Veritas-bu

Re: [Veritas-bu] LTO4 Question

2009-06-19 08:32:19
Subject: Re: [Veritas-bu] LTO4 Question
From: Travis Kelley <rhatguy AT gmail DOT com>
To: Don Peterson <don_peterson AT symantec DOT com>, veritas-bu AT mailman.eng.auburn DOT edu
Date: Fri, 19 Jun 2009 08:29:12 -0400
Don, thanks for the information on the Netbackup KMS.  We have tried
it in testing and as you mentioned, it appears to work perfectly with
IBM LTO4 drives.  We spoke with our symantec rep about this and he
indicated that in NB 7 this feature would be moved to a for pay
feature.  We have long term retentions on many of our tapes and hence,
would pretty much be forced to purchase the KMS license when it came
out if we started using it now.  Do you have any information on the
longer term plans for the KMS and if there would be a way to restore
old data if we decided not to purchase KMS when it became a for-pay
feature?

On 6/18/09, Don Peterson <don_peterson AT symantec DOT com> wrote:
> You said:
>
> I do not know if the Decru LKM can do this.
>
> But we are planning to do LTO4 native encryption with IBM tape drives in
> an IBM 3584 tape library.
> We found that the EMC RSA key manager will handle keys for the LTO-4
> tape drives. But to do so you have to have the IBM EKM (Encryption Key
> Manager) installed.
> And of course the EKM or the TIVOLI key manager can also work.
> I would be interested in learning what others have learned about LTO4
> Native encryption with IBM LTO4 tape drives installed in a IBM tape
> library.
>
>
> The LKM cannot directly manage LTO encryption keys because it can't
> communicate with the tape drive via SCSI.
>
> NBU 6.5.2 added a Key Management Service (KMS), which is included (free)
> with an Enterprise Server or Server license. The NBU KMS generates and
> manages keys for any tape drive compatible with the SCSI T10 encryption
> spec. This includes LTO4, 3592 and T1000B (with very recent firmware)
> tape drives, using those drives in any tape library supported by NBU.
> See a NBU 6.5.2 or later Documentation Update, in which there is a
> chapter titled "Data at rest key management", for all the information
> you need to use this. This is very easy to setup and use.
>
> Once there is an industry standard for key managers exchanging keys, NBU
> will be able to allow the Decru/NetApp LKM to store all the keys, while
> NBU provides the keys to the tape drive. We are already talking with
> NetApp about LKM integration with NBU.
>
> Don Peterson
> Product Manager, NetBackup
> Symantec Corporation
>
>
>
>
>

-- 
Sent from my mobile device
_______________________________________________
Veritas-bu maillist  -  Veritas-bu AT mailman.eng.auburn DOT edu
http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu

<Prev in Thread] Current Thread [Next in Thread>