Re: [Networker] Encryption options other use with Networker

On Apr 2, 2010, at 19:11, Ryan wrote:

I don't know about any KMS built in utility that networker owns. Ithink that KMS is built into the tape drive although i think it alldepends upon the vendor how those keys are managed.

KMS standards for key management system, and it's unlikely that it'seither in the LTO-4 tape drive or the SL500 library.

For LTO-4 encryption, the key is sent from outside the drive fromanother source. Now this can be either from the backup software (inthe case of NetBackup, but not NetWorker AFAIK), or an appliance thatsits on your network such as:


http://www.netapp.com/us/products/storage-security-systems/lifetime-key/
http://www.oracle.com/us/products/servers-storage/storage/tape-storage/029154.htm
http://www.quantum.com/Products/TapeLibraries/ScalarKeyManager/Index.aspx
http://www.rsa.com/node.aspx?id=3485
http://www-01.ibm.com/software/tivoli/products/key-lifecycle-mgr/

When an LTO-4 drive wants to encrypt a volume, it needs a key for theAES algorithm. It needs to get it from somewhere--either software, anappliance, or the library (e.g., Fujitsu's ETERNUS has this option).Similarly, if you want to read the tape, the drive has to get the keyfrom wherever it got it in the first place.

So if you want to use LTO-4's hardware AES encryption, you need a keysource. I believe this is what Stanley was referring to in Option 4.


To sign off this list, send email to listserv AT listserv.temple DOT edu and type 
"signoff networker" in the body of the email. Please write to networker-request 
AT listserv.temple DOT edu if you have any problems with this list. You can access the 
archives at http://listserv.temple.edu/archives/networker.html or
via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER