background image

Copyright © 2008 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, California 95054, U.S.A. All rights reserved.
Sun Microsystems, Inc. has intellectual property rights relating to technology embodied in the product that is described in this 

document.In particular, and without limitation, these intellectual property rights may include one or more of the U.S. patents listed at 

http://www.sun.com/patents and one or more additional patents or pending patent applications in the U.S. and in other countries.
THIS PRODUCT CONTAINS CONFIDENTIAL INFORMATION AND TRADE SECRETS OF SUN MICROSYSTEMS, INC. USE, 

DISCLOSURE OR REPRODUCTION IS PROHIBITED WITHOUT THE PRIOR EXPRESS WRITTEN PERMISSION OF SUN 

MICROSYSTEMS, INC.
Use is subject to license terms.  This distribution may include materials developed by third parties.This distribution may include 

materials developed by third parties.Parts of the product may be derived from Berkeley BSD systems, licensed from the University of 

California.
UNIX is a registered trademark in the U.S. and in other countries, exclusively licensed through X/Open Company, Ltd.Sun,  Sun 

Microsystems,  the Sun logo,  Solaris,  Sun StorageTek Crypto Key Management System,  StorageTek and the StorageTek logo are 

trademarks or registered trademarks of Sun Microsystems, Inc. in the U.S. and other countries.
Products covered by and information contained in this service manual are controlled by U.S. Export Control laws and may be subject 

to the export or import laws in other countries.  Nuclear, missile, chemical biological weapons or nuclear maritime end uses or end 

users, whether direct or indirect, are strictly prohibited.  Export or reexport to countries subject to U.S. embargo or to entities identified 

on U.S. export exclusion lists, including, but not limited to, the denied persons and specially designated nationals lists is strictly 

prohibited. Use of any spare or replacement CPUs is limited to repair or one-for-one replacement of CPUs in products exported in 

compliance with U.S. export laws.  Use of CPUs as product upgrades unless authorized by the U.S. Government is strictly prohibited.
DOCUMENTATION IS PROVIDED “AS IS” AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND 

WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR 

NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY 

INVALID.

Copyright © 2008 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, California 95054, Etats-Unis. Tous droits réservés.
Sun Microsystems, Inc. détient les droits de propriété intellectuels relatifs à la technologie incorporée dans le produit qui est décrit 

dans ce document. 
En particulier, et ce sans limitation, ces droits de propriété intellectuelle peuvent inclure un ou plus des brevets américains listés à 

l'adresse http://www.sun.com/patents et un ou les brevets supplémentaires ou les applications de brevet en attente aux Etats - Unis 

et dans les autres pays.
CE PRODUIT CONTIENT DES INFORMATIONS CONFIDENTIELLES ET DES SECRETS COMMERCIAUX DE SUN        

MICROSYSTEMS, INC. SON UTILISATION, SA DIVULGATION ET SA REPRODUCTION SONT INTERDITES SANS L                         

AUTORISATION EXPRESSE, ECRITE ET PREALABLE DE SUN MICROSYSTEMS, INC.
L'utilisation est soumise aux termes de la Licence.Cette distribution peut comprendre des composants développés par des tierces 

parties.Cette distribution peut comprendre des composants développés par des tierces parties.Des parties de ce produit pourront être 

dérivées des systèmes Berkeley BSD licenciés par l'Université de Californie. 
UNIX est une marque déposée aux Etats-Unis et dans d'autres pays et licenciée exclusivement par X/Open Company, Ltd.Sun,  Sun 

