Release Note для Spectra Logic spectra t120
User Guide Updates — Configuring and Using Encryption
122
Release Notes
90940002
C
ONFIGURING
AND
U
SING
E
NCRYPTION
This chapter describes configuring and using BlueScale Encryption Basic
Edition, which is included with the Spectra T950 libraries. For information
about using BlueScale Professional Edition, see the BlueScale Encryption
User Guide. This guide also provides useful information about encryption
best practices.
Edition, which is included with the Spectra T950 libraries. For information
about using BlueScale Professional Edition, see the BlueScale Encryption
User Guide. This guide also provides useful information about encryption
best practices.
BlueScale Encryption Overview
BlueScale Encryption is tightly integrated into your Spectra library.
Encryption can be handled through the library’s encryption-enabled QIPs,
if any are in use, and through LTO-4 drives working with LTO-4 media.
BlueScale encryption key management is provided through the library’s
user interface.
Encryption can be handled through the library’s encryption-enabled QIPs,
if any are in use, and through LTO-4 drives working with LTO-4 media.
BlueScale encryption key management is provided through the library’s
user interface.
Note:
BlueScale encryption is not supported with LTO-3 tape drives
nor is it supported with LTO-3 media used in LTO-4 drives.
nor is it supported with LTO-3 media used in LTO-4 drives.
Note:
The encryption performed by encryption-enabled LTO-4 tape
drives is not compatible with the encryption performed by an
encryption-enabled F-QIP. If an encryption-enabled F-QIP and
an encryption-capable LTO-4 drive are in the same partition, you
must choose one type of encryption or the other. You cannot use
both types in the same partition.
drives is not compatible with the encryption performed by an
encryption-enabled F-QIP. If an encryption-enabled F-QIP and
an encryption-capable LTO-4 drive are in the same partition, you
must choose one type of encryption or the other. You cannot use
both types in the same partition.
The BlueScale Encryption system has two major components:
The encryption chip in the F-QIP or LTO-4 drive. Using hardware
The encryption chip in the F-QIP or LTO-4 drive. Using hardware
encryption makes encryption extremely fast and places no burden on
your network.
your network.
BlueScale Key Management software accessed through the library’s
user interface, either using the touch screen or a remote connection
through a web browser. Optionally, you can secure the web browser
using SSL, which is included with Observatory.
through a web browser. Optionally, you can secure the web browser
using SSL, which is included with Observatory.
Together, these components let you easily implement the strongest
encryption available, as recognized by the federal government: AES
encryption using a 256-bit key. BlueScale Encryption incorporates multiple
layers of security, some of which are discussed in this chapter. Others are
technically implemented and invisible to the user.
encryption available, as recognized by the federal government: AES
encryption using a 256-bit key. BlueScale Encryption incorporates multiple
layers of security, some of which are discussed in this chapter. Others are
technically implemented and invisible to the user.
Site-Specific Decisions
To determine a BlueScale Encryption strategy appropriate for your site and
your data, decide on the security level appropriate for your site, and the
amount and kinds of data to encrypt. Then you can make some choices
about how best to implement BlueScale Encryption. The following sections
describe considerations that affect how you configure encryption.
your data, decide on the security level appropriate for your site, and the
amount and kinds of data to encrypt. Then you can make some choices
about how best to implement BlueScale Encryption. The following sections
describe considerations that affect how you configure encryption.