05-16-2013 08:26 AM
I am currently working on trying to understand the tape encryption process. I have purchased a pair of tokens (one for my production site and one for my DR site). After reading some of the documentation, I am kind of confused about how the encryption process should work. My original intention, was to create a token and leave encryption always on. I would then create a backup token and send it to my DR site for storage and I would do the reverse process at the DR site.
What's confusing me right now, is that I had intended on only using a single key and leaving encryption always on. The tapes in question are in a protected rack and they will only ever be in the tape loader or at the IronMountain facility. The documentation however, seems to indicate that I am supposed to rotate keys on some sort of annual process. My question is if in year 1 I am using key set A and at the end of year 1 I rotate to key set B, how do I restore data from year 1 with key set A if I am no longer using that key set?
Thanks for assisting. I appreciate any and all help.
05-16-2013 12:59 PM
>how do I restore data from year 1 with key set A if I am no longer using that key set?
In general, you would need to keep all of the keys.
Unless by rekey (key rotation) they want you to decrypt with key A and encrypt with key B, each year.
05-17-2013 08:17 AM
Thanks, I have a follow up question. How would I remove encryption from a tape? Let's say I wanted to format a tape (blank it) and just make it look like a brand new piece of media?