Release Note для Spectra Logic spectra t120
User Guide Updates
100
Configuring Encryption
Encryption is handled either through the F-QIPs in the library or through LTO-4 drives.
Configuring encryption and managing encryption keys are handled through the
library’s user interface. Encryption configuration entails selecting an encryption mode
and creating an encryption password. The encryption password enables you to access
the encryption features.
Configuring encryption and managing encryption keys are handled through the
library’s user interface. Encryption configuration entails selecting an encryption mode
and creating an encryption password. The encryption password enables you to access
the encryption features.
Before You Begin
Before you begin, make sure that you have the appropriate library hardware installed.
Each partition that will use encryption requires the following:
Each partition that will use encryption requires the following:
A QIP that supports encryption (such as the G3 or G5 F-QIP). Use this
configuration to encrypt data with non-encryption capable drives. Load the media
type corresponding to the drives assigned to the partition.
type corresponding to the drives assigned to the partition.
– or –
Encryption-capable LTO-4 tape drives. Use direct-attach, encryption-capable Fibre
Channel or SCSI LTO-4 drives. LTO-4 media must loaded in the partition.
Tracking key
monikers and
passwords
monikers and
passwords
On a non-networked computer that supports encryption, create one or
more charts or lists with this data, including key moniker, dates used,
encryption and superuser passwords, and password used to encrypt
exported key. (Because BlueScale prompts for the required encryption
key moniker when restoring encrypted data, this company chose not to
track monikers and their relationship to media.)
more charts or lists with this data, including key moniker, dates used,
encryption and superuser passwords, and password used to encrypt
exported key. (Because BlueScale prompts for the required encryption
key moniker when restoring encrypted data, this company chose not to
track monikers and their relationship to media.)
Multiple
encryption teams
(optional)
encryption teams
(optional)
Deemed unnecessary given the users already identified as those
responsible for encryption.
responsible for encryption.
Schedule and run
drills
drills
Formalized approach deemed unnecessary. Instead, incorporate review
of data decryption into standard six-month check to make sure that
backups and restores are working properly. This now includes a test
involving data decryption.
of data decryption into standard six-month check to make sure that
backups and restores are working properly. This now includes a test
involving data decryption.
Passwords
Password to access encryption features: minimum of 12 characters,
including at least one number and one letter.
Password to export and import encryption keys: minimum of 30
characters, including at least one number and one letter.
Security Considerations