Software Encryption versus Hardware Encryption
DPX provides AES 256-bit software encryption. However, certain tape devices can encrypt data at the hardware level. DPX supports hardware encryption for LTO tape drives of specific types and manufacturers.
See also. For the latest system compatibility details regarding supported hardware, file systems, applications, operating systems, and service packs, see the Compatibility Guide.
Hardware encryption utilizes keyrings for backups and restores in the same way that software encryption does. A job option allows the user to indicate whether to use software or hardware encryption.
Following are additional considerations for hardware encryption:
The user is responsible for assuring the hardware encryption capabilities of their tape devices.
You can use one media pool for both types of tape devices (hardware encryption capable and hardware encryption incapable), but it is better to use separate media pools.
You can use the same keyring for jobs with software encryption or hardware encryption. However, there is a length limitation (10 bytes) for the keyring name in hardware encryption.
You cannot use the same tape for backup jobs with hardware encryption option and without hardware encryption option. DPX selects a suitable tape automatically.
To verify whether a tape is encrypted or not, use the utility
tools/tapedump
. First, run the programtapedump
. Second, issuetape deviceName
command. Third, issueopen rdonly
command. Fourth, issueread
command several times. If you hit a read permission error, then the tape is encrypted.
Last updated