This article can also be found in the Premium Editorial Download "Storage magazine: RAID turns 20: Do you still need it?."
Download it now to read this article plus other related content.
A determining factor for Corporate One Federal Credit Union's decision was how Decru DataFort generated and managed its own encryption keys. Prior to selecting Decru DataFort, Corporate One had developed its own in-house system for key management for data exchange with its various member credit unions. Decru DataFort eliminated that need for internal key generation and management because it generates unique random numbers for backups as frequently as Corporate One wants them created. In instances where member credit unions also used Decru DataFort, Corporate One could configure its Decru DataFort encryption appliances to exchange encryption keys with the Decru DataFort at a member credit union's site.
A growing number of other encryption architectures now offer similar means for creating and managing randomly generated encryption keys. Tape drives that do encryption such as IBM Corp.'s T1120 (3592 tape formats) and Sun Microsystems Inc.'s StorageTek T10000 (9840 tape formats) include ASICs that expedite encryption, but they still rely on external encryption software to provide the needed encryption key. IBM and Sun plan to eventually allow other vendors' encryption key managers to generate random encryption keys; in the meantime, IBM T1120 users will need to rely on IBM Encryption Key Manager to generate encryption keys; Sun StorageTek T10000 users will need to deploy Sun StorageTek Crypto
| Key Management Station for key generation and management.
LTO-4 tape drives are further down the road in integrating with third-party software encryption key managers. LTO-4 tape drives provide the necessary APIs for encryption key management providers to select the encryption algorithm they should use, as well as the key the LTO-4 tape drive needs to do the encryption. Currently, users of CommVault's Galaxy 7.0 backup software can randomly generate encryption keys that LTO-4 tape drives can accept and use.
This was first published in November 2007