Microsystems,  le logo Sun,  Solaris,  Sun StorageTek Crypto Key Management System,  StorageTek et le logo StorageTek sont des 

marques de fabrique ou des marques déposées de Sun Microsystems, Inc. aux Etats-Unis et dans d'autres pays.
Ce produit est soumis à la législation américaine en matière de contrôle des exportations et peut être soumis  à la règlementation en 

vigueur dans  d'autres pays dans le domaine des exportations et importations. Les utilisations, ou utilisateurs finaux, pour des armes 

nucléaires, des missiles, des armes biologiques et chimiques ou du nucléaire maritime, directement ou indirectement, sont strictement 

interdites. Les exportations ou reexportations vers les pays sous embargo américain, ou vers des entités figurant sur les listes 

d'exclusion d'exportation américaines, y compris, mais de manière non exhaustive, la liste de personnes qui font objet d'un ordre de ne 

pas participer, d'une façon directe ou indirecte, aux exportations des produits ou des services qui sont régis par la législation 

américaine en matière de contrôle des exportations et la liste de ressortissants spécifiquement désignés, sont rigoureusement 

interdites. L'utilisation de pièces détachées ou d'unités centrales de remplacement est limitée aux réparations ou à l'échange standard 

d'unités centrales pour les produits exportés, conformément à la législation américaine en matière d'exportation. Sauf autorisation par 

les autorités des Etats-Unis, l'utilisation d'unités centrales pour procéder à des mises à jour de produits est rigoureusement interdite.
LA DOCUMENTATION EST FOURNIE “EN L'ETAT” ET TOUTES AUTRES CONDITIONS, DECLARATIONS ET GARANTIES 

EXPRESSES OU TACITES SONT FORMELLEMENT EXCLUES, DANS LA MESURE AUTORISEE PAR LA LOI APPLICABLE, Y 

COMPRIS NOTAMMENT TOUTE GARANTIE IMPLICITE RELATIVE A LA QUALITE MARCHANDE, A L'APTITUDE A UNE 

UTILISATION PARTICULIERE OU A L'ABSENCE DE CONTREFACON.

We welcome your feedback. Use the OpinionLab [+] feedback system on the documentation Web site or Send your comments to: 

Sun Learning Services 
Sun Microsystems, Inc. 
500 Eldorado Blvd. 
Mailstop: UBRM06-307 
Broomfield, CO 80021-6307 
USA 

Please include the publication name, part number, and edition number in your correspondence if they are available. 

This will expedite our response. 

Please

Recycle

Summary of Contents for StorageTek Crypto

Page 1: ...Sun StorageTekTM Crypto Key Management System HP LTO4 Encryption Capable Tape Drives Technical Brief Part Number 316196601 Revision A ...

Page 2: ......

Page 3: ...Sun Microsystems Inc www sun com Crypto Key Management System Version 2 0 HP LTO4 Tape Drive Technical Brief Part Number 316196601 June 2008 Revision A ...

Page 4: ...aires ou les applications de brevet en attente aux Etats Unis et dans les autres pays CE PRODUIT CONTIENT DES INFORMATIONS CONFIDENTIELLES ET DES SECRETS COMMERCIAUX DE SUN MICROSYSTEMS INC SON UTILISATION SA DIVULGATION ET SA REPRODUCTION SONT INTERDITES SANS L AUTORISATION EXPRESSE ECRITE ET PREALABLE DE SUN MICROSYSTEMS INC L utilisation est soumise aux termes de la Licence Cette distribution p...

Page 5: ...rder Numbers 6 2 Dione Card 7 Firmware Requirements 7 Dione Card Components 8 Connecting to the Dione Card 9 KMS Operations 10 Key Lifecycle 10 Media RFID Chips 12 Media Types 12 Removal and Replacement 14 Removal 14 3 Virtual Operator Panel 17 VOP Prerequisites 18 Computer Hardware Requirements 18 Operating System Certification 18 Java Runtime Environment Requirement 18 ...

Page 6: ...iv KMS LTO4 Technical Brief June 2008 Revision A 316196601 Using VOP 19 Start VOP 20 Diagnose Drive Tab 23 Run LED Diagnostic Test 23 Run Loopback Test 24 Get Log 25 Load Firmware 25 ...

