Sun Microsystems Virtual Tape Library manual VTL Secure Tape encryption option, Key management

Key VTL features and options

Remote Copy

Remote Copy copies a single virtual tape to another server on demand.

VTL Secure Tape encryption option

The VTL Secure Tape option uses the Advanced Encryption Standard (AES) algorithm to protect physical media that might otherwise be vulnerable to theft or diversion during transit. VTL software encrypts data when it is exported to physical tape and decrypts it when it is reimported to virtual tape.

Key management

The Secure Tape feature provides for flexible cryptographic key management that can be adapted to local security requirements and policies. Administrators can generate a single key for all exported tapes or multiple, unique keys for different tapes or sets of tapes. Multiple keys are more secure in the sense that the compromise of a single key exposes fewer tapes. But keys are harder to manage. Administrators must keep track of which key applies to which tape, because using the wrong key will cause indecipherable data to be imported into the virtual library. To facilitate centralized key management, keys can be exported to an external key package file. Key packages can be centrally generated and distributed, by secure means, to remote sites where data is imported to or exported from VTL systems.

Password protection

For additional security, each key is password‐protected. Administrators must provide the correct password before changing a key name, password, or password hint, and before deleting or exporting a key.