Manualshelf

Virtual TapeServer 6.04.03 Operations and Administration Guide

ManualsBrandsHP ManualsServerHP NonStop G-Series
81828384858687888990
Using SecureVTS | 75
Multi-server considerations
Keep the following in mind when configuring and using SecureVTS in an environment with
multiple VTS servers, such as if GFS, AutoCopy, or Instant DR is configured:
SecureVTS configuration
When configuring key servers and backup hosts for SecureVTS, it is highly recommended
that you configure only one key generator for the environment. You must also configure at
least one other server in the environment that can serve as the backup host for the key
database. See
Adding a key server on page 77 and Adding a key database backup host on
page 78 for more information.
If virtual tapes are stored on a remote server, such as through the use of AutoCopy or
Instant DR, and you need to access the data on tapes, SecureVTS must be enabled on the
remote server. This will enable the remote server to decrypt encrypted tapes when
necessary. Otherwise, the remote server cannot retrieve the key from the key server that
encrypted the tape.
Tape operations performed on encrypted virtual tapes
VTS attempts to decrypt an encrypted tape when a tape operation is performed on that
tape. If SecureVTS is not enabled or the key server that was used to encrypt the tape is
not configured on the server where the encrypted tape resides, the tape operation will fail
and an error message will be displayed indicating that the operation failed. See
SecureVTS and failed tape operations on page 131 for an explanation of the possible
failures.
Upgraded installations
Beware of using SecureVTS in an environment where some VTS servers are upgraded
and others are not. Encrypted virtual tapes are not compatible with 6.03.39 or 6.03.41
servers. For example, a 6.03.39 or 6.03.41 system cannot read data on an encrypted tape.
Similarly, if a 6.03.39 or 6.03.41 system writes to a tape that was encrypted on a 6.04
system, the key ID is destroyed and the tape becomes unreadable on the 6.04 SecureVTS
system. Therefore, it is highly recommended that you do not use SecureVTS in a mixed
environment.
Configuring SecureVTS
This section provides the procedures needed to configure SecureVTS. It also provides an
overview of the steps that are required if multiple VTS servers are installed in your
environment and the data you must gather to complete the procedures.
Using SecureVTS in a multi-server environment
If there are multiple VTS servers in your environment, you must configure one key server
that will generate the keys used to encrypt and decrypt data. You must configure at least one
backup host where the key server database is backed up. Also, it is highly recommended that
you configure at least one other backup host that is not in the VTS environment; an off-site
backup host ensures that data is backed up in case of unrecoverable failures. Consider the
following example.