Tape Libraries and Drives
cancel
Showing results for 
Search instead for 
Did you mean: 

How to enable hardware encryption with the LTO4 drives

CBZ
Occasional Advisor

How to enable hardware encryption with the LTO4 drives

Hi All,

Please let me know the coomands or procedure to hardware encryption on my LTO4 drives.

Regards,
CBZ
4 REPLIES
Pete Randall
Outstanding Contributor

Re: How to enable hardware encryption with the LTO4 drives

Curtis Ballard
Honored Contributor

Re: How to enable hardware encryption with the LTO4 drives

There are two HP supported hardware methods for enabling encryption. The fist is the SKM which is documented in the previous message along with tape drives in the EML-e or ESL-e libraries. The other is the MSL-G3 encryption kit which uses a token called a PLK and is an inexpensive solution for the MSL-G3 (2024/4048/8068) tape libraries and the 1/8 G2.

The other method is software. There are some utilities published on the internet for pushing keys to the drives. Those are a little risky as there is the possibility that an event will cause the drive to clear the keys (a security step caused by several events) and if a key is lost the data may be written unencrypted. The best software method is to use your backup application and an encryption key management option. Most major applications now have an option for enabling encryption.
Tom O'Toole
Respected Contributor

Re: How to enable hardware encryption with the LTO4 drives


If encryp[tion is disabled, or the key is reset, the key instance counter should also change - which is something that should be checked before (and probably after) encrypted backups are made.
Can you imagine if we used PCs to manage our enterprise systems? ... oops.
Curtis Ballard
Honored Contributor

Re: How to enable hardware encryption with the LTO4 drives

True the key instance counter changing can be checked however be careful how that is used. The counter will change but may not steadily increment so you can't read a lot into the amount of change. Different vendors have implemented different ways of counting the key instance counter. All HP drives will behave the same but other products with tape data encryption may not.