Version 2.3 expands CryptoStor Tapes key management capabilities through support for NeoScales CryptoStor KeyVault appliance.
Released in March, the unit offers management of keys on a per tape, disk and session basis, the Milpitas, Calif., company said.
According to Dore Rosenblum, NeoScale vice president for marketing, the previous version let users manage keys within the tape appliance itself, and within a cluster, to connect the appliances for shared management.
With Version 2.3s use of the CryptoStor KeyVault appliance, storage managers can "extend the key management to a centralized key management appliance that can securely store and share the keys with other locations across the environment," Rosenblum said.
The external policies stored on the KeyVault appliance provide the granular policy management and archive capabilities for the tape system, he said.
"You can share keys offsite with disaster [recovery] site, and select the keys that correspond to the tapes sent to a business partner—just those keys. All keys are centrally managed, so you can set the policies there and then the Tape appliance software will feed the keys to partners, disaster sites and your data centers in a secure fashion," Rosenblum said.
According to analysts, major problems with transparent encryption for storage are performance penalties and key management, with the latter issue growing as a major concern for medial record keeping and compliance, according to Jon Oltsik, senior analyst with the Enterprise Strategy Group of Milford, Mass.
"HIPAA [Health Insurance Portability and Accountability Act] says that you have to keep medical records two years longer than the patient lives. So the question [storage managers] have to ask is how will I get archived data of this patient 30 years from now?" Oltsik said.
"Health care needs good key management systems because IT and applications need keys. You cant be too tight with [the keys] because then they can get lost and you cant find them again; and you cant be too loose with them or security goes down. KeyVault makes sense—where keys can be easily archived and recovered down the road. Its the way to go," he continued.
At the same time, CryptoStor Tape Version 2.3 can boost data throughput by as much as 40 percent, Rosenblum said. The speed gains improve the encryption systems operation with all tape drives, he said, but especially with the increasingly popular LTO-3 (Linear Tape-Open) format.
In previous versions, NeoScale had focused on CryptoStor Tapes compatibility with a wide range of tape drives and libraries, mostly low-speed mechanisms, Rosenblum said.
However, the update was "overhauled" to boost speed to meet the faster native speeds of tape drives such as LTO-3. The encryption appliance running the updated software can meet the native data speed of a single LTO-3 drive, he said.
The update also improves CryptoStor Tapes diagnostic capabilities, including a new Trace tool that can capture command frames for diagnosis of setup problems. The tool lets storage managers "avoid having to bring in hardware trace tools," Rosenblum said.
In addition, the update improves deployment in enterprise Windows environments, Rosenblum said.
The software now provides a consistent presence to Windows servers and applications avoiding the dynamic remapping that can occur when a tape drive is moved.
Introduced at Hewlett-Packard Americas StorageWorks conference in Las Vegas, CryptoStor Tape Version 2.3 supports the HP EML E-Series tape libraries and the HP Ultrium 960 drives, and has been tested with both HP OpenView Storage Data Protector and Symantec NetBackup software, NeoScale said. The CryptoStor Tape encryption appliance is also certified with HPs OpenVMS.