This section gives an overview of the SL500, SL3000, SL8500 libraries and explains the general principles of tape library security.
SL500 is a 40U 19" rack mounted modular automated tape library by Oracle Corporation. It offers storage capacity of 30 to 500 LTO or SDLT tape cartridges, from 1 to 18 LTO or SDLT SCSI LVD, Fibre, or SAS tape drives, with either a separate SCSI LVD or Fibre Library control path, or a bridged drive Fibre or SAS port control path. A bridged path indicates that the control path is through an HP5 drive port.
SL3000 is a tape library, which provides the following features:
Attachment to both open systems and mainframe environments using HLI over Ethernet, and SCSI over FC
Economic scalability for both tape drives (1 to 56) and cartridges (200 to 4500) to allow entry level pricing and field upgradeable expansion as the customer data storage needs grow
Live replacement of redundant components, including power supplies, robotics and electronics
True mixed media support - any cartridge / any slot
SL8500 is an automated tape library, which provides the following features:
Attachment to both open systems and mainframe environments using HLI over Ethernet with either the ACSLS open systems host or the HSC mainframe host
Economic scalability for both tape drives (1 to 64) and cartridges (500 to 10,000) to allow entry level pricing and field upgradeable expansion as the customer data storage needs grow
Live replacement of redundant components, including power supplies, robotics and electronics
True mixed media support - any cartridge / any slot
All tape library products are designed and documented for use within a controlled server environment with no general network access. This will give the best functionality and protection from compromise, both from the internet in general and from the internal entity operating the library.
The following principles are fundamental to using any product securely.
One of the principles of good security practice is to keep all software versions and patches up to date. Throughout this document, we assume software levels of:
SL500 1485
SL3000 4.02
SL8500 8.31
Keep the library behind a data center firewall. The firewall provides assurance that access to these systems is restricted to a known network route, which can be monitored and restricted, if necessary. As an alternative, a firewall router substitutes for multiple, independent firewalls. Identifying the hosts allowed to attach to the library and blocking all other hosts is recommended where possible.