StoreEver Tape Storage

Re: MSL2024, standalone LTO-4 drives and encryption

Robert Janas_1
Occasional Contributor

MSL2024, standalone LTO-4 drives and encryption

I'm in the midst of replacing an SDLT library with an MSL2024 and I’m getting conflicting information concerning hardware encryption.

Our production backups will be taken with the MSL2024 library, but we need to be able to take those tapes offsite and restore data using standalone LTO-4 drives (2 drives - one in each of two location, neither of which are installed in a library or autoloader).

It has been suggested I purchase two HP Storageworks MSL Encryption Kits to enable hardware encryption. However, in looking at the documentation/specifications, I don’t see how I it’s possible for those remote drives to utilize the encryption kit.

As I understand it, the USB key server token from the kit must be in the library when backups are performed, so it can’t be moved to a different location without affecting production backups. Further, even if I could use one of the 4 USB keys I’d get with two kits, where would I put the USB key on the standalone drives? Everything I see says it only works with libraries/autoloaders and the USB key is inserted into the drive, not the server running the backup software.

Am I misunderstanding something here? I’m currently using software encryption available within Backup Exec – will I need to continue to do that based on our requirements and just forget the hardware encryption built into these new drives?

Thank you!
Ralf Loehmann_2
Valued Contributor

Re: MSL2024, standalone LTO-4 drives and encryption

Hello Robert, what you want to do here might not be working. The encription key is used with the library and a standalone drive would not work with it. You would need at least the 1/8 Autloader for it. The USB token is inserted in the library controller and not in the drive, even the drive is handling it, but a standalone drive does not have a usb port for it. There is also another issue you would need the token also at the backup site to read the data.
Here is important to understand the hardware encrytion, anyone need to handle the keys for the encrytion. Without a key you do not get you data back. You might check here for details regarding the usb keys:

There could be other ways of key management, like an enterprise solution with SKM or thru another software application, like the backup application. In any case to be prepared for a desaster the keys need be also in another safe place.
I hope that answers the question.