StoreEver Tape Storage
1748035 Members
4953 Online
108757 Solutions
New Discussion юеВ

MSL LTO-4 Encryption Kit - Key Server Tokens

 
sgunelius
Trusted Contributor

MSL LTO-4 Encryption Kit - Key Server Tokens

We've purchased the LTO-4 Encryption Kits for our two MSL4048 libraries that reside in two different sites on campus (primary data center & recovery data center).

We intend to use both libraries rather than leave one inactive, so I had planned on preparing the key server tokens identically and plugging them into both libraries, so we could readily restore to either library regardless of which one actually "wrote" to the cartridge. Is this logic sound or am I stepping into a beartrap? Thank you.
4 REPLIES 4
CLEB
Valued Contributor

Re: MSL LTO-4 Encryption Kit - Key Server Tokens

I have planned to do exactly the same.

I have not setup the 2nd library yet though.
sgunelius
Trusted Contributor

Re: MSL LTO-4 Encryption Kit - Key Server Tokens

Make sure you double-check your encryption keys. I ran into the problem described in the customer bulletin below and am currently waiting on the new encryption keys.

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01787465&prodTypeId=329290&prodSeriesId=3454521

Good luck.
Curtis Ballard
Honored Contributor

Re: MSL LTO-4 Encryption Kit - Key Server Tokens

You will need to synchronize your tokens periodically.

The token is responsible for both generation and storage of encryption keys. You can set a schedule of how often that is done. Every time a new key is created by the token plugged into the library that is the backup system you will need to copy that key over to the token on the recovery system. That can all be done remotely using the web interface and encrypted files so the overhead isn't too bad. If you use the web interface much you will be notified that a backup is needed every time a new key is generated and that is the time to migrate the keys or set a reminder in your daytimer.
sgunelius
Trusted Contributor

Re: MSL LTO-4 Encryption Kit - Key Server Tokens

Curtis,

We had purchased two kits since I didn't realize there was a primary and backup key in each kit. Also, we had originally planned on keeping our recovery site separate and "dark", but now that primary and recovery will be active for backups, it seems more prudent to use the "identical" keys. I just didn't want to shoot myself in the foot.