Tape encryption product specifications

Buying Guide

Tape encryption product specifications

The LTO-4 standard provides for AES-256 encryption performed directly at the hardware level on the tape drive itself. This removes the processing overhead normally associated with software-based encryption, and allows backup jobs to proceed at a normal speed. Encrypted tapes

Continue Reading This Article

Enjoy this article as well as all of our content, including E-Guides, news, tips and more.

can then be removed and sent offsite with the assurance that any sensitive data is protected. However, as with any hardware device, it's important to verify compatibility with the current storage infrastructure, and test backward compatibility with older tape media. In addition, storage professionals must implement a practical but secure means of managing the encryption key. The product snapshots in this chapter highlight key specifications for a cross section of tape drives that incorporate encryption. The following products were selected based on input from industry analysts and SearchStorage.com editors, and specifications are current as of August 2007.

The following specifications have been provided by vendors and are periodically updated. Vendors are welcome to submit their updates and new product specifications to sbigelow@techtarget.com.

Go to the first product snapshot, or select the desired product below:

  • Hewlett-Packard Co.; StorageWorks LTO-4 Ultrium 1840 Tape Drive
  • IBM; System Storage TS2340 Tape Drive Express
  • Quantum Corp.; LTO-4 HH Tape Drive
  • Sun Microsystems Inc.; StorageTek T10000 Tape Drive
  • Tandberg Data; LTO-4 FH (1640LTO) Tape Drive

    Return to the beginning

    Product Snapshot #1
    -----------------------------------------------------------------------------------------------------------

    Product: Hewlett-Packard Co.; StorageWorks LTO-4 Ultrium 1840

    Buffer Size: 128 MB
    Storage Capacity: 800 GB (native) / 1.6TB (compressed)
    Data Transfer Rate: 120 MBps (native) / 240 MBps (compressed)
    Access Time: 62 seconds
    Tracks: 896 tracks
    Interface: 4GB FC; Ultra320 SCSI
    LTO-4 Encryption Available: Yes
    Encryption Type: AES 256 bit hardware data encryption
    Key Complexity: LTO-4 uses the Advanced Encryption Standard (AES) with the longest and most secure encryption key available at 256 bits. AES-256 is implemented within Galois Counter Mode (GCM). This is a method of increasing AES security by efficiently adding Message Authentication Codes to ensure the integrity of the backup data stored on tape. The HP LTO-4 Ultrium 1840 Tape Drive is designed to be compliant with the emerging standard for tape drive security, IEEE 1619.1.
    Key Management: Encryption key managed via backup application or key management appliance.
    Encryption Software Needed: The backup application needs to support hardware tape encryption.
    WORM Media Compatible: Yes (LTO-4 WORM media)
    Tape Backward Compatibility: Backward read compatible with LTO-2, -3. Read/Write compatible with LTO-3
    System Interoperability: http://www.hp.com/go/connect
    Vendor Comment: HP StorageWorks LTO-4 Ultrium 1840 Tape Drive is HP's first tape drive capable of storing up to 1.6 TB per cartridge while providing hardware-based encryption to enable greater levels of security and unprecedented performance.
    Availability: Currently available
    Base Cost: $4999 internal SCSI model
    Detailed Specs: http://h18006.www1.hp.com/products/storageworks/ultrium1840/
    Vendor URL: www.hp.com

    Go to beginning
    -----------------------------------------------------------------------------------------------------------

    Product Snapshot #2
    -----------------------------------------------------------------------------------------------------------

    Product: IBM; System Storage TS2340 Tape Drive Express

    No specifications were provided by publication time.

    Detailed Specs: http://www-03.ibm.com/systems/storage/tape/ts2340/index.html
    Vendor URL: www.ibm.com

    Go to beginning
    -----------------------------------------------------------------------------------------------------------

    Product Snapshot #3
    -----------------------------------------------------------------------------------------------------------

    Product: Quantum Corp.; LTO-4 HH Tape Drive

    Buffer Size: 256 MB
    Storage Capacity: Not provided
    Data Transfer Rate: 120MB/sec native; 240 MBps compressed
    Access Time: 55 seconds
    Tracks: 896 tracks
    Interface: 3Gbps SAS
    LTO-4 Encryption Available: Yes
    Encryption Type: AES 256 bit
    Key Complexity: Not provided
    Key Management: Key managed through ISV software (backup software) or through specific key management appliance/application
    Encryption Software Needed: Encryption engine is in the tape drive, software only required for key management.
    WORM Media Compatible: Yes -- read/write compatible with LTO-4 WORM and LTO-3 WORM
    Tape Backward Compatibility: LTO-4 read/write, LTO-4 WORM read/write, LTO-3 read/write, LTO-3 WORM read/write, LTO-2 read only
    System Interoperability: Not provided
    Vendor Comment: Full performance LTO4 Half High drive
    Availability: Late CQ4 07
    Base Cost: Not provided
    Detailed Specs: Not provided
    Vendor URL: www.quantum.com

