Using The Encryption Kit; Using Application-Managed Encryption - HP StorageWorks 1/8 User's And Service Manual

G2 tape autoloader

Hide thumbs Also See for StorageWorks 1/8:

Maintenance & service manual (128 pages)

Manual (6 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

Table of Contents

Using the Encryption Kit

The Encryption Kit includes two USB key server tokens. One key server token is available for use as

a backup for the other. Alternatively, you can save the encryption keys to a file and store that file in

a safe location.

To use the Encryption Kit, a key server token is inserted in the USB port on the back of the Autoloader,

and encryption is enabled and configured from the RMI.

The Encryption Kit supports your manual security policies and procedures by providing secure storage

for encryption keys. Access to the key server tokens and their backup files is protected with

user-specified passwords. You will need to create processes to protect the tokens and secure the

passwords.

IMPORTANT:

When encryption is enabled with the Encryption Kit, the Autoloader will not use encryption keys from

other sources, such as a key management system or application software. Disable encryption in

applications writing to the Autoloader when encryption is enabled with the Encryption Kit. Applications

that attempt to control encryption while encryption is enabled with the Encryption Kit will not be able

to do so, which can cause backups or other write operations to fail.

See the Encryption Kit user guide for additional information on using the Encryption Kit.

Using application-managed encryption

Hardware encryption is turned off by default and is switched on by settings in your backup application,

where you also generate and supply the encryption key. Your backup application must support

hardware encryption for this feature to work. See http://www.hp.com/go/ebs for an up-to-date list

of other suitable backup software.

NOTE:

The Autoloader can only obtain encryption keys from one source. Using the Encryption Kit will prevent

application-managed encryption.

Encryption is primarily designed to protect the media once it is offline and to prevent it being accessed

from another machine. You will be able to read and append the encrypted media without being

prompted for a key as long as it is being accessed by the machine and application that first encrypted

it.

There are two main instances when you will need to know the key:

•

If you try to import the media to another machine or another instance of the backup application

•

If you are recovering your system after a disaster

NOTE:

Encryption with keys that are generated directly from passwords or passphrases may be less secure

than encryption using truly random keys. Your application should explain the options and methods

that are available. Please refer to your application's user documentation for more information.

HP StorageWorks 1/8 G2 Tape Autoloader User and service guide

Table of Contents

This manual is also suitable for:

Hdx 18

Using The Encryption Kit; Using Application-Managed Encryption - HP StorageWorks 1/8 User's And Service Manual

Using the Encryption Kit

Using application-managed encryption

Related Manuals for HP StorageWorks 1/8

Related Products for HP StorageWorks 1/8

This manual is also suitable for:

Table of Contents