11-02-2011 02:24 AM
We would like to implement a drive based encryption on a DP6.11 system.
I already created a simple backup job and activated the drive base encryption option.
Now I have to create and activate a key on cell manager.
I have a very simple question : 'Is it possible to create and use a unique key (only one)' ?
In other words, we would like to encrypt our archives media with a the same and unique key.
11-03-2011 11:27 PM
There was a global option to enable this once but I'm not sure if it exists now. Your best bet would be to ask HP Support about this feature.
11-07-2011 07:36 AM
I setup a simple backup job and activated Drive Based Encryption.
Backupjob was successful and cell manager generated a key. Key Description = 'AES256_CTR Automatic key creation'
Does anybody knows if this key is available only for this tape ? (what will happen when system will use another tape ?)
11-29-2011 12:22 AM
Here is what I was looking for (received from our HP Partener).
I already implemented it but I still have to validate the solution.
In the global file you need change this and restart DP
EnableCommonKeyEntity=1 -> the same key for every media
# default: 0
# If this option is set (=1), KeyEntity value will be used as an entity name.
# for encryption.
KeyEntity= YOURENTITY -> e.g. : if you want a common key for you company.
# default: <empty>
# This value will be used as an entity-name if EnableCommonKeyEntity is set to 1.
02-03-2012 07:49 AM
this setting is placed on cell manager correct and what OS is yours.
Is this for one drive or many,
02-03-2012 09:12 AM
Since the option EnableCommonKeyEntity is defined in the global configuration file on the CS, this setting is global for the whole cell including all media agents and drives.
02-06-2012 12:25 AM
Yes, setting is on cell manager so for all drives/tapes.
OS : W2K3R2SP2 STD
For your information: Solution is requiring last DP patches available for 6.11 so we decided to upgrade completely our DP system (will be on W2K8R2 / DP 6.20)...wait and see
04-27-2012 07:29 AM
I have the same problem.
I have HP Dataprotector 06.11 but my global file doesn´t include a EnableCommonKeyEntity variable to configure.
I understand I need a patch to display that option globally, its that correct?
I need to ensure that, if down the patch and installing it then appears that option, then I will have to consider hiring the stand.
04-27-2012 07:53 AM
It is possible, that the options EnableCommonKeyEntity and KeyEntity are available on your patch level but not included in the global file.To find out, run omnicc in debug mode and review the debug file that will contain all available global options for your cell server.
/opt/omni/bin/omnicc -debug 20 /tmp/DBG.txt
/bin/grep -i "KeyEntity" /tmp/OB2DBG_*DBG.txt
if they are not in, you need to upgrade your cell to latest patches. if they are in, just add the required lines to global and restart services.
04-27-2012 08:10 AM
the process worked correctly.
I confirmed that I have that option not available.
you can assure you that there is a patch for version 6.11 which makes this option becomes available.
04-27-2012 08:15 AM
04-27-2012 08:27 AM
This does not allow me to download patches.
So I wanted to make sure. What I do not want to happen is to hire the support and that this option is not available in the version I have.
04-27-2012 08:39 AM