Solved

Restore and key management for hardware (Tape Drive) based encryption

  • 18 March 2021
  • 3 replies
  • 512 views

Userlevel 2
Badge +8

Hi,

If we encrypt our backup data by using hardware (tape drive) encryption, I wonder 

  1. Is the encryption dependent on the tape drives which perform the hardware encryption ?
  2. If the tape drives fail, will encrypted backup jobs become un-restorable from any replacement tape drives ?
  3. Will there be an encryption key needed for this type of encryption ?
  4. Who will manage the encryption key ? Commvault or tape drives or the tape library ?
  5. Is the key needed for restore each jobs from an encrypted backup job from the tapes ?

Thanks,

icon

Best answer by Mike Struening RETIRED 19 March 2021, 15:17

View original

3 replies

Userlevel 7
Badge +23

@Keerthana SP 

Here’s your answers:

  1. Drives do the encryption but the library does the management of encryptions keys
  2. No, as long as its replaced with a drive that supports that encryption, library does key management
  3. If you’re going with the hardware vendor, everything is done through them
  4. Vendor/Tape Library
  5. Yes
Userlevel 2
Badge +8

Hi Mike,

 

What if the whole tape library goes down ? Will that make all encrypted data un-recoverable ?

I’d feel a bit more comfortable if the key can be managed by Commvault, even if it is a hardware based encryption…

According to the manual, it seems that key managed by Commvault is an option, provided that we don’t enable hardware vendor license for key management ?

 

 

 

Userlevel 7
Badge +23

@Kelvin , that is correct.  You can utilize CV to do all of the encryption for you.

Losing the hw keys is definitely going to result in a bad day.  Many customers keep the keys on a usb key, though you don’t want to lose that for the same reasons!

Depending on the vendor, things differ though so it’s best to see what your own vendor offers.

Reply