Using the Encryption Kit
The Encryption Kit includes two USB key server tokens. One key server token is available for use as
a backup for the other. Alternatively, you can save the encryption keys to a file and store that file in
a safe location.
To use the Encryption Kit, a key server token is inserted in the USB port on the back of the Autoloader,
and encryption is enabled and configured from the RMI.
The Encryption Kit supports your manual security policies and procedures by providing secure storage
for encryption keys. Access to the key server tokens and their backup files is protected with
user-specified passwords. You will need to create processes to protect the tokens and secure the
passwords.
IMPORTANT:
When encryption is enabled with the Encryption Kit, the Autoloader will not use encryption keys from
other sources, such as a key management system or application software. Disable encryption in
applications writing to the Autoloader when encryption is enabled with the Encryption Kit. Applications
that attempt to control encryption while encryption is enabled with the Encryption Kit will not be able
to do so, which can cause backups or other write operations to fail.
See the Encryption Kit user guide for additional information on using the Encryption Kit.
Using application-managed encryption
Hardware encryption is turned off by default and is switched on by settings in your backup application,
where you also generate and supply the encryption key. Your backup application must support
hardware encryption for this feature to work. See http://www.hp.com/go/ebs for an up-to-date list
of other suitable backup software.
NOTE:
The Autoloader can only obtain encryption keys from one source. Using the Encryption Kit will prevent
application-managed encryption.
Encryption is primarily designed to protect the media once it is offline and to prevent it being accessed
from another machine. You will be able to read and append the encrypted media without being
prompted for a key as long as it is being accessed by the machine and application that first encrypted
it.
There are two main instances when you will need to know the key:
• If you try to import the media to another machine or another instance of the backup application
• If you are recovering your system after a disaster
NOTE:
Encryption with keys that are generated directly from passwords or passphrases may be less secure
than encryption using truly random keys. Your application should explain the options and methods
that are available. Please refer to your application's user documentation for more information.
HP StorageWorks 1/8 G2 Tape Autoloader User and service guide 21
To Next Page
Loading...
Need help?
General
