Manualshelf

Virtual TapeServer 8.3 Configuration Guide

ManualsBrandsHP ManualsServerHP NonStop G-Series
919293949596979899100
82 | Virtual TapeServer Configuration Guide
encrypt the tape is not configured on the server where the encrypted tape resides, the tape
operation will fail and an error message will be displayed indicating that the operation failed.
See "Data Encryption and failed tape operations" on page 171 for an explanation of the
possible failures.
l Upgraded installations
Beware of using Data Encryption in an environment where some VTS servers are upgraded
and others are not. It is highly recommended that you do not use Data Encryption in a mixed
environment.
Configuring Data Encryption
This section provides the procedures needed to configure Data Encryption. It also provides an
overview of the steps that are required if multiple VTS servers are installed in your environment
and the data you must gather to complete the procedures.
Using Data Encryption in a multi-server environment
If there are multiple VTS servers in your environment, you must configure one key server that will
generate the keys used to encrypt and decrypt data. You must configure at least one backup host
where the key server database is backed up. Also, it is highly recommended that you configure at
least one other backup host that is not in the VTS environment; an off-site backup host ensures that
data is backed up in case of unrecoverable failures. Consider the following example.
If three VTS servers A, B, and C are installed in your environment, you must perform these
tasks to fully enable and configure Data Encryption:
1. Determine which server will be responsible for generating keys. For this example, server A
will be the “key generator”.
2. Add server A as a key generator on servers B and C.
3. On servers B and C, remove the localhost key server. (The localhost entry is configured as a
key generator.)
4. On server A, add server B or C as a key database backup host (in addition to the localhost
entry). You can add server B and C to A as backup hosts if you want to define multiple backup
hosts. As recommended, you should add a backup host that is outside of your VTS environment
(server D in this example).
Here is an illustration of the configuration: