Virtual TapeServer 8.0 Configuration Guide
Enabling and Configuring Data Encryption | 61
Multi-server considerations
Keep the following in mind when configuring and using Data Encryption in an environment
with multiple VTS servers, such as if GFS or Data Replication is configured:
• Server configuration
When configuring key servers and backup hosts for Data Encryption, it is highly
recommended that you configure only one key generator for the environment. You must
also configure at least one other server in the environment that can serve as the backup
host for the key database. See
Adding a key server on page 64 and Adding a key database
backup host on page 65 for more information.
If virtual tapes are stored on a remote server, such as through the use of Data Replication,
and you need to access the data on tapes, Data Encryption must be enabled on the remote
server. This will enable the remote server to decrypt encrypted tapes when necessary.
Otherwise, the remote server cannot retrieve the key from the key server that encrypted
the tape.
• Tape operations performed on encrypted virtual tapes
VTS attempts to decrypt an encrypted tape when a tape operation, such as mounting the
tape, is performed on that tape. If Data Encryption is not enabled or the key server that
was used to encrypt the tape is not configured on the server where the encrypted tape
resides, the tape operation will fail and an error message will be displayed indicating that
the operation failed. See
Data Encryption and failed tape operations on page 132 for an
explanation of the possible failures.
• Upgraded installations
Beware of using Data Encryption in an environment where some VTS servers are
upgraded and others are not. It is highly recommended that you do not use Data
Encryption in a mixed environment.