Software Encryption versus Hardware Encryption

DPX provides AES 256-bit software encryption. However, certain tape devices can encrypt data at the hardware level. DPX supports hardware encryption for LTO tape drives of specific types and manufacturers.

Hardware encryption utilizes keyrings for backups and restores in the same way that software encryption does. A job option allows the user to indicate whether to use software or hardware encryption.

Following are additional considerations for hardware encryption:

• The user is responsible for assuring the hardware encryption capabilities of their tape devices.

• You can use one media pool for both types of tape devices (hardware encryption capable and hardware encryption incapable), but it is better to use separate media pools.

• You can use the same keyring for jobs with software encryption or hardware encryption. However, there is a length limitation (10 bytes) for the keyring name in hardware encryption.

• You cannot use the same tape for backup jobs with hardware encryption option and without hardware encryption option. DPX selects a suitable tape automatically.

• To verify whether a tape is encrypted or not, use the utility tools/tapedump. First, run the program tapedump. Second, issue tape deviceName command. Third, issue open rdonly command. Fourth, issue read command several times. If you hit a read permission error, then the tape is encrypted.