| Q1. |
What are the benefits of hardware-based encryption at the ASIC level of the tape drive? |
| A1. |
Performance is the major benefit in this context. At normal block lengths, there will be no discernable performance loss due to data encryption. This is in stark contrast to software data encryption, where performance can be significantly reduced. Also, HP StorageWorks LTO-4 Ultrium 1840 Tape Drives implement hardware data compression before encryption (compression of pre-encrypted data is impossible since it appears random). With software data encryption, compression can not be achieved due to the random nature of the resulting data pattern, causing significant capacity loss. Alternatively, at an even greater cost to performance, data compression can be done in software prior to the data encryption process. It is possible to buy “black box appliances” to do hardware data encryption between the computer and the tape drive, but these solutions add significant complexity and cost to systems, In addition they are unlikely to be able to match tape drive data encryption speeds. |
 |
| Q2. |
How do I buy the encryption functionality? |
| A2. |
The encryption functionality is included free with all HP StorageWorks LTO-4 Ultrium 1840 Tape Drives and any libraries employing these tape drives. |
|
| Q3. |
How do I enable data encryption? |
| A3. |
Data encryption is enabled via the ISV application. |
|
| Q4. |
Which ISVs support hardware data encryption? |
| A4. |
Many ISVs will offer hardware data encryption support beginning in early ’08. HP expects to be in the unique situation of being able to offer a full data encryption solution using HP Data Protector Express software which is included with each Ultrium 1840 tape drive at no additional cost to the customer. For the latest compatibility support please visit: http://www.hp.com/go/connect |
|
| Q5. |
What level of data encryption does the HP StorageWorks LTO-4 Ultrium 1840 Tape Drive offer? |
| A5. |
LTO-4 uses the Advanced Encryption Standard (AES) with the longest and most secure keys, 256 bits. AES-256 is implemented within Galois Counter Mode (GCM). This is a method of increasing AES security by efficiently adding Message Authentication Codes to ensure the integrity of the backup data stored on tape. The HP LTO-4 Ultrium 1840 Tape Drive is designed to be compliant with the emerging standard for tape drive security, IEEE 1619.1. |
|
| Q6. |
Can I write to LTO-3 media in encrypted format in an LTO-4 drive? |
| A6. |
Only LTO-4 media is able to be written in encrypted format. LTO-4 Ultrium 1840 tape drives can write to LTO-3 media – but only in unencrypted format. |
|
| Q7. |
Do I need to buy a special tape cartridge to write encrypted data? |
| A7. |
No, a standard LTO-4 media cartridge will allow you to write encrypted data in an LTO-4 drive. |
|
| Q8. |
Can I perform an encrypted OBDR backup? |
| A8. |
Yes, but at some point during the restore the ISV application will ask you for the pass phrase or key. |
|
| Q9. |
Can an encrypted tape written in an HP StorageWorks LTO-4 Ultrium 1840 Tape Drive be read by another LTO-4 manufacture’s drive? |
| A9. |
Yes, encrypted data will be LTO format complaint. As long as the other LTO-4 drive supports encryption and the correct key is supplied the encrypted tape can be restored from another LTO-4 manufacture’s drive. |
|
