- Community Home
- >
- Storage
- >
- Data Protection and Retention
- >
- StoreEver Tape Storage
- >
- Re: LTO IV Tape Encryption
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-03-2010 08:50 AM
тАО08-03-2010 08:50 AM
I want to know if it is possible to write an LTO IV encrypted tape on the AIX server and somehow read that tape on a seperate LTO IV drive on a Solaris server?
The tape would be written with tar (GNU).
Thanks
Solved! Go to Solution.
- Tags:
- encryption
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-03-2010 10:52 PM
тАО08-03-2010 10:52 PM
Re: LTO IV Tape Encryption
Hardware or software encryption?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-04-2010 06:30 AM
тАО08-04-2010 06:30 AM
Re: LTO IV Tape Encryption
The question I'm looking to get answered is how can I write a hardware encrypted tape - using a LTO IV tape drive on an AIX box and restore the same tape on a Solais box using a different LTO IV tape drive - understanding that the two boxes are not on the same network.
Being that the key is not on the tape I'm interested in understanding if i can share keys (if that is the right terminology) between environments?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-04-2010 01:53 PM
тАО08-04-2010 01:53 PM
SolutionIt can be done relatively easily if you have an MSL Series tape library (1/8 G2, 2024, 4048, 8096) and the encryption kit. That is a system that manages the encryption keys entirely on the tape library so anything written by tar will be encrypted.
With the MSL encryption kit the keys are stored on a USB token and require authentication before they can be accessed so transport of the token is pretty safe. You can also perform a backup to a file and email or otherwise transfer the file to transfer keys. The backup file is encrypted so you have to have a password again to get back in.
Without hardware support you would probably want to use something like HP Data Protector instead of tar so that the software could load and manage the encryption keys.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-04-2010 02:20 PM
тАО08-04-2010 02:20 PM
Re: LTO IV Tape Encryption
We are looking for a solution that is more portable (less expensive) than a library (which would actually mean two libraries) - that is why we wanted to know if we could do with 2 stand alone drives?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-04-2010 03:31 PM
тАО08-04-2010 03:31 PM
Re: LTO IV Tape Encryption
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-04-2010 04:07 PM
тАО08-04-2010 04:07 PM
Re: LTO IV Tape Encryption
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-05-2010 11:34 AM
тАО08-05-2010 11:34 AM
Re: LTO IV Tape Encryption
Having the encryption totally managed by the autoloader would give you freedom from your environment and applications. Using a simple tool available just about everywhere like tar works and your data is protected.
Like you say software methods exist and you could do it but there is going to be more overhead and dependence on the tool chosen. For any large amount of data tape is the cheapest solution for encrypting and transporting large amounts of data.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-05-2010 03:43 PM
тАО08-05-2010 03:43 PM
Re: LTO IV Tape Encryption
Thanks again.
This is a one time event with our customer but the transfer would not be all in one shot - hence why I originally wanted two single drives. If i had to loaders one always at my site and the other at a customer site - could i share tapes between them?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-06-2010 08:11 AM
тАО08-06-2010 08:11 AM
Re: LTO IV Tape Encryption
The token backup file can be safely transported through any file transfer mechanism as it is encrypted and can be decoded except by a MSL tape library after you enter the password.
At the other end you have the second token in the second autoloader and you can restore the backup file onto the second token then you have a copy of the keys at both ends.
If the source autoloader is configured to only generate new write keys on request then you are done. If you need to periodically crate a different key you can manually request a new write key or you can set a schedule. The default is that a new write key is created every month.
If the customer is really security conscious you can have then owner and enter the token passwords and backup file passwords then at the end of the job even you can't get to the data.