Restoring encrypted data – HP StoreEver MSL Tape Libraries User Manual
Page 38
1.
If you are restoring the token backup file to a different token than the one installed in the
autoloader or library, pause all write operations to LTO-4 or later generation tape drives with
encryption enabled.
2.
Log into the RMI.
•
MSL6480 — Log into the RMI as the security user. You will need the security user
password.
•
Autoloader and other libraries — Log into the RMI as the administrator user. You will
need the administrator user password.
3.
Insert the token that will receive the data from the token backup file into the USB port of the
autoloader or library if necessary.
4.
Access the RMI encryption kit configuration screen for your device. Enter the PIN if requested.
If this is a new token, follow the instructions on the RMI to create a PIN.
5.
If this is a new token, enter the name in the Token Name field and click Submit in that pane.
6.
Enter the password used to create the token backup file. Click Submit Token Restore File
Password.
Figure 33 Restore Token from File pane of the RMI Configuration > Security screen
7.
Browse to the location of the token backup file. Click Restore. (The Browse button will be active
after the token restore file password is submitted.)
NOTE:
The key server token holds up to 100 keys. If more than 100 unique keys are found
on the receiving token and in the backup file, the restore process will not be initiated. You
will receive warnings when a key server token is over 90% full. You should purchase new
tokens and transition to using a new token when these warnings appear. Keys can never be
deleted from a key server token.
8.
Return the original token to the USB port of the autoloader or library if necessary.
9.
If you paused write operations at the beginning of the procedure, you can resume them.
Restoring encrypted data
When you restore encrypted data from a tape cartridge, the autoloader or library will verify that
the encryption key for the tape exists on the key server token installed in the USB port of the
autoloader or library. If the token is not installed in the USB port of the autoloader or library, or
the key is not found on the token, the OCP and RMI will display an error message.
The key server token containing the key for the tape to be restored must be installed in the autoloader
or library USB port before the tape is read. You will need to enter the PIN for the token when the
token is inserted into the autoloader or library.
A library with multiple LTO-4 or later generation tape drives will continue writing other tapes with
the newest encryption key on the token installed in the library while restoring the encrypted data.
IMPORTANT:
Pause all write operations when restoring data using a different token than the one
used for writing new or formatted tapes. Not doing so can result in data written with an encryption
key different than the one on the original token.
NOTE:
If the token is removed while a tape drive is reading or writing a tape, the tape drive will
continue reading or writing encrypted data until the tape is removed or the tape drive is reset.
38
Using the encryption kit