this does not mean that the diagnostics passed, just that the diagnostics were performed). Click Close to close the Progress Window.
- If Failure displays in the Progress Window, the diagnostics were not able to be performed. Try the solutions recommended above and perform the test again..
See also: