1) What things do we need to lookout for in moving to drive based encryption
Keystore file corruption. However the Keystore is now included in the IDB backup, so that, if you backup the IDB every day, you should be OK
For optimal performance, the block size used should be at least 256 kilobytes
2) Will we need to generate new keys or an additional key or can we use the ones in place for each backup object?
7) Circling back around to #2 -- I've seen many posts saying drive based encryption makes a new key for each tape (at some point in the past). Has this been fixed now to be more sane?
You should be able to use the same keys as the ones in place for each backup object
My impression is that you can create a new encryption key for each media, but this is optional. I have looked at a lot of keystore files, and, with hundreds of media still under prote4ction, I saw nowhere near the corresponding number of Encryption keys
3) Is there a whitepaper / tutorial for what settings are needed to make this change?
None that I can find, but, in the GUI, click on Help -> Topics, and search for "drive based encryption", it will give you some additional information. Also, if you click on Help -> GUides, find the CLI (Command Line Interpreted) Guide, in section 1M, get the usage for 'omnikeytool'
4) After moving to drive based enc, will we have anything to look out for in restoring our old data?
I think that this is covered in the on-line helpl, mentioned in the last response
5) Can you use LTO3 media for drive based encryption as long as you are using LTO4+ drives?
This is probably not a question that we can address from a Data Protector perspective... rather, it should be taken up with your hardware vendor
6) Can we do encryption and compression simultaneously with drive based encryption and actually get some gains in storage on LTO6 media?
First, NEVER use Software compression
Again, this is not something that we can answer from the Data Protector side of the house
