Sun Microsystems HP LTO4 User Manual

Sun StorageTek

TM

Crypto

Key Management System

HP LTO4 Encryption-Capable Tape Drives

Technical Brief

Part Number: 316196601

Revision: A

Crypto Key Management System

Version 2.0

HP LTO4 Tape Drive

Technical Brief

Sun Microsystems, Inc.
www.sun.com

Part Number: 316196601
June 2008
Revision: A

Copyright © 2008 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, California 95054, U.S.A. All rights reserved.

Sun Microsystems, Inc. has intellectual property rights relating to technology embodied in the product that is described in this
document.In particular, and without limitation, these intellectual property rights may include one or more of the U.S. patents listed at
http://www.sun.com/patents and one or more additional patents or pending patent applications in the U.S. and in other countries.

THIS PRODUCT CONTAINS CONFIDENTIAL INFORMATION AND TRADE SECRETS OF SUN MICROSYSTEMS, INC. USE,
DISCLOSURE OR REPRODUCTION IS PROHIBITED WITHOUT THE PRIOR EXPRESS WRITTEN PERMISSION OF SUN
MICROSYSTEMS, INC.

Use is subject to license terms. This distribution may include materials developed by third parties.This distribution may include
materials developed by third parties.Parts of the product may be derived from Berkeley BSD systems, licensed from the University of
California.

UNIX is a registered trademark in the U.S. and in other countries, exclusively licensed through X/Open Company, Ltd.Sun, Sun
Microsystems, the Sun logo, Solaris, Sun StorageTek Crypto Key Management System, StorageTek and the StorageTek logo are
trademarks or registered trademarks of Sun Microsystems, Inc. in the U.S. and other countries.

Products covered by and information contained in this service manual are controlled by U.S. Export Control laws and may be subject
to the export or import laws in other countries. Nuclear, missile, chemical biological weapons or nuclear maritime end uses or end
users, whether direct or indirect, are strictly prohibited. Export or reexport to countries subject to U.S. embargo or to entities identified
on U.S. export exclusion lists, including, but not limited to, the denied persons and specially designated nationals lists is strictly
prohibited. Use of any spare or replacement CPUs is limited to repair or one-for-one replacement of CPUs in products exported in
compliance with U.S. export laws. Use of CPUs as product upgrades unless authorized by the U.S. Government is strictly prohibited.

DOCUMENTATION IS PROVIDED “AS IS” AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND
WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR
NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY
INVALID.

Copyright © 2008 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, California 95054, Etats-Unis. Tous droits réservés.

Sun Microsystems, Inc. détient les droits de propriété intellectuels relatifs à la technologie incorporée dans le produit qui est décrit
dans ce document.

En particulier, et ce sans limitation, ces droits de propriété intellectuelle peuvent inclure un ou plus des brevets américains listés à
l'adresse http://www.sun.com/patents et un ou les brevets supplémentaires ou les applications de brevet en attente aux Etats - Unis
et dans les autres pays.

CE PRODUIT CONTIENT DES INFORMATIONS CONFIDENTIELLES ET DES SECRETS COMMERCIAUX DE SUN
MI CRO SYS TEM S, I NC. SON UTI LIS ATIO N, S A DI VUL GATI ON E T SA REP ROD UCT ION SON T IN TER DITE S SA NS L
AUTORISATION EXPRESSE, ECRITE ET PREALABLE DE SUN MICROSYSTEMS, INC.

L'utilisation est soumise aux termes de la Licence.Cette distribution peut comprendre des composants développés par des tierces
parties.Cette distribution peut comprendre des composants développés par des tierces parties.Des parties de ce produit pourront être
dérivées des systèmes Berkeley BSD licenciés par l'Université de Californie.

UNIX est une marque déposée aux Etats-Unis et dans d'autres pays et licenciée exclusivement par X/ Open Com pan y, L td. Sun , Su n
Microsystems, le logo Sun, Solaris, Sun StorageTek Crypto Key Management System, StorageTek et le logo StorageTek sont des
marques de fabrique ou des marques déposées de Sun Microsy ste ms, Inc . au x Et ats -Un is e t da ns d 'au tre s pa ys.

