HP StorageWorks DAT USB Tape Drives User Guide (DW049-90916, June 2010)
To make use of this feature you need:
• A backup application that supports hardware encryption
• DAT 320 GB media; no hardware encryption will be performed when writing earlier generations
of tape
When should I use encryption?
Your company policy will determine when you need to use encryption. For example, it may be
mandatory for company confidential and financial data, but not for personal data. Company policy
will also define how encryption keys should be generated and managed. Backup applications that
support encryption will generate a key for you or allow you to enter a key manually.
NOTE:
Encryption with keys that are generated directly from passwords or passphrases may be less secure
than encryption using truly random keys. Your application should explain the options and methods
that are available. Please refer to your application's user documentation for more information.
How do I enable encryption?
Hardware encryption is turned off by default and is switched on by settings in your backup application,
where you also generate and supply the encryption key. Your backup application must support
hardware encryption for this feature to work. The software supplied with the tape drive provides this
support. See http://www.hp.com/go/connect for an up-to-date list of other suitable backup software.
When will I be asked to enter the key?
Encryption is primarily designed to protect the media once it is offline and to prevent it being accessed
from another machine. Often, you will be able to read and append the encrypted media without
being prompted for a key as long as it is being accessed by the machine and application that first
encrypted it. However, this depends entirely on the backup application and its Key Management
capabilities.
There are two main instances when you must know the key:
• If you try to import the media to another machine or another instance of the backup application
• If you are recovering your system after a disaster
What happens if I don't remember the key?
If you are unable to supply the key when requested to do so, neither you nor Technical Support will
be able to access the encrypted data.
This guarantees the security of your data, but also means that you must be careful in the management
of the encryption key used to generate the tape. It is very important to back up the backup application's
key storage to prevent data loss. The tape drive itself clears keys on power cycles and numerous other
backup application defined events.
DAT USB Tape Drives 47