Oracle/Storagetek Encryption Resources; Data Path Key Management; Interface With The Tape Drive; Virtual Operator Panel - Oracle StorageTek T10000 Operator's Manual

Hide thumbs Also See for StorageTek T10000:

Reference manual (310 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

page of 132

/ 132
Contents
Table of Contents
Bookmarks

Table of Contents

What an Encryption-Enabled T10000 Tape Drive cannot do:

Append non-encrypted data to an encrypted tape cartridge

■

Write a non-encrypted tape cartridge

■

Oracle/StorageTek Encryption Resources

For additional information on the encryption capabilities and features of the T10000

Tape Drive, see:

http://www.oracle.com/technetwork/documentation/tape-storage-curr-187744.h

tml#crypto

For further information on the encryption option, see your sales representative.

Data Path Key Management

The data path key management (DPKM) subsystem is the third installment of

encryption for StorageTek tape drives. DPKM uses the SCSI 4 commands Security

Protocol In and Security Protocol Out to implement host-based key management

on StorageTek encrypting tape drives. Encryption keys are delivered to the tape drive

over the Fibre Channel interface (non-FIPS compliant). DPKM provides the ability to

toggle the encryption state on/off on a per cartridge basis which enables the user to

have a mix of encrypted/non-encrypted files on each tape cartridge. You use the

Virtual Operator Panel to enable or disable the DPKM capability of the tape drive.

Dumps will not be encrypted if the drive setting is either Encryption off or DPKM.

Normal drive firmware updates are not allowed in DPKM mode. When the drive is in

DPKM mode, follow these instructions to update firmware:

The crypto officer (CO) is required to turn off DPKM.

The CO updates the firmware.

The drive may or may not reboot automatically after the firmware is updated.

If the drive does reboot, it IPLs in the Encryption off mode.

The CO can enable DPKM which causes the drive to reboot and IPL into DPKM

mode.

Interface with the Tape Drive

The T10000 tape drive does not have a built-in physical operator panel; therefore, your

communication with library-attached drives is normally through the Virtual Operator

Panel (VOP) application.

Virtual Operator Panel

The VOP application window

the connected drive. The GUI has a menu bar, a section that provides several drive

status indicators and two drive message windows (primary and secondary), and the

bottom portion of the GUI contains the VOP text message pane. Additional

information is available in the Virtual Operator's Panel User's Guide.

Turning off DPKM requires a reboot and the drive IPLs into

Note:

the Encryption off mode.

(Figure

1–5) provides a graphical user interface (GUI) to

Interface with the Tape Drive

Introduction 1-9

Table of Contents

Oracle/Storagetek Encryption Resources; Data Path Key Management; Interface With The Tape Drive; Virtual Operator Panel - Oracle StorageTek T10000 Operator's Manual

Oracle/StorageTek Encryption Resources

Data Path Key Management

Interface with the Tape Drive

Virtual Operator Panel

Related Manuals for Oracle StorageTek T10000

Related Content for Oracle StorageTek T10000

Table of Contents