1. Forum Rules (PLEASE CLICK HERE TO READ BEFORE POSTING) Click the link to access ADSM.ORG Acceptable Use Policy and forum rules which should be observed when using this website. Violators may be banned from this website. This message will disappear after you have made at least 12 posts. Thank you for your cooperation.

TKLM encryption questions

Discussion in 'Tape / Media Library' started by rvillano, Oct 30, 2012.

  1. rvillano

    rvillano New Member

    Joined:
    Nov 10, 2004
    Messages:
    129
    Likes Received:
    1
    Location:
    michigan
    Hello to everyone here in the Forum,

    I have a new customer who is currently using server side encryption with a TS3500 single partition library.

    They have purchased TKLM, ALMS, and the transparent LTO encryption feature codes. At this time there are lto2 and lto4 drives in the partition. the majority of the lto2 drives are to be replaced with new lto4 drives but they intend to keep 2 lto2 drives for use to read those tapes and to encrypt them to lto4 in the future.

    This is the 1st customer of mine to choose the TKLM software or any encryption in general and I don't have any experience with it. I have read the TKLM admin and install guides but still not sure about all of this.

    My questions are:

    1. How does the TKLM software know what drives to encrypt, does it need to be installed on a server with SAN mapping to the drives or does it communicate via the node card on the ts3500?

    2. What is transparent encryption? Is it required for TKLM or is it used just to encrypt at the drive level using the meta data being written?

    3. Is ALMS required for TKLM?

    4. Do I need to create a new partition for use by TKLM so that the existing tapes encrypted by the server side encryption can been read and then written by TKLM on the 2nd partition?

    5. What has been your experience with TKLM? is a pain in the you know what to administer?

    I'm sure I will have many more questions to follow regarding this encryption stuff and I would really appreciate any assistance I can get from the forum.

    Thanks in advance
     
  2.  
  3. Trident

    Trident Senior Member

    Joined:
    Apr 2, 2007
    Messages:
    288
    Likes Received:
    27
    Occupation:
    IT operations
    Location:
    Oslo, Norway
    1. How does the TKLM software know what drives to encrypt, does it need to be installed on a server with SAN mapping to the drives or does it communicate via the node card on the ts3500?
    You need to assign the drives (dedicated ones) tol a library. The TKLM will read of the serial numbers from the ts3500 over tcp/ip and issue encryption keys based on a volume label.

    2. What is transparent encryption? Is it required for TKLM or is it used just to encrypt at the drive level using the meta data being written?
    That is when data is encrypted by the LTO drive. This is a feature that needs to be enabled on your TS3500.

    3. Is ALMS required for TKLM?
    Not sure. I have it, and the encryption. Works like a charm

    4. Do I need to create a new partition for use by TKLM so that the existing tapes encrypted by the server side encryption can been read and then written by TKLM on the 2nd partition?
    Start from scratch. Create a new virtual library, and put the dedicated drives there. Then assign new tapes to that library

    5. What has been your experience with TKLM? is a pain in the you know what to administer?
    Pain to configure, works fine.

    I'm sure I will have many more questions to follow regarding this encryption stuff and I would really appreciate any assistance I can get from the forum.

    Thanks in advance
     
    rvillano likes this.

Share This Page