Ce produit est soumis à la législation américaine en matière de contrôle des exportations et peut être soumis à la règlementation en
vigueur dans d'autres pays dans le domaine des exportations et importations. Les utilisations, ou utilisateurs finaux, pour des armes
nucléaires, des missiles, des armes biologiques et chimiques ou du nucléaire maritime, directement ou indirectement, sont strictement
interdites. Les exportations ou reexportations vers les pays sous embargo américain, ou vers des entités figurant sur les listes
d'exclusion d'exportation américaines, y compris, mais de manière non exhaustive, la liste de personnes qui font objet d'un ordre de ne
pas participer, d'une façon directe ou indirecte, aux exportations des produits ou des services qui sont régis par la législation
américaine en matière de contrôle des exportations et la liste de ressortissants spécifiquement désignés, sont rigoureusement
interdites. L'utilisation de pièces détachées ou d'unités centrales de remplacement est limitée aux réparations ou à l'échange standard
d'unités centrales pour les produits exportés, conformément à la législation américaine en matière d'exportation. Sauf autorisation par
les autorités des Etats-Unis, l'utilisation d'unités centrales pour procéder à des mises à jour de produits est rigoureusement interdite.

LA DOCUMENTATION EST FOURNIE “EN L'ETAT” ET TOUTES AUTRES CONDITIONS, DECLARATIONS ET GARANTIES
EXPRESSES OU TACITES SONT FORMELLEMEN T EX CLU ES, DAN S LA MES URE AUTORISEE PAR LA LOI APPLICABLE, Y
COMPRIS NOTAMMENT TOUTE GARANTIE IMPLICITE RELATIVE A LA QUALITE MARCHANDE, A L'APTITUDE A UNE
UTILISATION PARTICULIERE OU A L'ABSENCE DE CONTREFACON.

We welcome your feedback. Use the OpinionLab [+] feedback system on the documentation Web site or Send your comments to:

Sun Learning Services
Sun Microsystems, Inc.
500 Eldorado Blvd.
Mailstop: UBRM06-307
Broomfield, CO 80021-6307
USA

Please include the publication name, part number, and edition number in your correspondence if they are available.
This will expedite our response.

Please

Recycle

Contents

Preface v

Organization v

Related Information v

Additional Information vi

1. Introduction 1

Drive Tray 2

Specifications 3

Compatibility 5

Order Numbers 6

2. Dione Card 7

Firmware Requirements 7

Dione Card Components 8

Connecting to the Dione Card 9

KMS Operations 10

Key Lifecycle 10

Media RFID Chips 12

Media Types 12

Removal and Replacement 14

Removal 14

3. Virtual Operator Panel 17

VOP Prerequisites 18

Computer Hardware Requirements 18

Operating System Certification 18

Java Runtime Environment Requirement 18

316196601 • Revision: A iii

Using VOP 19

Start VOP 20

Diagnose Drive Tab 23

Run LED Diagnostic Test 23

Run Loopback Test 24

Get Log 25

Load Firmware 25

iv KMS: LTO4 Technical Brief • June 2008 Revision: A • 316196601

Preface

This technical brief is intended for Sun StorageTek
and anyone responsible for planning the installation of the Crypto Key
Management System (KMS) encryption solution.

Organization

This guide has the following organization:

Chapter Use this chapter to:

Chapter 1, “Introduction”

Chapter 2, “Dione Card”

Chapter 3, “Virtual Operator Panel”

Related Information

TM

representatives, customers,

These publications contain the additional information:

Publication Description Part Number

Crypto Key Management System Systems Assurance Guide StorageTek: 31619480x

Crypto Key Management System Installation and Service Manual StorageTek: 31619490x

Crypto Key Management System Administrator Guide StorageTek: 31619510x

316196601 • Revision: A v

Preface

Additional Information

Sun Microsystems, Inc. (Sun) offers several methods to obtain additional
information.

Sun’s External Web Site

Sun’s external Web site provides marketing, product, event, corporate, and service
information. The external Web site is accessible to anyone with a Web browser and
an Internet connection.

