Skip to main content
commvault.com commvault.com
Answer

Restore and key management for hardware (Tape Drive) based encryption

  • March 18, 2021
  • 3 replies
  • 583 views
K
Byte
Forum|alt.badge.img+8

Hi,

If we encrypt our backup data by using hardware (tape drive) encryption, I wonder 

  1. Is the encryption dependent on the tape drives which perform the hardware encryption ?
  2. If the tape drives fail, will encrypted backup jobs become un-restorable from any replacement tape drives ?
  3. Will there be an encryption key needed for this type of encryption ?
  4. Who will manage the encryption key ? Commvault or tape drives or the tape library ?
  5. Is the key needed for restore each jobs from an encrypted backup job from the tapes ?

Thanks,

Best answer by Mike Struening

@Kelvin , that is correct.  You can utilize CV to do all of the encryption for you.

Losing the hw keys is definitely going to result in a bad day.  Many customers keep the keys on a usb key, though you don’t want to lose that for the same reasons!

Depending on the vendor, things differ though so it’s best to see what your own vendor offers.

    3 replies

    Mike Struening
    Vaulter
    Forum|alt.badge.img+23

    @Keerthana SP 

    Here’s your answers:

    1. Drives do the encryption but the library does the management of encryptions keys
    2. No, as long as its replaced with a drive that supports that encryption, library does key management
    3. If you’re going with the hardware vendor, everything is done through them
    4. Vendor/Tape Library
    5. Yes
    https://www.linkedin.com/in/michael-struening
    K
    Byte
    Forum|alt.badge.img+8
    • Kelvin
    • Author
    • Byte
    • March 18, 2021

    Hi Mike,

     

    What if the whole tape library goes down ? Will that make all encrypted data un-recoverable ?

    I’d feel a bit more comfortable if the key can be managed by Commvault, even if it is a hardware based encryption…

    According to the manual, it seems that key managed by Commvault is an option, provided that we don’t enable hardware vendor license for key management ?

     

     

     

    Mike Struening
    Vaulter
    Forum|alt.badge.img+23

    @Kelvin , that is correct.  You can utilize CV to do all of the encryption for you.

    Losing the hw keys is definitely going to result in a bad day.  Many customers keep the keys on a usb key, though you don’t want to lose that for the same reasons!

    Depending on the vendor, things differ though so it’s best to see what your own vendor offers.

    https://www.linkedin.com/in/michael-struening
    Terms & ConditionsCookie settingsAccessibility statement