This section gives an overview of StorageTek T10000D tape drive and explains the general principles of tape drive security.
The T10000D Enterprise tape drive attaches to open systems SCSI over Fibre Channel protocol, and mainframe over FICON protocol. The T10000D tape drive transfers data to and from a host and stores it on a removable magnetic media. The T10000D tape drive is intended primarily to provide high reliability, high capacity back up, archive, and data processing capabilities for enterprise customers that demand high duty cycle and reliability. The product provides optional data encryption. The customer has the option to enable the encryption feature. The tape drive product was enhanced for capacity and native tape speed. In addition, data management features were also added along the way.
The T10000D tape drive has up to 8.5TB capacity and 252 MB per second native tape speed.
The T10000D tape drive is designed and documented for use within a controlled hardware environment. Tape drives are always located inside a controlled data center and they are typically located inside of a tape library. In some cases, the customer will use a rack mount version but that is rare. The controlled data center is also inside a fire wall that is protected by the customer's own security policies. This will give the best functionality and protection from compromise, both from the internet in general and from the internal entity operating the tape drive.
The following principles are fundamental to using any product securely.
One of the principles of good security practice is to keep all software versions and patches up to date. Throughout this document, the following software level is assumed:
T10000D 4.XX.1XX
Keep the tape drive behind a data center firewall. The firewall provides assurance that access to these systems is restricted to a known network route, which can be monitored and restricted, if necessary. As an alternative, a firewall router substitutes for multiple, independent firewalls. Identifying the hosts allowed to attach to the tape drive and blocking all other hosts is recommended where possible.