HP 1606 Fabric OS Encryption Administrator's Guide v6.4.0 (53-1001864-01, June - Page 194
Tape library media changer considerations, Turn off host-based encryption, Avoid double encryption,
View all HP 1606 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 194 highlights
5 Tape library media changer considerations Tape library media changer considerations In tape libraries where the media changer unit is addressed by a target port that is separate from the actual tape SCSI I/O ports, create a CryptoTarget container for the media changer unit and CryptoTarget containers for the SCSI I/O ports. If a CryptoTarget container is created only for the media changer unit target port, no encryption is performed on this device. In tape libraries where the media changer unit is addressed by separate LUN at the same target port as the actual tape SCSI I/O LUN, create a CryptoTarget container for the target port, and add both the media changer unit LUN and one or more tape SCSI I/O LUNs to that CryptoTarget container. If only a media changer unit LUN is added to the CryptoTarget container, no encryption is performed on this device. Turn off host-based encryption If a host has an encryption capability of any kind, be sure it is turned it off before using the encryption engine on the encryption switch or blade. Encryption and decryption at the host may make it impossible to successfully decrypt the data. Avoid double encryption Encryption and decryption at tape drives does not affect the encryption switch or blade capabilities, and does not cause problems with decrypting the data. However, double encryption adds the unnecessary need to manage two sets of encryption keys, increases the risk of losing data, may reduce performance, and does not add security. PID failover Virtual device PIDs do not persist upon failover within a single fabric HA cluster. Upon failover, the virtual device is s assigned a different PID on the standby encryption switch or blade. Some operating systems view the PID change as an indication of path failure, and will switch over to redundant path in another fabric. In these cases, HA clusters should not be implemented. These operating systems include the following: • HP-UX prior to 11.x • All versions of IBM AIX • Solaris 2.x Turn off compression on extension switches If tape piplining and fast write are enabled on an extension switch, data compression may also be enabled. If data has been encrypted in its path prior to running through the extension switch, data compression should be turned off on the extension switch to increase performance. 176 Fabric OS Encryption Administrator's Guide 53-1001864-01