The URL for the external Web site is: http://www.sun.com

The URL for StorageTek™ brand-specific information is:

http://www.sun.com/storagetek/

Documentation and Download Web Sites

Web sites that enable customers, members, and employees to search for technical
documentation, downloads, patches, features, and articles include:

■ Documentation: http://docs.sun.com/app/docs (customers)

■ Internal access: http://docs.sfbay.sun.com/app/docs (internal)

■ Sun Download Center: http://www.sun.com/download/index.jsp (customers)

■ Sun Partner Exchange: https://spe.sun.com/spx/control/Login (partners)

■ Uniform Software Repository: http://dlrequest.sfbay.sun.com:88/usr/login

(internal)

If your customer does not already have a Sun Online Account they will need to
register. For a new account, go to: https://reg.sun.com/register

For more information about Sun StorageTek products, got to:

http://sunsolve.sun.com/handbook_pub/validateUser.do?target=STK/STK_index

Partners Site

The Sun StorageTek Partners site is a Web site for partners with a StorageTek
Partner Agreement. This site provides information about products, services,
customer support, upcoming events, training programs, and sales tools to support
StorageTek Partners. Access to this site, beyond the Partners Login page, is
restricted. On the Partners Login page, employees and current partners who do
not have access can request a login ID and password and prospective partners can
apply to become StorageTek resellers.

The URL for partners with a Sun Partner Agreement is:

http://www.sun.com/partners/

vi KMS: LTO4 Technical Brief • June 2008 Revision: A • 316196601

CHAPTER

1

Introduction

Overview The Hewlett Packard (HP) LTO4 is the fourth-generation of Ultrium, Linear

Tape-Open tape drives. This generation offers more capacity and increased
performance than earlier versions of LTO tape drives.

Encryption
Capable

Media

(Native capacity)

The Hewlett Packard LTO4 is the first, non-StorageTek T-Series tape drive to
support the Crypto Key Management System Version 2.0.

This encryption-capability requires a special, custom designed, Ethernet
card—called the Dione card—that enables the LTO4 drive to connect to and
interface with the Key Management System (KMS) network.

With this connection, the LTO4 is capable of communicating with the KMS
to transfer encryption keys over the secure network.

Note: The HP LTO4 can only use one encryption key at a time. During a read
operation, if another encryption key is found, the Dione card requests the
key directly from the KMS.

The HP LTO4 drive with LTO4 media can store up to 800 GB of data.
This drive can also read and write on LTO3 media (400 GB), and provides
read-only capabilities with LTO2 media (200 GB).

The LTO4 tape drive also supports Write Once, Read Many (WORM) secure
media. This non-erasable, non-rewritable media meets several compliance
regulations such as HIPAA, Sarbanes-Oxley, and SEC 17A-4.

Note: Encryption is only possible using LTO4 media, including LTO4
WORM media, with the HP LTO4 tape drive. If you insert LTO2 or LTO3
media, encryption will be disabled.

Interfaces

(Native rates)

316196601 • Revision: A 1

The HP LTO4 drive supports up to 120 MB/s data transfer rates using Data
Rate Matching (DRM). This features allows the tape drive to dynamically
and continuously adjust the speed of the drive, from 40 to 120 MB/s for
maximum performance

Interface support for the HP LTO4 includes:

■ Ultra 320 Small Computer System Interface (SCSI)

■ 4 Giga-bits per second (Gbps) Fibre Channel

Drive Tray

Installing this tape drive in one of Sun StorageTek’s automated tape configurations
offers customers with an even wider choice of tape-based storage solutions.

■ Server compatibility: Fibre Channel and SCSI models on popular (qualified)

platforms from vendors such as Sun, HP, IBM, and Dell.

■ Software compatibility: Support for an extensive list of software applications

such as ACSLS, HP, CA, VERITAS, Legato, Tivoli, and many more.

■ Support for WORM media: Allows for unalterable backups using Write-Once

Read-Many (WORM) media to meet compliance regulations such as HIPAA,
Sarbanes-Oxley, SEC 17A-4.

■ Mid-range class: Delivers confidence with a wide variety of supported backup

applications.

Drive Tray

FIGURE 1-1 shows an example of an LTO4 tape drive mounted in a drive tray.

