Release Note для Spectra Logic spectra t120
User Guide Updates
98
Encryption Methods
Choose how to encrypt data. You can use encryption-enabled QIPs or encryption-
capable LTO-4 drives to encrypt data in a partition. With encryption-enabled QIPs, data
can be encrypted and written to tape using drives that do not directly support
encryption (for example, LTO-2 and SAIT). With encryption-capable LTO-4 drives, the
drive performs the encryption as it writes the data to LTO-4 tapes.
capable LTO-4 drives to encrypt data in a partition. With encryption-enabled QIPs, data
can be encrypted and written to tape using drives that do not directly support
encryption (for example, LTO-2 and SAIT). With encryption-capable LTO-4 drives, the
drive performs the encryption as it writes the data to LTO-4 tapes.
Note:
If a partition uses LTO-4 drive-based encryption, the library can load
LTO-3 media into that partition. However, attempts to write encrypted
data to LTO-3 media fail. Note that LTO-4 drives can successfully read
data from LTO-3 tapes.
LTO-3 media into that partition. However, attempts to write encrypted
data to LTO-3 media fail. Note that LTO-4 drives can successfully read
data from LTO-3 tapes.
The encryption performed by encryption-capable LTO-4 tape drives is not compatible
with the encryption performed by an encryption-enabled F-QIP. You cannot use both
types of encryption in the same partition. If an encryption-enabled F-QIP and an
encryption-capable LTO-4 drive share a partition, you must choose one type of
encryption or the other. You cannot use both.
with the encryption performed by an encryption-enabled F-QIP. You cannot use both
types of encryption in the same partition. If an encryption-enabled F-QIP and an
encryption-capable LTO-4 drive share a partition, you must choose one type of
encryption or the other. You cannot use both.
To decrypt data encrypted using a QIP, use a partition configured with QIP-based
encryption. To decrypt data encrypted using an LTO-4 drive, use a partition configured
with drive-based encryption.
encryption. To decrypt data encrypted using an LTO-4 drive, use a partition configured
with drive-based encryption.
Only one encryption key is allowed per LTO-4 tape. If you lose the encryption key for
the tape or if you want to use a different key, you must recycle the tape before you can
re-use it in an encryption-enabled LTO-4 drive. Similarly, if the data on a tape was
encrypted using a QIP, you must recycle the tape before you can re-use it with an
encryption-capable LTO-4 drive. Recycling media is easily managed through BlueScale
Encryption Key Management (see Recycling Media on page 116).
the tape or if you want to use a different key, you must recycle the tape before you can
re-use it in an encryption-enabled LTO-4 drive. Similarly, if the data on a tape was
encrypted using a QIP, you must recycle the tape before you can re-use it with an
encryption-capable LTO-4 drive. Recycling media is easily managed through BlueScale
Encryption Key Management (see Recycling Media on page 116).
Passwords and Other Identifiers
BlueScale Encryption requires that you supply passwords and monikers (key names).
Your site may want to consider whether specific rules govern these.
Your site may want to consider whether specific rules govern these.
Superuser Login/Encryption Passwords Passwords are the standard method of user
security that restricts access. To use Spectra Logic BlueScale Encryption, you must first
log into the library with superuser privileges, then enter an encryption password. The
encryption password lets you access the library’s encryption features. This password
must be entered after the superuser login. Select Security > Encryption to display the
encryption password screen.
security that restricts access. To use Spectra Logic BlueScale Encryption, you must first
log into the library with superuser privileges, then enter an encryption password. The
encryption password lets you access the library’s encryption features. This password
must be entered after the superuser login. Select Security > Encryption to display the
encryption password screen.
Password(s) for Key Import and Export Passwords are also used to encrypt keys for
export and when importing previously exported keys. This feature is only available
after you log into the library as a superuser and enter the encryption password. Your
site may want to consider whether to create different rules for these passwords, such as
requiring that these passwords are longer than the encryption access password(s), and
therefore more secure.
export and when importing previously exported keys. This feature is only available
after you log into the library as a superuser and enter the encryption password. Your
site may want to consider whether to create different rules for these passwords, such as
requiring that these passwords are longer than the encryption access password(s), and
therefore more secure.