Tape Encryption Best Practices
October 3, 2009
You may be familiar with serverfault, which I mention from time to time. It’s an amazing resource for sysadmins, and you can learn a lot from just lurking. Nearly every question gets an array of good answers.
Every once in a while, though, something falls through the cracks. There’s an excellent question that, at the time of this writing, has only three answers, and I think the question is good enough that it deserves more answers, and I’d very much like to see a community viewpoint, or examples of people who are actually using encrypted tapes.
Here’s the question:
I want to enable encryption on all of my backup tapes. I more-or-less know how to do this technically, but the procedural and human elements of implementing this are tricky.
I use HP LTO4 drives with bacula, which doesn’t have any key-management features. In fact, its support for hardware encryption is to call an external script which sets the key on the drive before reading and writing.
My questions:
1. How should I keep track of which tapes have encryption? I already have a few hundred tapes without encryption. Even if I take the time to rewrite them all with encryption, there will be months of overlap where some have it and some don’t. How will bacula know whether to set the key before reading a given tape? Is the drive smart enough to read unencrypted tapes even when a key is set?
2. If the key is ever compromised, we’ll have to change it and we’ll have the same problem as #1.
3. If the key is lost, we’ve effectively lost all of our backups. How can I mitigate this without increasing the risk that it is compromised?
4. Should the key change regularly? Once per year? What is the best practice?
5. How do the big ISV backup systems handle these issues?
I would love to hear more about how enterprise level administrators take care of this. The concerns raised are valid, and I don’t know of any published “best practices” for managing tape encryption.
Personally, the commercial version of Amanda gives me the ability to encrypt my tapes using a passphrase, but I have declined to use it, thus far, primarily for the reasons listed above.
In addition to software-based encryption, lots of newer tape technologies like LTO-4 and above, though even then the drives only need to be aware of encryption, not necessarily support encryption or decryption.
There is an interesting whitepaper from HP on tape encryption, and the various methods of dealing with key management. It’s worth reading if you’re interested in that sort of thing.
So please, check out the question and let us know what you do.
Posted in General
Email me
content rss
October 5th, 2009 at 8:41 am
I’ve been watching the same question on ServerFault, and I have pretty much the same opinion. I think it comes down to this: tape-level encryption just isn’t a fantastic idea due to key management and potential recovery issues.
I think that if critical *data* is encrypted, that’s fine. But encrypt it before it hits the tape. Besides, you really need to keep tight physical controls on the tape in the first place that should be enough.
Note: I’ve not read the HP paper, but will take a quick peek. Thanks for the link.
October 6th, 2009 at 5:44 am
Each enterprise product offers different levels of support for hardware tape encryption.
NetWorker for instance doesn’t currently support key management for hardware tape encryption. However, so long as the key management is run outside of it (e.g., via the library or the OS), it will work without issue – i.e., the encryption is invisible to it and can be used. I have multiple customers already taking advantage of this.
There are other encryption options – e.g., (formerly Neoscale) Thales nCipher provides black box (or more precisely red box) level encryption at the fibre-channel layer itself. The nCipher device for instance is able to cooperate with many enterprise backup products to allow multiple keys, allows per-volume encryption controls, etc.