Hi everyone,
I asked Arlie about encryption handling when doing auxiliary copy (tape-out) from an encrypted HPE StoreOnce Catalyst Store https://support.hpe.com/hpesc/public/docDisplay?docId=sd00003761en_us&page=GUID-6D031310-DD0A-46AC-96E5-3B3F843EEA63.html.
According to Arlie, if the tape storage policy copy is set to "Preserve encryption mode as in source" (the default), the encrypted backup data from StoreOnce should remain encrypted when written to tape—no decryption/re-encryption needed.
However, I'm opening this thread for real-world confirmation from folks running this in production. Does the encryption truly persist end-to-end from StoreOnce to tape in a real scenario? For the HPE MSL G3 tape library (which supports hardware encryption via encryption stick), is the StoreOnce software encryption sufficient on its own, or are there best practices requiring the hardware encryption stick to be enabled?
Looking for experiences and best practices on whether the StoreOnce encryption carries over cleanly without needed hardware tape encryption.
Appreciate any practical experiences from your setups!
Best regards,
Nikos
