DP9.04 - Query on Drive based encryption

Hi Team,

We are using DP 9.04 , HP MSL library having LTO6 drives. Backup tapes are going to offsite. Tapes are of HP Model.

At DR site, We have IBM tape library having LTO 6 tape drive.  (compatible with DP 9.04 & HP tapes)

Now Customer is asking to enable encryption on backup tapes (in case any tape gets misplace during trasport and should not be read by any third party). 

Question :

-> If I enable drive based encryption (Drive-> setting-> advanced->drive based encryption),  would I be able to read the tapes on IBM tape library?

-> What is the method of reading the encrypted tapes at DR site (IDB tape and data tape). Kindly help to provide steps for decryption .



Parents Reply
  • Verified Answer

    Hi brits,

    in case Data Protector provides encryption keys at backup time to the LTO drive you can read them directly in case you load them by a Media Agent that is part of the originating cell. This should work regardless of the LTO tape drive vendor. Hardware encryption kits will most likely fail.

    If the remote site has seperate Cell Manager you need to export the keys and import them on the remote Cell Manager first. This is done by omnikeytool.

    # list and export keys
    omnikeytool -list -active
    omnikeytool -export CVSFile -entity EntityName
    omnikeytool -export CVSFile -time Day Hour Day Hour
    # import keys into keystore
    omnikeytool -import CVSFile

    Sebastian Koehler