|
|
|
Fully automated key management requires that you match up a BES primary and mirror database with one tape management system catalog. Think of your tape management catalog as part of the CA Tape Encryption database. The encryption key information stored in your tape management system's catalog remains synchronized with the BES database associated with it, as the following diagram illustrates:
Automated key management is made possible by your tape management system. It tracks which key instances are still in use. The tape management system does not contain the encryption key, but it does contain a key index value that is associated with a given instance of a key. During OPEN for output, the key index associated with the encryption key instance is passed to the tape management system, where it is stored, as the following diagram illustrates:
The tape management system tracks the usage of every unique key instance. Even when a tape containing encrypted files is scratched, the tape management system considers the key to be in use. Only when a scratch tape is physically overwritten and the encrypted data is destroyed will the tape management systems consider the key to be no longer in use. If automatic key deletion is enabled, BES will delete these keys after a grace period of 90 days.
| Copyright © 2011 CA. All rights reserved. | Tell Technical Publications how we can improve this information |