Message
Description
Recommended action
Unsupported hardware found
Hardware in unsupported type/
model
Verify that you have installed the
appropriate StoreOnce Optional
Hardware.
Invalid hardware
The hardware is invalid
Contact Hewlett Packard
Enterprise Support.
Security features
The StoreOnce System offers the security features of Data at Rest Encryption, Data in Flight Encryption,
and Secure Erase. They can be applied using a Security license.
See
on page 188 for information on how to apply the Security license for these
features.
Data at Rest Encryption
When enabled, the Data at Rest Encryption security feature protects data at rest on a stolen, discarded,
or replaced disk from forensic attack.
Creation of a new VTL library, StoreOnce Catalyst store, or NAS share provides the option to enable
encryption if the security features license was already applied. Once enabled, encryption will
automatically be performed on the data before it is written to disk. Encryption cannot be disabled once it
is configured for a VTL library, StoreOnce Catalyst store, or NAS share.
NOTE:
Each configured VTL library, StoreOnce Catalyst store, or NAS share uses a different key. The
StoreOnce software automatically tracks which key is relevant to which device in the Key Store File. Keys
are automatically re-applied to the correct device if the key store file is restored.
IMPORTANT:
Be very diligent about backing up your key store if you are creating encrypted stores
or libraries. See the
StoreOnce System CLI Reference Guide
for more information about the
StoreOnce CLI commands for backing up and restoring key stores.
Every time that you expand storage by adding a couplet, you must restore your key store. Installing
the additional couplet is an Hewlett Packard Enterprise support task, but you are responsible for
ensuring that a Security license is installed for the new couplet and for saving the existing key store.
NOTE:
The encryption feature is licensed per couplet. If you have multiple couplets in the StoreOnce
System cluster, obtain and apply a Security license for each couplet in the cluster. When mapping
replication to target devices on a different StoreOnce System, Hewlett Packard Enterprise recommends
that encryption is licensed and enabled on both the source and the target couplet or appliance.
Data in Flight Encryption
Data in Flight Encryption is intended to be used to secure network links between data centers for
StoreOnce VTL or NAS Replication, or for Low Bandwidth Catalyst Copy operations. Using Data In Flight
Encryption for direct backup operations to the StoreOnce appliance over a local network is not supported
due to the performance impact of the encryption. When enabled, the Data in Flight Encryption security
feature protects data that is in transit from forensic attack using the IPsec protocol. The data can be
moving between two StoreOnce appliances over a WAN or a StoreOnce appliance and a backup server
over a LAN or WAN.
Data in Flight Encryption encrypts the data traffic to all the stores using that IP connection. Therefore, it
may have an impact on performance.
Security features
199