If the server has a different type of SAS port, either purchase the appropriate cable, or purchase and
install a recommended HBA and associated drivers before installing the tape drive. For current
information about supported cables and HBAs, see the HPE Data Availability, Protection, and Retention
Compatibility Matrix at: http://hpe.com/storage/DAPRcompatibility.
About using hardware encryption
Encryption protects data from unauthorized access and use by changing it into a form that cannot be read
until it is deciphered with the encryption key.
LTO-4 and later generation tape drives include hardware capable of encrypting data while writing, and
decrypting data when reading. Hardware encryption can be used with or without compression while
maintaining the full speed and capacity of the tape drive and media.
LTO tape drives use the 256-bit version of the industry-standard AES encryption algorithm to protect data.
IMPORTANT:
Hardware encryption is a powerful feature and must be used with care. If you need to import media
onto another machine or to recover after disaster, you will be required to enter the encryption key
used to write the tape. A lost encryption key cannot be recovered by you or a service engineer.
Without the key, an encrypted tape is unreadable.
To use hardware encryption, you need:
• A backup application that supports hardware encryption.
• LTO-7 or LTO-8 media.
For additional cartridge compatibility information, see Data and cleaning cartridges on page 18.
When to use encryption
Your company policy determines when you need to use encryption. For example, encryption might be
mandatory for company confidential and financial data, but not for personal files. Company policy will also
define how encryption keys will be generated and managed. Backup applications that support encryption
generate a key for you or allow you to enter a key manually.
NOTE:
Encryption with keys that are generated directly from passwords or passphrases might be less secure
than encryption using truly random keys. The backup application will explain the available options and
methods. For more information, see the application user documentation.
About managing encryption keys
Encryption is primarily designed to protect the media content once the media is offline and to prevent it
from being accessed from another machine. If the encryption keys are managed by an application,
typically the application loads the necessary encryption key automatically when it is needed for reading or
writing, provided that the application is the one that was used to encrypt the data.
There are two main instances when you will need to know the key:
• If you try to import the media to another system, such as another instance of the backup application or
a different backup application
• If you are recovering your system after a disaster
About using hardware encryption 7
To Next Page
Loading...
