LTO-4 and later generation tape drives and encryption
The LTO-4 and later generation tape drives include hardware capable of encrypting data while
writing data, and decrypting data when reading. Hardware encryption can be used with or without
compression while maintaining the full speed and capacity of the tape drive and media.
Encryption is the process of changing data into a form that cannot be read until it is deciphered
with the key used to encrypt the data, protecting the data from unauthorized access and use. LTO
tape drives use the 256-bit version of the industry-standard AES encrypting algorithm to protect
your data.
To make use of this feature you need:
•
The HP StorageWorks 1/8 G2 & MSL Encryption Kit or a backup application that supports
hardware encryption.
•
LTO-4 or LTO-5 media; no encryption will be performed when writing LTO-3 and earlier
generations of tape.
Table 9 Backward read compatibility
LTO-5 drive
LTO-4 drive
Incompatible
Incompatible
LTO-1 media
Incompatible
Read only
LTO-2 media
Read only
Read/Write (no encryption)
LTO-3 media
Read/Write
Read/Write
LTO-4 media — unencrypted
Read/Write with encryption key
Read/Write with encryption key
LTO-4 media — encrypted
Read/Write
Incompatible
LTO-5 media — unencrypted
Read/Write with encryption key
Incompatible
LTO-5 media — encrypted
Your company policy will determine when you need to use encryption. For example, it may be
mandatory for company confidential and financial data, but not for personal data. Company policy
will also define how encryption keys should be generated and managed. Backup applications that
support encryption will generate a key for you or allow you to enter a key manually.
Using the Encryption Kit
The Encryption Kit includes two USB key server tokens. One key server token is available for use
as a backup for the other. Alternatively, you can save the encryption keys to a file and store that
file in a safe location.
To use the Encryption Kit, a key server token is inserted in the USB port on the back of the
Autoloader, and encryption is enabled and configured from the RMI.
The Encryption Kit supports your manual security policies and procedures by providing secure
storage for encryption keys. Access to the key server tokens and their backup files is protected with
user-specified passwords. You will need to create processes to protect the tokens and secure the
passwords.
IMPORTANT:
When encryption is enabled with the Encryption Kit, the Autoloader will not use
encryption keys from other sources, such as a key management system or application software.
Disable encryption in applications writing to the Autoloader when encryption is enabled with the
Encryption Kit. Applications that attempt to control encryption while encryption is enabled with the
Encryption Kit will not be able to do so, which can cause backups or other write operations to fail.
See the Encryption Kit user guide for additional information on using the Encryption Kit.
12
Features and overview
Содержание BL536A
Страница 149: ...German laser notice Italian laser notice Japanese laser notice Laser compliance notices 149 ...
Страница 151: ...Danish notice Dutch notice Estonian notice Finnish notice French notice Recycling notices 151 ...
Страница 152: ...German notice Greek notice Hungarian notice Italian notice Latvian notice 152 Regulatory compliance and safety ...
Страница 153: ...Lithuanian notice Polish notice Portuguese notice Romanian notice Slovak notice Recycling notices 153 ...
Страница 155: ...French battery notice German battery notice Battery replacement notices 155 ...
Страница 156: ...Italian battery notice Japanese battery notice 156 Regulatory compliance and safety ...