Page 7: ...ese publications contain the additional information This guide has the following organization Chapter Use this chapter to Chapter 1 Introduction Chapter 2 Dione Card Chapter 3 Virtual Operator Panel Publication Description Part Number Crypto Key Management System Systems Assurance Guide StorageTek 31619480x Crypto Key Management System Installation and Service Manual StorageTek 31619490x Crypto Ke...

Page 8: ...om download index jsp customers Sun Partner Exchange https spe sun com spx control Login partners Uniform Software Repository http dlrequest sfbay sun com 88 usr login internal If your customer does not already have a Sun Online Account they will need to register For a new account go to https reg sun com register For more information about Sun StorageTek products got to http sunsolve sun com handb...

Page 9: ...ption key is found the Dione card requests the key directly from the KMS Media Native capacity The HP LTO4 drive with LTO4 media can store up to 800 GB of data This drive can also read and write on LTO3 media 400 GB and provides read only capabilities with LTO2 media 200 GB The LTO4 tape drive also supports Write Once Read Many WORM secure media This non erasable non rewritable media meets several...

Page 10: ...eet compliance regulations such as HIPAA Sarbanes Oxley SEC 17A 4 Mid range class Delivers confidence with a wide variety of supported backup applications Drive Tray FIGURE 1 1 shows an example of an LTO4 tape drive mounted in a drive tray FIGURE 1 1 LTO4 Tape Drive in Drive Tray SL8500 1 PWR power indicator green 2 FAULT Fault indicator red 3 MAINT Recessed button that resets the Dione card 4 The...

Page 11: ... 24 sec 19 sec 19 sec Access time average to first file 64 75 sec 72 sec 62 sec Tape speed meters per second 5 50 m s 5 32 m s 7 0 m s Tape read write speed 6 20 m s 5 32 m s 6 20 m s Rewind time maximum average 104 52 sec 98 49 sec 124 sec Unload time 13 19 sec 19 sec 19 sec Cleaning time 58 to 152 sec Interface Support SCSI Fibre Channel Ultra3 SCSI LVD FC1 Ultra 320 LVD FC2 Ultra 320 LVD FC4 MT...

Page 12: ...0 ppm 900 ppm Maximum tape speed 7 29 m s Rewind speed 7 00 m s Durability 1 000 000 passes Cartridge Width 105 4 0 30 mm Depth 102 0 0 30 mm Height 21 5 0 25 mm Weight 0 220 kg Track density TPI 1260 1773 2212 Data tracks 512 704 896 Data channels 8 16 16 Number of wraps 64 44 56 Number of bands 4 4 4 Bit density 7 40 Kb mm 9 64 Kb mm 13 52 Kb mm Cartridge memory capacity 4096 bytes 4096 bytes 81...

Page 13: ...tibility with other manufacturers LTO Ultrium drives and tapes that meet the LTO Ultrium format specification Note Currently only LTO4 media is encryption capable on the LTO4 tape drives While LTO4 can read and write to LTO3 media if an LTO4 drive encrypted data on LTO3 media then LTO3 drives could not read those tapes Therefore when LTO3 media is inserted into an LTO4 drive the encryption capabil...

Page 14: ...rchased TABLE 1 5 Configured End Items Order Numbers Part Numbers Description SL500 LTO4E HP4FC SL500Z LTO4 HP FC 4Gb SL500 Encryp Dr LTO4E HPSC SL500Z LTO4 HP SCSI SL500 Encryp Dr SL8500 LTO4E HP4FC SL85Z LTO4 HP FC 4Gb SL8500 EncrypDr SL3000 LTO4E HP4FC SL30Z LTO4 HP FC 4Gb SL3000 EncrypDr TABLE 1 6 Conversion Bill Numbers Part Numbers Description SL500 XHPLTO4E FCUPL500Z Crypto drive upgrade fo...

Page 15: ... on the tape drive and the secure Ethernet port for use with the KMS The Dione card includes Telnet server for configuration and management FTP server for installing new firmware and retrieving firmware trace logs SOAP client with TLS 1 0 support for communication with the KMS Firmware Requirements The minimum firmware requirements include TABLE 2 1 Firmware Requirements Component Version or above...

