Secure LTO-4 Migration

Enabling Migration to Encrypting
LTO-4 Tape Drives

Customer problem

As IT organizations migrate their backup infrastructure from legacy systems to encrypting tape drives, and plaintext backup data to encrypted backup data, many are likely to encounter operational challenges that they had not anticipated. These include:

  • Managing and maintaining the separation of legacy media like LTO-2/3 from encrypted LTO-4 media
  • The ability to secure sensitive data backed up to legacy media
  • Detecting media as new, currently used, or recycled, and applying the correct commands for write, append or overwrite
  • Managing tape migration issues like overwriting pre-existing cleartext and ciphertext data with the application of new keys
  • Central administration of security policies and encryption keys with multiple, clustered failover locations

For those organizations committed to the adoption of drive-based encryption, the complexities can be greatly reduced with the combination of careful planning, a transparent encryption facility for legacy drives, and the use of a common, centralized key management facility for all data-at-rest encryption needs.

Solving migration challenges with intelligence
Enabling a gradual migration from legacy tape devices to encrypting drives, libraries and media requires two core capabilities:

  • A secure, comprehensive key management facility that enables encryption in new encrypting drives and external storage security systems. This key management system should provide redundant key repositories with a central administration interface that can provide services for all encrypting devices attached to the SAN.
  • An external data storage security system that can cost-effectively encrypt data volumes using existing tape storage devices. The system should be transparent to both local and wide-area storage environments and support essential tape security features like data compression, integrity checking and tape media ID tracking.

CipherMax enables migration to integrated encryption services
CipherMax’s CM100T line of enterprise storage security systems for tape and VTL offers these capabilities and more. It also delivers secure, reliable key management with transparent operations and high port-count connectivity. The CM100T’s flexible architecture with fabric-based intelligence allows it to seamlessly manage LTO-4 encryption keys while providing line-speed encryption processing for existing non-encrypting tape drives. CipherMax enables an affordable migration strategy from legacy tape drives to encrypting tape drives with minimal administrative overhead or interruption to backup operations.

 

SecureSAN

 

Solution highlights

  • Heterogeneous encryption management enables the seamless migration from legacy tape drives to LTO-4 drives to disk-based backup methods like VTL
  • Centralized, automated key management and security policy administration for both encrypting drives and the CM140T system
  • Support for automated encryption of backups on LTO-3 media using LTO-4 tape drives
  • Advanced key management features like automatic media status detection and automatic key migration make encryption transparent to operational management
  • Media label ID cataloguing ensures data recovery at local or remote locations

© 2008 CipherMax, Inc. All rights reserved.