Solved

Enabling Native Mode Encryption on HP's LTO-4 drives

Posted on 2008-06-11
12
2,013 Views
Last Modified: 2013-11-14
I've recently installed 2 LTO-4 drives in my MSL6030 tape library. Backup software is Netbackup 6.5.2. Backups are running smoothly and I want to now enable hardware tape encryption. But I just can't seem to find any details bar some vague information from HP on how to make this work. I've looked at their white paper on this (http://h71028.www7.hp.com/ERC/downloads/4AA1-4878ENW.pdf) and it makes reference to using a Web GUI or the Operator Control panel to enable Native Mode Encryption. I've looked for this on my control panel and can't see it. It seems to me that the only option is to spend another $2500 on HP's key management software. Has anyone else had any success getting this to work?
0
Comment
Question by:Mauriceg1969
  • 6
  • 5
12 Comments
 
LVL 22

Expert Comment

by:dovidmichel
ID: 21772710
I'm not familiar with NetBackup but it is a function of the backup software to fully support the hardware encryption with LTO4 drives.
0
 
LVL 1

Expert Comment

by:msjodin
ID: 21797531
NBU has the ability to encrypt data internaly. Here are a couple resources that may be of help:

NBU Help (Open NBU -> Press the F1 key -> Click the search tab -> type in 'encryption')

NBU Security and Encryption Guide:     http://seer.entsupport.symantec.com/docs/290226.htm

0
 
LVL 22

Expert Comment

by:dovidmichel
ID: 21797887
You do not want to use software encryption since it will result in a loss of compression. It is much better to let the encryption be done by the tape drive.
0
 

Author Comment

by:Mauriceg1969
ID: 21801741
Dovidmichel is correct. The idea behind using LTO4 drives is that encryption happens after the compression. If you use Netbackup for this then the compression happens after encryption, and you can't compress encrypted data! Thanks for the ideas though...
0
 
LVL 22

Expert Comment

by:dovidmichel
ID: 21802249
I use ARCserve and so just for example with ARCserve only the latest version 12.0 has full support for LTO4 hardware encryption, so I'm thinking that there is an update to NetBackup that will provide this support. After all it is not enough to just get the drive using encryption the software has to know how to work with an encrypted tape and ideally should keep a record that a particular tape is encrypted or not.
0
 

Author Comment

by:Mauriceg1969
ID: 21804767
Netbackup 6.5.2 has full support for this already. I reckon I'm going to have to shell out for the HP software... :-(
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 
LVL 22

Expert Comment

by:dovidmichel
ID: 21805267
Sorry, I don't understand.

I took a look at the linked document. Here is the part in question:
Native mode encryption (sometimes referred to as set and forget). This method controls the LTO4 encryption from within the tape drive library. There is one key that is set by way of the library management interface (Web GUO or Operator Control Panel). This method encrypts all tapes with the same key, with the downside of negatively impacting the security level.

As I understand this Native Mode Encryption forces all backup to use encryption and all with the same key, and is set by either the GUO or the Operator Panel on the front of the library itself. So first off you don't need to buy anything to use this feature. Second it is not a good idea because all tapes use the same default key. If NetBackup 6.5.2 has full support for LTO4 there then it will let you enable encryption and it will let you enter a key.

So it seems to me the question is why is the program not working the way it is supposed to do.
0
 

Author Comment

by:Mauriceg1969
ID: 21805893
"I took a look at the linked document. Here is the part in question:
Native mode encryption (sometimes referred to as set and forget). This method controls the LTO4 encryption from within the tape drive library. There is one key that is set by way of the library management interface (Web GUO or Operator Control Panel). This method encrypts all tapes with the same key, with the downside of negatively impacting the security level."

Ah yes, the HP red herring ;-) I too looked at this and then searched the web. And then reformated my question. And then searched again. All to no avail. I cannot find any reference on the net that shows how to complete this. I've been around a long time in the industry (i.e. I'm an old fart) and know how to dig out information. But no luck on this. And I hear what you're saying on the single key security aspect, I too agree that there is a potential risk. But if the key is on my network in a secure location, then I'm happy. If they can get the key, then they have full access to my secure data anyway, so encrypting it isn't going to help! Anyway, appreciate your input, and if you can find out how to enable native mode I'll give you the full 500 and my gratitude!

cheers

Maurice
0
 
LVL 22

Expert Comment

by:dovidmichel
ID: 21806329
Sorry but the latest copy of the user guide posted on line is out of date in that it does not contain info on it. Perhaps it is detailed in the User Guide that came with the library.
0
 

Author Comment

by:Mauriceg1969
ID: 21811120
Nope, the library is 4 years old and has been refitted with an approved HP upgrade kit.
0
 
LVL 22

Accepted Solution

by:
dovidmichel earned 500 total points
ID: 21814340
well then I'm out of idea other than following up with NetBackup support on why it is not properly supporting LTO4 encryption and HP support for the operator panel steps to enable Native Mode Encryption.
0
 

Author Comment

by:Mauriceg1969
ID: 21821314
No problem, thanks for getting involved.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

AWS Glacier is Amazons cheapest storage option and is their answer to a ‘Cold’ storage service.  Customers primarily use this service for archival purposes and storage of infrastructure backups.  Its unlimited storage potential and low storage cost …
I previously wrote an article addressing the use of UBCD4WIN and SARDU. All are great, but I have always been an advocate of SARDU. Recently it was suggested that I go back and take a look at Easy2Boot in comparison.
This tutorial will walk an individual through the process of installing of Data Protection Manager on a server running Windows Server 2012 R2, including the prerequisites. Microsoft .Net 3.5 is required. To install this feature, go to Server Manager…
This Micro Tutorial will teach you how to reformat your flash drive. Sometimes your flash drive may have issues carrying files so this will completely restore it to manufacturing settings. Make sure to backup all files before reformatting. This w…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now