FIGURE 1-1 LTO4 Tape Drive in Drive Tray—SL8500

1
2

3 5 6

1. “PWR” = power indicator (green)

2. “FAULT” = Fault indicator (red)

3. “MAINT” = Recessed button that resets the
Dione card

4. The green LED is ON during the Dione card IPL
and when an encryption/decryption key is
present during drive operation

2 KMS: LTO4 Technical Brief • June 2008 Revision: A • 316196601

4

7

5. “PORT A” = Fibre Channel interface port

6. “PORT B” = Not used

7. RJ-45 connector. This port is auto sensing to 10
Mbps/100 Mbps data rates and used to:

■ Configure the network

■ Enroll the agent on the KMS

■ Retrieve the diagnostic log file

■ Upgrade Dione card firmware

Specifications

Specifications

TABLE 1-1 Tape Drive Specifications

LTO 2 LTO 3 LTO 4

Physical Specifications

Height 8.25 cm (3.25 in.) 8.25 cm (3.25 in.) 8.25 cm (3.25 in.)

Width 14.6 cm (5.75 in.) 14.6 cm (5.75 in.) 14.6 cm (5.75 in.)

Length (depth) 21.38 cm (8.4 in.) 21.38 cm (8.4 in.) 21.38 cm (8.4 in.)

Weight 2.1 kg (4.6 lb) 2.24 kg (4.94 lb) 2.24 kg (4.94 lb)

Performance Specifications

Capacity (native) 200 GB 400 GB 800 GB

Transfer rate (native) 30 MB/s 80 MB/s 120 MB/s

Streaming range (native) 13.7 to 35.6 MB/s 27 to 80 MB/s 40 to 120 MB/s

Data Buffer size 64 MB 128 MB 128 MB

Number of tracks 512 704 896

Load to ready * 15–24 sec 19 sec 19 sec

Access time-average (to first file) 64–75 sec 72 sec 62 sec

TABLE 1-1 provides a comparison of tape drive specifications.

Tape speed (meters per second) 5.50 m/s 5.32 m/s 7.0 m/s

Tape read/write speed 6.20 m/s 5.32 m/s 6.20 m/s

Rewind time (maximum/average) 104/52 sec 98/49 sec 124 sec

Unload time 13–19 sec 19 sec 19 sec

Cleaning time 58 to 152 sec

Interface Support (SCSI)
(Fibre Channel)

Ultra3 SCSI (LVD)

FC1

Ultra-320 (LVD)

FC2

Ultra-320 (LVD)

FC4

MTBF (100% duty cycle) 250,000 hrs 250,000 hrs 250,000 hrs

Media/Format Compatibility

Read LTO 1 , LTO2 LTO 1, 2 , 3 LTO 2, 3, 4

Write LTO 1 , LTO2 LTO2, LTO3 LTO3, LTO4

Note: HP drives support the LTO standard for backward compatibility, which is to write back
one generation and read back two generations.

Power

Consumption 38 W 35 W 30 W

Interface Codes:
Fibre Channel: FC1 = Fibre Channel 1Gb, FC2 = Fibre Channel 2Gb, FC4 = Fibre Channel 4Gb

Note: * Encryption-capable and un-initialized WORM cartridges can take longer to load.

316196601 • Revision: A Chapter 1 Introduction 3

Specifications

TABLE 1-2 provides a comparison of media specifications.

TABLE 1-2 Media Specifications

Specification LTO 2 LTO 3 LTO 4

Tape Base film PEN (Poly-Ethylene-Naphthalate)

Tape le n gt h 609m 680m 820m

Tape length used for data 580m 648m 783m

Tape wi d th 12.65 mm 12.65 mm 12.65 mm

Tape dimensional stability 1200 ppm 1200 ppm 900 ppm

Maximum tape speed 7.29 m/s

Rewind speed 7.00 m/s

Durability 1,000,000 passes

Cartridge Width 105.4±0.30 mm

Depth 102.0±0.30 mm

Height 21.5±0.25 mm

Weig ht 0.220 kg

Track density (TPI) 1260 1773 2212

Data tracks 512 704 896

Data channels 8 16 16

Number of wraps 64 44 56

Number of bands 4 4 4

Bit density 7.40 Kb/mm 9.64 Kb/mm 13.52 Kb/mm

Cartridge memory capacity 4096 bytes 4096 bytes 8192 bytes

TABLE 1-3 lists the reliability specifications.

TABLE 1-3 Reliability Specifications

Description Specification

MTBF (100% duty cycle) 250,000 hours

Load/unload life 100,000 swaps

Head life 60,000 hours

Media durability 1,000,000 passes

Maximum cartridge use 20,000 threads

4 KMS: LTO4 Technical Brief • June 2008 Revision: A • 316196601