Sun Microsystems HP LTO4 manual Potential issue, Work-Around, Details

KMS Operations

FIGURE 2-3Key Lifecycle

A potential issue:

That LTO4 drive firmware will not request a write key in the following scenario:

Read, Space, Write-Filemark, Write.

The drive will use the same key obtained for the Read command to encrypt the data provided for the Write command. The state of this key may be inappropriate for writing due to the policy associated with the drive (an expired key).

Work-Around:

Assign the drive’s Key Group having a key policy with a long encryption period. An encryption period of a year or longer is recommended.

Details:

The LTO-4 drive firmware will not request a write key in the following scenario: Read, Space, Write-Filemark, Write. The drive will use the key obtained from the Read command to encrypt the data provided for the Write command.

Most applications go through this sequence of operations when appending data to a tape.

The end result is that encryption keys previously used on that tape will continue to be used for write operations even if the state of the key has changed to expired or compromised.

The encryption period is a user defined policy.

An encryption period of a year or longer is recommended to mitigate the risk of write operations using an expired key. Most applications write sequentially to a tape cartridge until it is full. It is rare that a customer would not fill a tape cartridge with data within a year.

This is a low impact issue due to ability to mitigate exposure with a user defined encryption period and due to the non-disruptive nature of the error. Data encrypted with an expired key can still be accessed normally on future attempts to append or restore.

It is recommended that the customer not destroy encryption keys as a means to enforce data life-cycle management. Instead, enforce data life-cycle management by expiring volumes through the backup and archive applications.