BackBox H4.00 Tape Encryption Option
36 BackBox H4.00 Tape Encryption
In the domain configuration:
The encryption is enabled in the Volume Group configuration, by the
attributes ‘Encryption algorithm’ and ‘Key manager ID’.
Each Key manager is configured by:
- A general common set of attributes, such as the Key manager ID, the
Key manager server type, its TCIP address for the VTC clients.
- A VTC client to the Key manager for each VTC that will have to
connect directly to the Key manager for encrypting/decrypting during
tape drive emulation.
- A VLE-CLIM client to the Key manager for each CLIM that will connect
to an ESKM Key Manager for VLE processing.
The only role of this VLE-CLIM configuration is to detect the connected
CLIM during VLE processing, and thereby clearly record which ESKM
holds the encryption key for each encrypted volume.
When all involved components are configured, the encryption functionality
must be verified before an actual test of encrypted backup. The Test link of
this BackPak Key manager page will verify the domain configuration and the
connectivity to the Key manager and CLIMs.
This Test link is disabled when Configuration is in Edit mode.
The Delete link removes a Key manager and all its Clients. The deletion will
be rejected with the Key manager ID is referred by a Volume Group, or by
any virtual volume that was encrypted with a key provided by this Key
manager.