Restoring encrypted data during disaster recovery – HP StoreEver MSL Tape Libraries User Manual
Page 41
9.
Insert the new token into the USB port of the autoloader or library.
10. Follow the RMI instructions to create a PIN for the new token.
11. Enter the password used to create the token backup file. Click Submit Token Restore File
Password.
12. Browse to the location of the token backup file containing the seed keys. Click Restore. (The
Browse button will be active after the token restore file password is submitted.)
13. If you paused write operations at the beginning of the procedure, you can resume them.
Restoring encrypted data during disaster recovery
When restoring encrypted data after a disaster, you will need:
•
The tape cartridges containing the encrypted data.
•
Depending on your token data backup process, you will need one of the following:
A token data backup file, with the password for the file, and a token with room for the
keys on the data backup file. If the token has been initialized, you will need its PIN.
◦
◦
A token containing the encryption keys used to write the tapes and the PIN for the token.
If new keys were restored to the second token as the keys were made, the second token
will contain all of the keys and can be used to restore the data.
•
An HP StoreEver 1/8 G2 Tape Autoloader or MSL2024, MSL4048, MSL6480, MSL8048,
or MSL8096 Tape Library supported by your backup application with at least one LTO-4 or
later generation tape drive.
•
The security password for the MSL6480 library or the administrator password for the autoloader
or other library.
The key server tokens work with any HP StoreEver 1/8 G2 Tape Autoloader or MSL2024,
MSL4048,MSL6480, MSL8048, or MSL8096 Tape Library with at least one LTO-4 or later
generation tape drive. If you have an autoloader or a library with an older generation tape drive,
you can upgrade to an LTO-4 or later generation tape drive for the recovery operation. You may
need to update the firmware in the autoloader or library and tape drive to support the encryption
kit. You will need the security password for the MSL6480 library or the administrator password
for the autoloader or other library.
For examples of token data backup and restore processes, see
“Backing up the key server token
Using the encryption kit with partitions or logical libraries
When a library with multiple LTO-4 or later generation tape drives is partitioned into multiple
logical libraries, encryption can be enabled or disabled for each partition or logical library
containing an LTO-4 or later generation tape drive, but all other encryption settings apply to the
entire library.
Only one write key is used for all new or formatted tapes in all of the LTO-4 or later generation
tape drives in the tape library.
Restoring the encryption configuration after a chassis or library controller
replacement
The encryption configuration is saved when you save the autoloader or library configuration
database to a file or USB flash drive. The saved configuration database will make it easier to
recover the autoloader or library configuration, including the encryption configuration, if you need
to replace the chassis or library controller.
Restoring encrypted data during disaster recovery
41