Re: [Networker] Encryption options other use with Networker
2010-04-03 14:38:53
On Apr 2, 2010, at 19:11, Ryan wrote:
I don't know about any KMS built in utility that networker owns. I
think that KMS is built into the tape drive although i think it all
depends upon the vendor how those keys are managed.
KMS standards for key management system, and it's unlikely that it's
either in the LTO-4 tape drive or the SL500 library.
For LTO-4 encryption, the key is sent from outside the drive from
another source. Now this can be either from the backup software (in
the case of NetBackup, but not NetWorker AFAIK), or an appliance that
sits on your network such as:
http://www.netapp.com/us/products/storage-security-systems/lifetime-key/
http://www.oracle.com/us/products/servers-storage/storage/tape-storage/029154.htm
http://www.quantum.com/Products/TapeLibraries/ScalarKeyManager/Index.aspx
http://www.rsa.com/node.aspx?id=3485
http://www-01.ibm.com/software/tivoli/products/key-lifecycle-mgr/
When an LTO-4 drive wants to encrypt a volume, it needs a key for the
AES algorithm. It needs to get it from somewhere--either software, an
appliance, or the library (e.g., Fujitsu's ETERNUS has this option).
Similarly, if you want to read the tape, the drive has to get the key
from wherever it got it in the first place.
So if you want to use LTO-4's hardware AES encryption, you need a key
source. I believe this is what Stanley was referring to in Option 4.
To sign off this list, send email to listserv AT listserv.temple DOT edu and type
"signoff networker" in the body of the email. Please write to networker-request
AT listserv.temple DOT edu if you have any problems with this list. You can access the
archives at http://listserv.temple.edu/archives/networker.html or
via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER
|
|
|