The IBM EKM is only for use with IBM Libraries. You may consider IBM
TS3310 library instead of SL500
Mit freundlichen Grüßen / Kind regards
Josef Weingand
Consulting IT Specialist
Technical Sales Systems Storage
Mobil +49 171 55 26 783 - Homeoffice Tel. +49 8845 757421
Fax +49 171 13 5526783
email: weingand AT de.ibm DOT com
SMS/eMail: 01715526783 AT t-d1-sms DOT de
Vorsitzender des Aufsichtsrats: Erich Clementi
Geschäftsführung: Martin Jetter (Vorsitzender), Christian Diedrich,
Christoph Grandpierre, Matthias Hartmann, Thomas Fell, Michael Diemer
Sitz der Gesellschaft: Stuttgart
Registergericht: Amtsgericht Stuttgart, HRB 14562 WEEE-Reg.-Nr. DE
99369940
From:
goony <networker-forum AT BACKUPCENTRAL DOT COM>
To:
NETWORKER AT LISTSERV.TEMPLE DOT EDU
Date:
31.07.2008 02:05
Subject:
[Networker] lto4 and encryption
> The package is called EKM, search on IBM's web site for it.
> (Encryption Key Management).
>
> You'll need IBM Java, which is free for Linux, AIX and (I believe)
> Windows, but you have to buy it for Solaris.
>
> Dave
Thanks Dave!
I found the IBM EKM info at http://preview.tinyurl.com/2jprlz and I've
downloaded the EKM Introduction, Planning, and User's Guide.
Questions:
I have a Solaris-based Networker V7.4.2 with a Sun/Storagetek SL500 tape
library, currently running 3 LTO3 drives, with room for 3 more LTO drives.
Sun sells IBM and HP LTO4 drives for the SL500.
Is there any possible configuration of using IBM EKM for key management if
I add IBM LTO4 drives to my current configuration? I.e., can I do
encryption (with a separate key per tape volume) without the explicit
support for the key management within Networker? It sounds like it might
work but I'm unwilling to buy LTO4 drives unless I have a clear path to
success.
If I go the all-Sun path for key management, I'll need to buy 3 key
management appliances (KMS); a primary and a backup for the data center
and one for the remote recovery site. Their KMS appliance works with the
HP LTO4 drives which (I believe) have a separate connection (Ethernet?)
for out-of-band key management. In comparison, the IBM LTO4 drives appear
to do key management only via the data interface.
The Sun appliance-based approached is a helluva lot of overkill for my
configuration, when it appears that with the IBM EKM I can run it on the
Solaris system itself, or on any handy Linux server (read: a laptop in a
pinch). I hate the thought of buying 3 Sun KMS appliances ($28.5K list
each) that will be used to grab keys to write (on average) 3 tapes a day.
I don't need to manage keys for an enterprise, just for a few tape drives
and about 60-80 tape volumes.
In fact, a software-based approach (IBM EKM) is more appealing to me since
as long as I have a save copy of my keys, I have a wider range of platform
choices in which to create a key server in an emergency situation (as I
said before, the Solaris Networker server itself, or a Linux laptop)... if
the "Sun KMS appliance" breaks or goes missing, then it may be a l-o-n-g
time before I can get another one.
Any thoughts or suggestions?
Thanks!
Goony
+----------------------------------------------------------------------
|This was sent by backupcentral AT easy48 DOT com via Backup Central.
|Forward SPAM to abuse AT backupcentral DOT com.
+----------------------------------------------------------------------
To sign off this list, send email to listserv AT listserv.temple DOT edu and
type
"signoff networker" in the body of the email. Please write to
networker-request AT listserv.temple DOT edu if you have any problems with this
list. You can access the archives at
http://listserv.temple.edu/archives/networker.html or
via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER
To sign off this list, send email to listserv AT listserv.temple DOT edu and
type "signoff networker" in the body of the email. Please write to
networker-request AT listserv.temple DOT edu if you have any problems with this
list. You can access the archives at
http://listserv.temple.edu/archives/networker.html or
via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER
|
