beautypg.com

Tape block zero handling, Tape key expiry, Df compatibility for tapes – Brocade Fabric OS Encryption Administrator’s Guide Supporting NetApp Lifetime Key Manager (LKM) and KeySecure Storage Secure Key Manager (SSKM) Environments (Supporting Fabric OS v7.2.0) User Manual

Page 218: Df compatibility for disk luns

background image

200

Fabric OS Encryption Administrator’s Guide (LKM/SSKM)

53-1002925-01

Tape block zero handling

5

Tape block zero handling

The block zero of the tape media is not encrypted and the data in the block zero is sent as cleartext
along with the block zero metadata header prefixed to the data to the tape device.

Tape key expiry

When the tape key of native pools expires in the middle of a write operation on the tape, the key is
used for the duration of any write operation to append the data on the tape media. On any given
tape medium, the same key is used for all written blocks, regardless of the time in between append
operations.

With the exception of native pools, whenever you rewind a tape and write to block zero, a new key
will be generated that is unique to that tape. Only with native pools will the same key be used to
write to multiple media. This key has a user-determined lifespan, which applies to the elapsed time
between write operations to new tapes (after rewind).

Note the following:

Key expiration does not apply to append operations, no matter how long in the future.

Key expiration never applies to read operations.

Key expiration never applies to LUN-based policies. A new key is generated every time a tape
media is rewound and written to block zero (label), regardless of whether the specified key life
span has expired.

DF compatibility for tapes

Only DF version 2.x- and 3.x-compatible NetApp DataFort (DF) tape metaheaders and block formats
are supported for reading, decrypting, and decompressing the tapes.

Only DF version 2.x- and 3.x-compatible tape block formats and metaheaders are supported for
writing and encrypting tapes in DF-compatible format.

A DF-compatible license is required.

DF compatibility for disk LUNs

Most versions of NetApp DataFort (DF) disk metaheaders and block formats are supported for
reading, decrypting, and decompressing the disk LUNs. DF 1.x version disks are not supported for
reading.

Only DF version 3.x-compatible disk block formats and metaheaders are supported for writing and
encrypting disk LUNs in DF-compatible format. A DF-compatible license is required.

See also other documents in the category Brocade Computer Accessories: