|
Hello,
We use SKLM here with a TS3500 tape library.
Here is how it works here.
The SKLM server (windows based) generates, serves and keeps the encryption keys. New sets of keys are generated at fixed interval and old sets are kept for several years according to our governance rules.
In the TS3500 configuration, for the tape drive that we want to work with encryption, they are configure to ask the SKLM server (trough it's IP address) for an encryption key.
During backup, the TS3500 receives the data from the IBM I and encrypt it using the key provided by SKLM. On the tape, the ID of the key is written automatically along with the encrypted data.
During a restore, the key ID is retrieved. The TS3500 ask the SKLM server for the corresponding key and is then able to decrypt the tape during the restore.
If you go that way, make sure that your SKLM server is well protected (we have 1 master and 2 slaves located in different data centers). If you loose your keys, you tape will become useless.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
