Shared
|
In shared key mode, only tape volume group keys
are generated. All tape volumes that are part of a tape volume group
share the same key.
|
Cisco KMC key database—Is
smaller storing only the tape volume group keys.
Security—Medium.
A compromise to one tape volume group key will compromise the data in
all tapes that are part of that tape volume group.
Purging—Available
only at the volume group level.
|
Unique Key
|
In unique key mode, each individual tape has it’s
own unique key.
The default value is enabled.
|
Cisco KMC key database—Is
larger storing the tape volume group keys and every unique tape volume
key.
Security—High.
A compromise to a tape volume key will not compromise the integrity of
data on other tape volumes.
Purging—Available
at the volume group and volume level.
|
Unique Key with Key-On-Tape
|
In the key-on-tape mode, each unique tape volume
key is stored on the individual tape.
You can select key-on-tape (when you select unique
key mode) to configure the most secure and scalable key management system.
The default value is disabled.
Note When
key-on-tape mode is enabled, the keys stored on the tape media are encrypted
by the tape volume group wrap key.
|
Cisco KMC key database—
Increases scalability to support a large number of tape volumes by reducing
the size of the Cisco KMC key database. Only the tape volume group keys
are stored on the Cisco KMC.
Security—High.
A compromise to a tape volume key will not compromise the integrity of
data on other tape volumes.
Purging—Available
at the volume group level.
|