Page 16: ... the drive tray FIGURE 2 1 shows an example of a Dione card which consists of Dione card Ethernet connector RJ 45 Power connection inline with the tape drive power Communications connection to the tape drive Reset switch on the drive tray rear panel Green Status LED on the drive tray rear panel FIGURE 2 1 Dione Card Components 1 Dione card 2 Ethernet connection RJ 45 3 Reset switch 4 Green status ...

Page 17: ...l program load IPL If the LED does not come on when power is applied and there is power on the tape drive there is a problem with the Dione card If this LED does not go out after 30 seconds approximately there is a problem with the Dione card After 30 seconds the LED goes out and stays out until the tape drive is in an encryption capable mode tape loaded key available encrypting or decrypting Rese...

Page 18: ...similar set of operations occur The backup application sends a read request The drive recognizes that the data is encrypted and requests a decryption key from the Dione card Note The LTO4 tape format stores the metadata key along with encrypted data This gives the Dione card a method to retrieve the required key for decryption The Dione card verifies the Key Associated Data in the data block to de...

Page 19: ...erations when appending data to a tape The end result is that encryption keys previously used on that tape will continue to be used for write operations even if the state of the key has changed to expired or compromised The encryption period is a user defined policy An encryption period of a year or longer is recommended to mitigate the risk of write operations using an expired key Most applicatio...

Page 20: ...nal metadata for a Data Unit cartridge The External Tag field of the Data Unit contains the physical barcode information when the library firmware update is available Refer to the Crypto KMS Administration Guide for more information about Data Units and the ExternalTag field Note When installing the HP LTO4 tape drive in an SL500 library you must disable the Fast Load option Disabling this option ...

Page 21: ...es an example of a KMS Manager display screen using the elements from and HP LTO4 drive FIGURE 2 4 KMS Manager Data Unit List 1 Data Unit ID data cartridge 2 External Tag volume serial number 3 Description LTO4 or LTO4WORM 4 External Unique ID vendor unique RFID contents 1 2 4 3 ...

Page 22: ... com app docs prod tape storage hic Removal The following procedure basically describes how to remove and replace a Dione card 1 Follow the procedures for taking the drive offline 2 Follow the procedures for removing the drive from the library SL8500 Modular Library System Installation Manual StorageTek 96138 SL3000 Modular Library System Installation Manual StorageTek 316194201 SL500 Modular Libr...

Page 23: ...te and insert the T10 mounting screws 3 Connect P5 and P6 to the card 4 Plug in the following cables in this order Signal connector from the card to the rear of the drive Drive power from rear of the drive Power jumper 5 Insert the card and plate into its position and fasten it with one T10 screw 6 Position the HBD card back into place 7 Re connect the cables to the HBD card 8 Insert the drive and...

Page 24: ...Removal and Replacement 16 KMS LTO4 Technical Brief June 2008 Revision A 316196601 ...

Page 25: ...sion 1 0 12 and higher support for the HP LTO4 tape drive is provided through the Dione Card on page 7 which serves as a serial to Ethernet translation device for the tape drive FIGURE 3 1 shows an example of the VOP Display FIGURE 3 1 Virtual Operator Panel Display 1 Connect Tab 2 Monitor Drive Tab 3 Configure Drive Tab 4 Diagnose Drive Tab 5 Drive status indicators colors Online Offline Loaded S...

Page 26: ... application your computer system must meet certain prerequisites These are the minimum Hardware requirements Operating system certifications Java Runtime Environment JRE minimum release level requirements Computer Hardware Requirements The minimum hardware requirements include 512 MB memory 1 0 GHz processor Ethernet port available for static IP addressing RJ45 RJ45 Ethernet cross over cable dire...

Page 27: ...rives on and configure them one by one To use VOP for LTO4 tape drives you need to launch a special file Windows Launch the batch file ltoVOP bat Solaris Linux Launch the ltoVOP file above the batch file TABLE 3 1 VOP Versions Files Documents and Download Sites Version Document Files Posted File Size Customer 96179 VOP_CUST_REL_1 0 12 zip 05 28 2008 21 30 6055192 General_Instructions_Download 05 2...

