-
Title
NetVault support for hardware-based encryption on LTO-4 drives -
Description
Date: May 08
Product & Version: All
OS Version: All
Module & Version: N/A
Application version: N/A
Description:
An overview of the different encryption methods available on LTO-4 drives. -
Resolution
LTO-4 drives offer new functionality to support hardware encryption. This can enabled in one of two ways:
a) "Library Managed Encyption" (LME) / "Transparent Encryption". A key string is handed to the drive through some external utility or through the library interface, and the drive from then on in uses this string to encrypt all data on tapes.
b) "Application Managed Encryption" (AME). With this, the drive will only accept a key string from a particular application, and this application uses an API to supply the drive with the key phrase.
NetVault does not currently support API calls to supply a key string to a tape drive. If a drive is configured for LME or "transparent" encryption externally, NetVault will be able to read and write from such tapes.
One advantage of LME over AME is that the key string is inherently encrypted when set through the library interface, whereas the key string is transmitted in the clear on the bus when the application sets it. The disadvantage is a lack of granularity - i.e. all data will be encrypted by the drive, with no control through the backup software.
Feature Request NVG-4550 has been opened to consider the inclusion of AME in a future NetVault release. Until then you have the option of enabling LME on a drive-wide basis, or using NetVault software encryption. -
Additional Information
BakBone SFDC Solution Number: 00003642