Release Note для Spectra Logic spectra t120
Configuring Encryption
December 2008
Spectra T950 Library
127
Configuring Encryption
Encryption is handled either through the F-QIPs in the library or through
LTO-4 drives. Configuring encryption and managing encryption keys are
handled through the library’s user interface. Encryption configuration
entails selecting an encryption mode and creating an encryption password.
The encryption password enables you to access the encryption features.
LTO-4 drives. Configuring encryption and managing encryption keys are
handled through the library’s user interface. Encryption configuration
entails selecting an encryption mode and creating an encryption password.
The encryption password enables you to access the encryption features.
Before You Begin
Before you begin, make sure that you have the appropriate library
hardware installed. Each partition that will use encryption requires the
following:
A QIP that supports encryption (such as the G3 or G5 F-QIP). Use this
hardware installed. Each partition that will use encryption requires the
following:
A QIP that supports encryption (such as the G3 or G5 F-QIP). Use this
configuration to encrypt data with non-encryption capable drives. Load
the media type corresponding to the drives assigned to the partition.
the media type corresponding to the drives assigned to the partition.
— or —
Encryption-capable LTO-4 tape drives. Use direct-attach, encryption-
capable Fibre Channel or SCSI LTO-4 drives. LTO-4 media must loaded
in the partition.
in the partition.
Tracking key
monikers and
passwords
monikers and
passwords
On a non-networked computer that supports encryption, create one or more
charts or lists with this data, including key moniker, dates used, encryption and
superuser passwords, and password used to encrypt exported key. (Because
BlueScale prompts for the required encryption key moniker when restoring
encrypted data, this company chose not to track monikers and their
relationship to media.)
charts or lists with this data, including key moniker, dates used, encryption and
superuser passwords, and password used to encrypt exported key. (Because
BlueScale prompts for the required encryption key moniker when restoring
encrypted data, this company chose not to track monikers and their
relationship to media.)
Multiple
encryption teams
(optional)
encryption teams
(optional)
Deemed unnecessary given the users already identified as those responsible for
encryption.
encryption.
Schedule and run
drills
drills
Formalized approach deemed unnecessary. Instead, incorporate review of data
decryption into standard six-month check to make sure that backups and
restores are working properly. This now includes a test involving data
decryption.
decryption into standard six-month check to make sure that backups and
restores are working properly. This now includes a test involving data
decryption.
Passwords
Password to access encryption features: minimum of 12 characters,
including at least one number and one letter.
Password to export and import encryption keys: minimum of 30 characters,
including at least one number and one letter.
Security Considerations