You said:
I do not know if the Decru LKM can do this.
But we are planning to do LTO4 native encryption with IBM tape drives in an IBM 3584 tape library.
We found that the EMC RSA key manager will handle keys for the LTO-4 tape drives. But to do so you have to have the IBM EKM (Encryption Key Manager) installed.
And of course the EKM or the TIVOLI key manager can also work.
I would be interested in learning what others have learned about LTO4 Native encryption with IBM LTO4 tape drives installed in a IBM tape library.
The LKM cannot directly manage LTO encryption keys because it can’t communicate with the tape drive via SCSI.
NBU 6.5.2 added a Key Management Service (KMS), which is included (free) with an Enterprise Server or Server license. The NBU KMS generates and manages keys for any tape drive compatible with the SCSI T10 encryption spec. This includes LTO4, 3592 and T1000B (with very recent firmware) tape drives, using those drives in any tape library supported by NBU. See a NBU 6.5.2 or later Documentation Update, in which there is a chapter titled “Data at rest key management”, for all the information you need to use this. This is very easy to setup and use.
Once there is an industry standard for key managers exchanging keys, NBU will be able to allow the Decru/NetApp LKM to store all the keys, while NBU provides the keys to the tape drive. We are already talking with NetApp about LKM integration with NBU.
Don Peterson
Product Manager, NetBackup
Symantec Corporation
_______________________________________________
Veritas-bu maillist - Veritas-bu AT mailman.eng.auburn DOT edu
http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu
|