    Go to beginning
    -----------------------------------------------------------------------------------------------------------

    Product Snapshot #4
    -----------------------------------------------------------------------------------------------------------

    Product: Sun Microsystems Inc.; StorageTek T10000 Tape Drive

    Buffer Size: Not provided
    Storage Capacity: Capacity is 500 GB native
    Data Transfer Rate: 120 MBps (uncompressed); up to 360 MBps with 3:1 compression)
    Access Time: Average file access time (includes load/thread): 62 sec (28 sec for Sport Cartridge)
    Tracks: 768 tracks
    Interface: Fibre Channel or Native FICON connectivity
    LTO-4 Encryption Available: Native with KMS - no, but available in 1H08; With TSM - yes today.
    Encryption Type: AES-256 CCM, NIST approved per FIPS 140-2 Level 2
    Key Complexity: Architected for 1 key per tape, changed as frequently as the customer would like. May also keep it as simple as a customer would prefer and use a single key for all tapes, drives, and time periods which seems to be the preference at this time.
    Key Management: Keys are generated, stored, and managed from the Crypto Key Management Station (KMS) which is a FIPS 140-2 compliant appliance comprised of an Ultra 20 work station with Solaris 10 and the Sun SCA6000 crypto card. Keys are stored and transmitted using AES-256 CCM level encryption. KMS may be direct connected via secure network to a token in a token bay within a library to deliver keys via internal library network to drives. Alternatively, the KMS may be vaulted in secure storage (no network connection) with keys being downloaded into portable key token device and hand carried to a token bay within a library from which keys are delivered to drives. The second "air gap" scenario in which the KMS is secured as a stand-alone device with no connectivity and keys are carried via token constitutes the high security implementation which many federal agencies desire.
    Encryption Software Needed: The software to support encryption is included within the KMS appliance.
    WORM Media Compatible: Yes, T10000 data cartridges are WORM capable
    Tape Backward Compatibility: Future generations of T10000 will read the existing T10000 media
    System Interoperability: Sun StorageTek L180, L700e, L1400, SL8500 and PowderHorn 9310 libraries
    Vendor Comment: Not provided
    Availability: Currently available
    Base Cost: List pricing for the T10000 tape drive is $37,000 for Fibre Channel in the SL8500 tape library; Current List price for the KMS is $35,000. List price for the encryption enablement key per enterprise drive is $5,000.
    Detailed Specs: http://www.sun.com/storagetek/tape_storage/tape_drives/t10000/specs.xml
    Vendor URL: www.sun.com

    Go to beginning
    -----------------------------------------------------------------------------------------------------------

    Product Snapshot #5
    -----------------------------------------------------------------------------------------------------------

    Product: Tandberg Data; LTO-4 (FH) Tape Drive

    Buffer Size: 256 MB
    Storage Capacity: Not provided
    Data Transfer Rate: 120 MBps or 432 GB/hr (native) and 240 MBps or 864 GB/hr (compressed)
    Access Time: 54 seconds
    Tracks: 824 Tracks with a 16 channel head design
    Interface: SCSI, SAS or FC host interface, Drive supports ADI automation interface
    LTO-4 Encryption Available: Yes; FC drives only
    Encryption Type: LTO encryption complies with and/or utilizes The Galois/Counter Mode of Operation (GCM), Advanced Encryption Standard (AES), IEEE SPC-4 SCSI Primary Commands, IEEE SSC-3 SCSI Stream Commands and IEEE P1619.1TM/D13, Draft Standard for Authenticated Encryption with Length Expansion for Storage Devices.
    Key Complexity: LTO Generation 4 uses "AES encryption algorithm, with 256-bit keys, in GCM mode." A shorter way to say it is "256-bit AES in GCM mode" or "AES256-GCM".
    Key Management: Key management software will be provided by a variety of sources including LTO licensees, tape automation providers, and independent software vendors (ISV's).
    Encryption Software Needed: LTO-4 encryption is hardware based. Managing Encryption would be provided by ISV software application or be a combination of a key manager and ISV application.
    WORM Media Compatible: Yes; LTO-3 and LTO-4
    Tape Backward Compatibility: LTO-3 (read and write) and LTO-2 (read only)
    System Interoperability: Tandberg Data's LTO-4 products are compatible with all major ISV backup and restore software applications.
    Vendor Comment: Tandberg LTO-4 Full-height drive is ideal for use in higher-end server environments, both as a stand-alone drive and in tape automation. It ships with standard cabling, a data cartridge, a cleaning cartridge, and Symantec Backup Exec QuickStart Edition, and includes a three-year, return-to-factory warranty and advanced replacement service.
    Availability: Currently available
    Base Cost: Estimated street price for an LTO-4 Drive is approximately $4,500
    Detailed Specs: http://www.exabyte.com/products/products/get_products.cfm?prod_id=601
    Vendor URL: www.tandbergdata.com/us

    Go to beginning
    -----------------------------------------------------------------------------------------------------------

    This was first published in September 2007