Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Restoring encrypted PowerVault TL4000 backups on other tape drives - any experience

Posted on 2009-05-15
4
925 Views
Last Modified: 2013-12-01
Hi there,

I have a Powervault TL4000 which I'm about to enable the hardware encryption module on. We use BackupExec 12 to perform the backups, and are using the encryption facilities in that to management the process.

My question is this: If the TL4000 was broken, or not available due to a disaster, is it possible to retrieve data from encrypted tapes on another device? Of course I would have the encryption key, but does the TL4000 add something extra to the process that stops this happening?

The manuals and Symantec's support don't seem to help much with this! A lot of information is contradictory, and finding the reality is a bit difficult.

Thanks,
Steve


0
Comment
Question by:dazzab30
  • 2
4 Comments
 
LVL 22

Accepted Solution

by:
dovidmichel earned 125 total points
ID: 24395739
As per the LTO standard any LTO4 with hardware encryption should be able to read the data. But for something like this I would recommend sticking with either a Dell or IBM LTO4.

Dell has someone else (IBM) make their LTO tape drives for them. The only change is in the firmware Inquiry string so it reports itself as a Dell.
0
 

Author Comment

by:dazzab30
ID: 24397074
Thanks for response.

I'm still not clear on whether these encrypted tapes could be restored though. I've got Dell technical support and our off-site tape storage company trying find out.
0
 

Author Comment

by:dazzab30
ID: 24409961
Points increase to encourage some more interest!
0
 
LVL 20

Assisted Solution

by:SelfGovern
SelfGovern earned 125 total points
ID: 24428413
Who manages the keys?   That's the most important question.   *IF* your backup application creates and manages the keys, then you will be able to restore tapes using any encryption-supporting LTO-4 drive attached to that backup application.

The caveats are:
1. The tape drive has to support HW encryption.  I understand that some IBM LTO-4 don't (the SCSI versions?), while all HP LTO-4 (for instance), do.
2. MOST IMPORTANT: You must back up the key database through a process APART FROM your normal backups.  Store those keys in an encrypted file, multiple copies to different media, preferably, that is NOT backed up using the backup software's encryption tools.  If you back up to CD, use ARCHIVAL QUALITY media ONLY.  
3. If you use a key manager other than the backup application, then you will have to restore on a device that your key manager supports... this is the weakness in key management today: interoperability of key managers is... er... "lacking".  But they're working on it.

I know that the above is true, because I have written and delivered a lab on encryption where we used HP Data Protector to generate keys for LTO-4 HW encryption on an HP-manufactured drive, and then took that encrypted tape, put it in to a Quantum library with an IBM-manufactured drive, and successfully decrypted it.

Encryption interoperability is part of the LTO standard... but DO be aware of key management, DO keep sepatate copies of your keys, and DO test your restore procedures.   Perhaps you can find another site that uses LTO-4 software-managed keys and mutually test your restores just to be sure.
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Best Server Board For The Money 19 98
hp laptop model 10 61
Large File Sharing For Business 7 39
can't able to access NAS using my AD credentials 4 43
The article will include the best Data Recovery Tools along with their Features, Capabilities, and their Download Links. Hope you’ll enjoy it and will choose the one as required by you.
This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question