twhistman,

I am encrypting fiber activity to tape. 

Now, what I did is ran from the CLI "fccryptainer list" and it showed me my containers are set to NO for "Enc".  I also ran "pool list" and for the Pools I show, one being the Default Pool and the other is one someone created, they both show YES for "Enc". 

Finally I ran "tape list" and sadly, the tapes I see show an encryption key and YES for 'Enc", however the tapes are from 2006. 

So the real encryption happens at the cryptainer first?

Tim,

Your environment is actually the same kind I managed.  I saw the same output as you (fccryptainer list showed 'no' while the pool assigned to the cryptainer said "yes").  It's the latter that matters here, for tapes...

The other environment I described is when using DataForts for san/disk encryption.

Sounds to me like you're good to go!  Why did you say "sadly" about the tapes from 2006?

Troy

...Regarding the tapes, when I do a "tape list" I would think I should be seeing tapes up to today's date if we are backing up each night.  No?  This is what prompted me to say "sadly", because I equate not seeing current dated tapes as encryption not working... 

Yes, that would cause some concern.  'tape list' should give you a list of all the barcodes that DF has written to.  Have you contacted support?  What kind of tapes are you using?  If you have the know-how, you can use library or backup software utilities to try and read the tape through a non-DF-connected drive.  If you can read header (OML) information or backup data off the tape without the DF in the path, it's not encrypted.

Thanks Troy,

Really appreciate the feedback.  We use HP LTO4 tapes.  I may try doing something with HP Library Tapes Tools to test reading the OML if it can.  Probably won't wast a whole lot of time now because I have been tasked with rolling out a new Brocade Encryption Switch and new tape library as a replacement.

Our support on this appliance ended last year so your info has really helped!!

Tim