When should i use encryption, How do i enable encryption, When will i be asked to enter the key – HP StoreEver Ultrium Tape Drives User Manual
Page 37
LTO-6 and LTO-5 Ultrium tape drives and partitioning
The HP LTO–6 Ultrium 6250 tape drive supports up to four tape partitions, when used with HP
LTO–6 Ultrium 6.25 TB RW cartridges. The HP LTO–5 Ultrium 3000 tape drive supports two tape
partitions, when used with Ultrium 3 TB RW cartridges. Tape partitioning is not supported with
WORM cartridges or with earlier generations of cartridge. It is not supported on earlier-generation
tape drives. If you insert a partitioned tape into a tape drive that does not support partitioning, it
will be ejected.
To check for the latest information about support for partitioning and any required firmware
upgrades, go to
. Refer to your backup application's
documentation for information about creating and using partitions on the tape drive.
LTO-6, LTO-5 and LTO-4 Ultrium tape drives and encryption
The HP LTO-6, LTO-5 and LTO-4 tape drive includes hardware capable of performing data
encryption at full speed while writing data, and decrypting when reading.
Encryption is the process of changing data into a form that cannot be read until it is deciphered,
protecting the data from unauthorized access and use. HP LTO-6, LTO-5 and LTO-4 tape drives
use the strongest version of the industry-standard AES encrypting algorithm to protect your data.
To make use of this feature you need:
•
A backup application that supports hardware encryption
•
HP LTO–6 Ultrium 6.25 TB media (C7976A or C7976W), HP LTO–5 Ultrium 3 TB media
(C7975A or C7975W) or HP LTO–4 Ultrium 1.6 TB media (C7974A or C7974W); no
encryption will be performed when writing earlier generations of tape
When should I use encryption?
Your company policy will determine when you need to use encryption. For example, it may be
mandatory for company confidential and financial data, but not for personal data. Company policy
will also define how encryption keys should be generated and managed. Backup applications that
support encryption will generate a key for you or allow you to enter a key manually.
NOTE:
Encryption with keys that are generated directly from passwords or passphrases may be
less secure than encryption using truly random keys. Your application should explain the options
and methods that are available. Please refer to your application's user documentation for more
information.
How do I enable encryption?
Hardware encryption is turned off by default and is switched on by settings in your backup
application, where you also generate and supply the encryption key. Your backup application
must support hardware encryption for this feature to work. The software supplied with the tape
drive provides this support. See
for an up-to-date list of other
suitable backup software.
When will I be asked to enter the key?
Encryption is primarily designed to protect the media once it is offline and to prevent it being
accessed from another machine. You will be able to read and append the encrypted media without
being prompted for a key as long as it is being accessed by the machine and application that first
encrypted it.
There are two main instances when you will need to know the key:
•
If you try to import the media to another machine or another instance of the backup application
•
If you are recovering your system after a disaster
LTO-6 and LTO-5 Ultrium tape drives and partitioning
37