> The package is called EKM, search on IBM's web site for it.
> (Encryption Key Management).
>
> You'll need IBM Java, which is free for Linux, AIX and (I believe)
> Windows, but you have to buy it for Solaris.
>
> Dave
Thanks Dave!
I found the IBM EKM info at http://preview.tinyurl.com/2jprlz and I've
downloaded the EKM Introduction, Planning, and User's Guide.
Questions:
I have a Solaris-based Networker V7.4.2 with a Sun/Storagetek SL500 tape
library, currently running 3 LTO3 drives, with room for 3 more LTO drives.
Sun sells IBM and HP LTO4 drives for the SL500.
Is there any possible configuration of using IBM EKM for key management if I
add IBM LTO4 drives to my current configuration? I.e., can I do encryption
(with a separate key per tape volume) without the explicit support for the key
management within Networker? It sounds like it might work but I'm unwilling to
buy LTO4 drives unless I have a clear path to success.
If I go the all-Sun path for key management, I'll need to buy 3 key management
appliances (KMS); a primary and a backup for the data center and one for the
remote recovery site. Their KMS appliance works with the HP LTO4 drives which
(I believe) have a separate connection (Ethernet?) for out-of-band key
management. In comparison, the IBM LTO4 drives appear to do key management only
via the data interface.
The Sun appliance-based approached is a helluva lot of overkill for my
configuration, when it appears that with the IBM EKM I can run it on the
Solaris system itself, or on any handy Linux server (read: a laptop in a
pinch). I hate the thought of buying 3 Sun KMS appliances ($28.5K list each)
that will be used to grab keys to write (on average) 3 tapes a day. I don't
need to manage keys for an enterprise, just for a few tape drives and about
60-80 tape volumes.
In fact, a software-based approach (IBM EKM) is more appealing to me since as
long as I have a save copy of my keys, I have a wider range of platform choices
in which to create a key server in an emergency situation (as I said before,
the Solaris Networker server itself, or a Linux laptop)... if the "Sun KMS
appliance" breaks or goes missing, then it may be a l-o-n-g time before I can
get another one.
Any thoughts or suggestions?
Thanks!
Goony
+----------------------------------------------------------------------
|This was sent by backupcentral AT easy48 DOT com via Backup Central.
|Forward SPAM to abuse AT backupcentral DOT com.
+----------------------------------------------------------------------
To sign off this list, send email to listserv AT listserv.temple DOT edu and
type "signoff networker" in the body of the email. Please write to
networker-request AT listserv.temple DOT edu if you have any problems with this
list. You can access the archives at
http://listserv.temple.edu/archives/networker.html or
via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER
|
