New role for tape libraries


This article can also be found in the Premium Editorial Download "Storage magazine: New rules change data retention game."

Download it now to read this article plus other related content.

Where should encryption reside?
With stories of lost tape media regularly making headlines, "encryption is the killer app for tape," says Dave Kenyon, Sun's director of enterprise tape automation. But questions remain about the role tape libraries should play in the management of encrypted data, or if they should play any role at all.

The need to encrypt data stored on tape is becoming a given, more for political rather than technical reasons. "There is no knowledge of where anyone has read data from a lost tape," says Molly Rector, Spectra Logic's director of technical marketing. "Yet publicly traded companies must make public announcements when a tape is lost. Encrypting data on the tape would prevent companies from having to make this announcement, thereby saving them face."

The two main questions in this debate are what device or application should do the encryption and how the keys should be managed. Tape library vendors mostly agree that encryption belongs in the tape drive. While backup software products like Symantec Corp.'s Veritas NetBackup offer encryption as an option, this approach unnecessarily locks users into a specific application and requires that application to be available before data can be decrypted and restored.

Allowing the tape drive to perform encryption has a number of benefits. It largely removes the potentially proprietary nature of encrypted data if the encryption is done by the backup software. Tape drives aren't

Requires Free Membership to View

proprietary to specific tape libraries; a tape encrypted by an LTO tape drive in a Quantum PX720 can be read by an LTO tape drive in a Scalar i500. And if the tape drive performs the encryption, it offloads the CPU overhead of encrypting the data from the backup server.

Spectra Logic offers an option to handle the CPU overhead created by the encryption process, which takes place outside of the tape library. The optional Quad Interface Processor (QIP) module for its Spectra T950 library acts as a switch between the SAN-attached Fibre Channel (FC) port and internal FC tape drive. This module handles the processing associated with encryption. Whether other tape library vendors will offer a similar module is questionable at this time. The Sun StorageTek Crypto-Ready T10000 encrypting tape drive relies on Sun's Crypto Key Management Station (KMS), an appliance built on a Sun workstation, for its key management.

Click here for an overview Midrange tape libraries: Backup software support (PDF).

This was first published in September 2007

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: