System recommended content:
1. HPE StoreEver MSL3040 Tape Library User and Service Guide | Encryption configuration
Please click on "Thumbs Up/Kudo" icon to give a "Kudo".
Thank you for being a HPE valuable community member.
And did you by the
AM495A HPE StoreEver 1/8 G2 Tape Autoloader and MSL Tape Library Encryption Kit?
Notes: The Encryption Kit key server token will generate and retain encryption keys for HPE LTO Ultrium tape drives in the library. Works independent of application or backup software; doesn't require ISV support.
You have also to stick the special USB Token in the Library USB Slot.
Since LTO-5 and higher have a Hardware Encryption Chip included, you can also use Password-Based Hardware Encryption. Nothing to do with this, above. This is for free and then do not change the default Setting in the Libary. Set it back and enable only inside Veeam:
I think this is what you expect.
Cali
I'm not an HPE employee, so I can be wrong.
Adam, When you say you have enabled the USB - MSL Encryption kit for the partition, I assume you have purchased the AM495A kit, inserted a USB token into the library, initialized it, and created a key. If you have done that, the encryption for the partition is invisible to the ISV and Veeam will not (can not) report that the job is encrypting because it has no way of knowing. If Veeam shows the job is encrypting, it is set up to use encryption, which is an entirely different method. To verify the jobs are actually encrypting, you can watch the library Remote Management Interface while a backup is running. If the drive status shows "writing" while the backup is running, it is NOT encrypting. If encryption is on and the backup is running, the drive status should say "encrypting". If the USB token is removed, or not logged in, you should be getting external key encryption failure messages on your attempts to write.
On a new installation, I would also verify your backups by doing some restores - you should see "decrypting" on the drive status when the drive reads the encrypted tapes. Also remember to follow the token backup procedures outlined in the USB encryption User Guide. It is imperative that a token backup is available in case of damage or loss of the primary token. Any time a new key is created on the token, it should be backed up and stored in a safe, offsite location and/or restored to the secondary token included in the kit. You also need to make sure the token password is always available, without access to the keys on the token (physical token and password), no data is recoverable from any tapes written with encryption.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]