Encryption - Decru - Neoscale - TS1120 - T10000

[nbs03]

Does anyone have experience to share using Decru or Neoscale or any other hardware/appliance based encryption method? I am evaluating the merits of these products along with encryption on the drive offering from IBM TS1120 and STK T10000.

Comments on the drive based encryption are also very much welcome.

Thank you,

Neil

 

[nbs03]

Is no one using hardware encryption?

 

[BC@SHS]

i too am interested in hardware encryption between server and tape drive... anybody?

BC

 

[nbs03]

BC,

We will be getting either a few Decru DataFort FC1020 appliances to attach to LTO3 drives or a bunch of TS1120s in a couple of 3584 libraries. I am pushing for the TS1120s with the encryption keys managed within TSM V5.3.4.

I will keep you / this forum advised of my experiences - should be Dec/Jan timeframe for implementation.



Cheers,

Neil

 

[nitnag]

Decru is much cheaper and better solution for encryption as in my TSM environment

a single Decru unit can encrypt 16 drives at wire speed at the same time using 4 boards

in Decru's DF . It is also very easy to manage the unit and does not need any major change in the environment.



The big issue with TS1120, it appears, is the security level of keys generated and stored in the software. The other issue is that the TS1120 is a proprietary format (specific to IBM drives especially 3592 series). Decru works in front of legacy drives and doesn?t require commitment to a specific tape format. This is important because environments where multiple kinds of tape drives are used to recover legacy tapes might then have to maintain new TS1120s for new tapes along side with their older tape drives in the case that they needed to restore old data.

 

[nbs03]

Nit,

I agree that if you have to keep old drives, the in-line solution is best. I am fortunate enought to be completely replacing my StorageTek L700 with a couple of 3584 libraries. My previous experience with 3592 drives (prior to the encryption capability) has sold me on their capability. The proprietary arguement is largely academic since part of my offsite recovery planning is to ensure that the site has the correct drives. Also I don't worry that IBM will be going out of business and dropping support which is probably the only compelling arguement for LTO. Cost per GB between LTO and 3592 is within a few cents and if you factor in the incredible reliability of 3592 - this cost factor is insignificant - I know my data is recoverable and sleep well knowing that the drives will not fail.

Anyone out there have any experience on the different methods of key management with the 3592 drives?

cheers,

Neil

 

[Kens]

We are also looking at options for encryption of tape files being sent off site. The built-in compression, encryption, and capacity of TS1120's is very compelling but there are some (minor?) reservations over a consolidated Key Store. If we don't go the appliance route we would probably use TS1120's. We have a 3494 ATL with frames that could handle dedicated TS1120's for our local Open systems and may buy TS3400's for our Open/Distributed folks).
DECRU DataFort's came up as an Open/Distribute systems option but they backed off of doing our mainframe stuff and directed us to other vendors...not very promising.
We've got two sites with Distributed backups (~30/day LT02's) that aren't backing up everything they should yet, as well as a mainframe 3494 ATL with 6xTS1120 E-05's (dumbed down to J1A's waiting on our Canadian cold DR site to get E05's), 10x3590's, and a few old standalone c/u's with 34xx tapes (waiting on conversion to Secure/FTP before the unsupported drives die a horrible death) used to send files to other clients (lots of FICHE).
We would like to know if someone else has started using encryption with a similar equipment mix and what problems to avoid.

Is no one using hardware encryption?

 

[jbpostal]

Thanks for this nice post.