Page 28: ...ning tape drive diagnostics Before beginning make sure you have the assigned IP addresses and Agent names for the tape drives available and defined in the KMS manager To start the VOP for the LTO4 1 Configure and connect your laptop to an LTO4 tape drive For example use a cross over cable and connect directly to a tape drive 2 Start the executable file ltoVOP file or bat to start the application 3...

Page 29: ...ormation You will need customer input for the KMA ID IP Address and Passphrase 6 Click Commit and respond Yes to the set drive offline pop up if still online The commit process takes about 30 seconds to complete 7 Click on the Diagnose Drive tab to observe the commit process FIGURE 3 4 Configure Drive FIGURE 3 5 Commit Passed ...

Page 30: ...ou can enroll the drive If you were to Unenroll the Agent for example To turn encryption off then re enroll the agent to turn encryption back on the pass phrase must be re entered or the agent recreated in the KMS before re enrollment 9 Enter the new IP address in the connection window and click Connect 10 0 0 5 for this example 10 Select the Configure Drive tab The new settings are shown in the d...

Page 31: ...lick on Run LED Diag The display changes the button to EXIT LED Diag 2 During this time if you press the Reset switch the green encryption LED will flash 3 Click EXIT LED Diag to end this test The green LED is on when you power on the LTO4 tape drive for 30 seconds as the Dione card performs an initial program load IPL After 30 seconds the LED goes out and stays out until the tape drive is in an e...

Page 32: ...ab 24 KMS LTO4 Technical Brief June 2008 Revision A 316196601 Run Loopback Test To run the Loopback diagnostic test 1 Click on Run Loopback Test 2 Observe the display as the test starts and ends FIGURE 3 8 Run LED Diag ...

Page 33: ...ick Get Log 2 Create and select a location for the file Once the file has transferred the operation is complete Load Firmware To load new Dione card firmware Obtain the firmware and place it in a directory file easy to locate Click on Load Firmware A dialog box opens requesting the location of the firmware Navigate to that location and load the files Note there are two files to download bin and hd...

Page 34: ...Diagnose Drive Tab 26 KMS LTO4 Technical Brief June 2008 Revision A 316196601 ...

Page 35: ...n LED 9 loading firmware 25 reset switch 9 Download Center vi drive tray example 2 E encryption indicator 17 enroll 22 External Tag field 12 F Fast Load option 12 firmware requirements 7 G Get Log 25 guides v H hardware requirements VOP 18 Hewlett Packard 1 HP LTO specifications 2 3 I interchange 5 interfaces types of 1 introduction 1 J Java Runtime Environment 18 K KMA ID 21 KMS operations 10 L L...

Page 36: ...physical barcode information 12 potential issue 11 prerequisites VOP 18 publications v R Radio Frequency Identification 12 read operations 10 related publications documents v reliability 4 removal and replacement procedures 14 requirements firmware 7 resellers vi reset switch 9 RFID chip media 12 S SCSI interfaces 1 SDP 20 Service Delivery Platform 20 specifications 3 StorageTek Partners site vi W...

Page 37: ......

Page 38: ...6188101 HONG KONG 852 2877 7077 HUNGARY 361 202 4415 INDIA 91 80 229 8989 INDONESIA 65 216 8333 IRELAND 353 1 668 4377 ISRAEL 972 9 9710500 ITALY 39 02 9259511 JAPAN 81 3 5779 1820 KOREA 82 2 3453 6602 MALAYSIA 603 2116 1887 MIDDLE EAST 00 9714 3366333 MEXICO 525 261 0344 NETHERLANDS 31 33 4515200 NEW ZEALAND 0800 786 338 NORTH WEST AFRICA 00 9714 3366333 NORWAY FROM NORWAY 47 22023950 TO NORWAY 4...

Reviews: