How does Backup Exec 2012 and MSL4048 LTO-4 work together as far as encryption
Hello,
I'm trying to figure out how does Backup Exec 2012 and a HP MSL4048 with LTO-4 backup tapes work together (if they are supposed to) as far as encryption.
1. I have a HP MSL4048 Tape Library that uses LTO-4 backup tapes.
2. I have implemented the MSL LTO-4 Encryption Kit on the Tape Library with a primary key server token and a backup key server token.
3. I did some test backups and restore backups in Backup Exec 2012 to see if encryption from the Tape Library mentioned above would prompt me for a password. The job was successful in each case but I was not prompted for any encryption password.
4. Does Backup Exec 2012 and HP MSL4048 Tape Library supposed to work together as far as encryption?
5. I do not have encryption setup in Backup Exec 2012. Do I need to setup encryption on Backup Exec as well?
6. In this scenario is it just that encryption is supposed to be setup on both ends (Backup Exec and the MSL4048 Tape Library to protect both ends?
Just trying to piece this all together. Thanks in advance.
I'm trying to figure out how does Backup Exec 2012 and a HP MSL4048 with LTO-4 backup tapes work together (if they are supposed to) as far as encryption.
1. I have a HP MSL4048 Tape Library that uses LTO-4 backup tapes.
2. I have implemented the MSL LTO-4 Encryption Kit on the Tape Library with a primary key server token and a backup key server token.
3. I did some test backups and restore backups in Backup Exec 2012 to see if encryption from the Tape Library mentioned above would prompt me for a password. The job was successful in each case but I was not prompted for any encryption password.
4. Does Backup Exec 2012 and HP MSL4048 Tape Library supposed to work together as far as encryption?
5. I do not have encryption setup in Backup Exec 2012. Do I need to setup encryption on Backup Exec as well?
6. In this scenario is it just that encryption is supposed to be setup on both ends (Backup Exec and the MSL4048 Tape Library to protect both ends?
Just trying to piece this all together. Thanks in advance.
ArneLovius
I would suggest starting here http://www.symantec.com/business/support/index?page=content&id=HOWTO11725
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
@SelfGovern thanks for such a well written post
ASKER
Yes very good feedback from selfGovern thank you. I was able to do #3 successfully above from your reply post (turn encryption off, remove the key server token, then try to read an encrypted tape with BE).
I also tested trying to do a restore (have BE read an encrypted tape) (1) when the tape library encryption is turned off but the key server token is still plugged in . I was not able to do a successful restore which is what we want in this case. Another test I tried was doing a restore (have BE read an encrypted tape) (2) when the tape library encryption is turned on but the token is removed. This too did not allow me to do a restore within BE which is also what we want in this case.
When doing the tests mentioned above, I also noticed that when the restore job would fail, BE would automatically retire the tape. When the job failed, BE produced the following alert message (Library Insert - Please insert media into the robotic library by creating an Import media job) . The message was due to BE not being able to read the encrypted tape when encryption was turned off or not fully enabled. A cancel of this job is required as well.
I'm not sure why BE retires the tape but I was able to figure out that in order to see the data again from a retired state, all I had to do was move the tape back into it's original media set and then re-inventory the tape. Then it became available to be used within BE and perform restore jobs if need be.
So ... selfGovern's written post was onpoint and helped me verify encryption within the tape library and BE and explore some scenarios on my own. Much appreciated ... much appreciated!
I also tested trying to do a restore (have BE read an encrypted tape) (1) when the tape library encryption is turned off but the key server token is still plugged in . I was not able to do a successful restore which is what we want in this case. Another test I tried was doing a restore (have BE read an encrypted tape) (2) when the tape library encryption is turned on but the token is removed. This too did not allow me to do a restore within BE which is also what we want in this case.
When doing the tests mentioned above, I also noticed that when the restore job would fail, BE would automatically retire the tape. When the job failed, BE produced the following alert message (Library Insert - Please insert media into the robotic library by creating an Import media job) . The message was due to BE not being able to read the encrypted tape when encryption was turned off or not fully enabled. A cancel of this job is required as well.
I'm not sure why BE retires the tape but I was able to figure out that in order to see the data again from a retired state, all I had to do was move the tape back into it's original media set and then re-inventory the tape. Then it became available to be used within BE and perform restore jobs if need be.
So ... selfGovern's written post was onpoint and helped me verify encryption within the tape library and BE and explore some scenarios on my own. Much appreciated ... much appreciated!
ASKER
Excellent knowledge from the experts!