TS1120 encryption

[nbs03]

Does anyone have experience implementing encryption using the TS1120 drive? We are looking at this feature and comparing it against a Decru solution. The announcement indicates that TSM is being enhanced to support this feature.

For those interested see: IBM Hardware Announcement 106-655



http://www-03.ibm.com/servers/storage/enewscast/data_encryption/



Thank you in advance

NEil

 

[nbs03]

Does anyone have experience encrypting data with a Decru unit?

Thank you in advance

Neil

 

[nitnag]

Decru is much cheaper and better solution for encryption as in my TSM environment

a single Decru unit can encrypt 16 drives at wire speed at the same time using 4 boards

in Decru's DF . It is also very easy to manage the unit and does not need any major change in the environment.



The big issue with TS1120, it appears, is the security level of keys generated and stored in the software. The other issue is that the TS1120 is a proprietary format (specific to IBM drives especially 3592 series). Decru works in front of legacy drives and doesn?t require commitment to a specific tape format. This is important because environments where multiple kinds of tape drives are used to recover legacy tapes might then have to maintain new TS1120s for new tapes along side with their older tape drives in the case that they needed to restore old data.

 

[bigmonkey30]

What happens if you have to restore your server offsite (using Decru)? Have you had any experience there?

 

[medkev]

Decru units and using fiber switches.

We were in the market for decru units(6 months ago) unfortunately their prices were fairly expensive at that time with their theoretical throughput.

The cost is not just for the decru units themselves but also the fiber switches we would need in order to drive them properly.

We ended up going with LTO 3, Spectra Logic T950 Hardware encryption instead.

Although i am siked about the announcement of LTO4's touting hardware drive encryption.

http://www.techworld.com/storage/news/index.cfm?NewsID=5819

 

[bigmonkey30]

link not working

Your link of http://www.techworld.com/storage/new...fm?NewsID=5819 is not working.

 

[ctaman]

If your going to mix the TS1120's with 3592's, make sure your at the proper level of TSM. We're just now getting past some awful anr8944 messages.
Looks like they were from writing tape labels with the TS1120 and trying to read them with the 3592's. TSM has to be at 5.2.6.3 or higher for 5.2 and 5.3.2.1 or higher for 5.3 in order to mix the drives. Of course there's formatting issues also, but, that's well documented.
We were at level 5.3.2.0 and wrote a bunch of tapes with the TS1120 and after about 2 weeks, we started to get a bunch of tapes that the labels couldn't be read on. After a long cleanup we upgraded to TSM 5.4 and now things look okay. (I got my fingers crossed)

 

[medkev]

Link

The link is working perfectly fine for me. Maybe a firewall.

I think the more recent Atape drivers can also help with the issues that were seeing ctaman.

 

[Fontesg]

LTO4s

We are just wrapping up an implementation of the new LTO4 drives and while they are pretty slick we spent around 3 weeks at DEFCON1 with IBM and even had a couple of engineers flown out. We had drives replaced (5 out of 12) and a few firmware updated on the Drives as well as ATAPE driver and TSM updates (Which just recently became version 5.3.3).
I would advise anyone to wait a couple of months before taking the plunge!!

 

[nbs03]

Update:
We installed a new TS3500 with 10 TS1120 drives. I chose to use system managed encryption (as opposed to TMS application managed or library managed) because it offers the greatest level of flexibility.

Rather than deal with legacy tapes where I had a hodgepodge of SDLT and LTO media, I migrated everything to the 3592 media. The 3592JB tapes hold 700GB native. With compression and encryption enabled, I have some tapes holding over 3TB of highly compressible database data.

Moving from the LTO/SDLT environment that was best described as "Usually works" to the new environment has restored a lot of faith in the backup environment.

The TS1120/TS3500 is a cost effective, robust, secure and scalable environment that should be on your short list of considerations.

Cheers,
Neil