cancel
Showing results for 
Search instead for 
Did you mean: 

BEX2014 with IBM TS3310

111
Level 3

Just wondering whether anyone has used Backup Exec 2014 with IBM TS3310. I have this in production at present and will be looking to setup encryption (hardware). I am assuming that you need to have the relevant licenses on the autoloder to enable the encryption and allow BEX to complete this?

Anything else thats required? i have tested software encryption however want to configure hardware.

I assume you need the Transparent Encryption lics for the autoloader but not sure what to do from there to be honest. Doesnt seem to be any documentation to say this is what you need to complete this.

We use LTO6 media also.

Would be good if anyone has come across setting this up and how it works really.

 

Thanks in advance.

 

1 ACCEPTED SOLUTION

Accepted Solutions

Larry_Fine
Level 6
   VIP   

I am assuming that you need to have the relevant licenses on the autoloder to enable the encryption and allow BEX to complete this?

Possibly.

There are two ways to do hardware encryption.

  • LME (Library managed), you would probably need a license from IBM to activate this in your library, then have BE re-discover your hardware.  This encryption is transparent to BE, so the drives will then appear to not support encryption (to prevent you from trying to double encypt).  More info at http://www.symantec.com/docs/TECH59946
  • AME (Application managed).  Already included in BE, and since your hardware supports encryption, you just need to enable it in your job.  Basically, change the job setting from software encryption to hardware encruption.  And you will possibly get a speed improvement, YMMV.

Either way, you get the same T10 hardware based encryption on the tape.  The fundamental difference is who is managing your keys.  With AME, your keys are in BE.  With LME, your keys are in your IBM software.

Most people use AME, I think.

View solution in original post

4 REPLIES 4

pkh
Moderator
Moderator
   VIP    Certified
You should check with IBM as to what licensed are required to turn on encryption on the tape library. Once that is enabled, you need to right-click on the library and enable encryption. After that, you can then specify hardware encryption on your jobs

Larry_Fine
Level 6
   VIP   

I am assuming that you need to have the relevant licenses on the autoloder to enable the encryption and allow BEX to complete this?

Possibly.

There are two ways to do hardware encryption.

  • LME (Library managed), you would probably need a license from IBM to activate this in your library, then have BE re-discover your hardware.  This encryption is transparent to BE, so the drives will then appear to not support encryption (to prevent you from trying to double encypt).  More info at http://www.symantec.com/docs/TECH59946
  • AME (Application managed).  Already included in BE, and since your hardware supports encryption, you just need to enable it in your job.  Basically, change the job setting from software encryption to hardware encruption.  And you will possibly get a speed improvement, YMMV.

Either way, you get the same T10 hardware based encryption on the tape.  The fundamental difference is who is managing your keys.  With AME, your keys are in BE.  With LME, your keys are in your IBM software.

Most people use AME, I think.

View solution in original post

111
Level 3

Great thanks for your input. I have contacted IBM also regarding this.

jurgen_barbieur
Level 6
Partner    VIP    Accredited

just one remark. Take also a DR situation in count. Because of the hardware encryption, it could be that if you want to restore using other hardware (because of a fire disaster for example), that hardware must be capable to decrypt the encrypted tapes before sending the data to backupexec if you use the hardware encryption of the library. otherwise your restore will not be possible.

If you use the hardware encryption of backupexec, and you will restore it from another mediaserver or tape library, just will just be prompted to enter the passphrase of the encryption and backupexec will restore the requested data