IBM TS2340 User Guide - Page 36
Planning for Application-Managed Tape Encryption, System-Managed Tape Encryption
UPC - 883436006873
View all IBM TS2340 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 36 highlights
Data Encryption encryption. For details on setting up application-managed tape encryption refer to the Tivoli Storage Manager documentation or for more information, visit the following site: http://publib.boulder.ibm.com/infocenter/tivihelp/v1r1/index.jsp System-Managed Tape Encryption In this method, key generation and management is performed by the EKM, a Java™ application running on the host. Policy controls and keys pass through the data path between the system layer (device drivers) and the encryption-capable tape drives. Encryption is transparent to the applications. It is required to use the latest device drivers available on the ftp down load site: ftp://ftp.software.ibm.com/storage/devdrvr/ Refer to "Planning for System-Managed Tape Encryption" on page 19 for details on the hardware and software requirements for system-managed encryption. For details on setting up system-managed encryption in different operating system environment, refer to the applicable chapter for each operating system. Library-Managed Tape Encryption This method is best for encryption-capable tape drives in an open attached IBM tape libraries. Scratch encryption policies specifying when to use encryption are set up through the IBM System Storage Tape Library Specialist Web interface. Policies are based on cartridge volume serial numbers. Key generation and management is performed by the EKM, a Java application running on a host. Policy control and keys pass through the library-to-drive interface, therefore encryption is transparent to the applications. Library-managed encryption is supported on AIX, Windows Server 2003, Windows Server 2008, Linux, Solaris, and HP-UX. Please refer to "Planning for Library-Managed Tape Encryption" on page 21 for details on the hardware and software requirements for library-managed encryption. For details on setting up library-managed encryption on encryption-capable tape drives, please refer to the IBM System Storage Tape Library Operator's Guide for your library. Planning for Application-Managed Tape Encryption Note: Please contact your IBM Representative for additional information about encryption on the IBM encryption-capable tape drive. In order to perform encryption on the encryption-capable tape drive, the following is required: v Encryption-capable tape drive(s) v Encryption configuration features: - Library code updates and Transparent LTO Encryption feature code for libraries with Ultrium LTO4 drives - Tape drive code updates Application-Managed Tape Encryption Setup Tasks Any task not identified as an IBM service task is the responsibility of the customer. 1. Install, cable, and configure the encryption-capable tape drive (refer your IBM System Storage Tape Drive or Library Operator's Guide ) 2. Install appropriate IBM tape device driver level (Atape, for example). 3. Set up encryption policies. Refer to the appropriate TSM documentation. 18 IBM Tape Device Drivers Installation and User's Guide