Home » IBM Manuals » Tape Drives » IBM TS2340 » Manual Viewer

IBM TS2340 User Guide - Page 202

System-Managed Encryption, Device Driver Configuration, Configuration File

UPC - 883436006873

Add to My Manuals
Save this manual to your list of manuals

Page 202 highlights

Windows System-Managed Encryption System-Managed Encryption Device Driver Configuration System-managed encryption parameters on Windows are placed in the registry under the key for the device driver. The parameters are populated in user-created subkey containing the serial number of the device. The registry keys (sys_encryption_proxy and sys_encryption_write) are used to determine SME enablement and invocation of the EKM proxy on write, respectively. Note: Leading zeros in the serial number should be excluded. For example, if the serial number of the encryption-capable tape drive were 0123456789, the user would create the following registry key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ibmtp2k3\123456789 Under this key, the user would create DWORD values called sys_encryption_proxy and/or sys_encryption_write, and assign them values corresponding with the desired behavior. The device driver SME settings can be set for all drives at once by placing the ″sys_encryption_proxy″ and ″sys_encryption_write″ registry options under the device driver key, found at: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ibmtp2k3 When this option is chosen, the settings established for all drives are overridden by the serial-number specific settings described the previous paragraph. If no options are specified in the registry, the driver uses the default values for the parameters. v The default value for sys_encryption_proxy is 1. This value causes the device driver to handle encryption key requests, if the drive is set up for system-managed encryption. This value should not need to be changed. A value of 0 causes the device driver to ignore encryption key requests for system-managed encryption drives, and is not desirable. v The default value for sys_encryption_write is 2. This value causes the device driver to leave the encryption write-from-BOP settings alone. It does not turn on or turn off encryption writing, but instead uses the settings that are already in the drive. If encryption has not been set up previously, then the drive writes unencrypted data. A value of 0 causes the device driver to write unencrypted data. A value of 1 causes the device driver to write encrypted data. Changes to the registry require a reboot before the settings are able to be viewed; however, during new installations of the driver, if the old driver is not uninstalled, the old settings remain in place and no reboot is required. Configuration File The file %system_root%:\IBMEKM.conf is used to store the IP address of the EKM server and other network-related parameters. The phrase %system_root% refers to the drive letter where the Windows installation is located, typically C (for example C:\IBMEKM.conf). The format for the EKM server parameters is: 184 IBM Tape Device Drivers Installation and User's Guide

Section	Page
Contents	5
Figures	7
Tables	9
Preface	11
Related Information	11
Current® Products	11
Legacy Products	13
Additional Information	16
How to Send Your Comments	16
Special Printing Instructions	17
Chapter 1. Introduction	19
Purpose	19
IBM Tape Products	19
Current Products	19
Legacy Products	23
Chapter 2. Common Extended Features	27
Purpose	27
Supported Hardware	27
Path Failover and Load Balancing	30
Automatic Failover	30
Multiple HBA and Multi-Port Devices	31
Multiple HBA and Single Ports	31
Single HBA and Multi-Port Devices	33
Dynamic Load Balancing	34
Supported Devices and Feature Codes	34
Data Encryption	35
Tape and Library Requirements	35
Planning for Application-Managed Tape Encryption	36
Planning for System-Managed Tape Encryption	37
Planning for Library-Managed Tape Encryption	39
Feature Codes (Encryption)	40
Chapter 3. AIX Tape and Medium Changer Device Driver	41
Purpose	41
Data Flow	42
Product Requirements	42
Hardware Requirements	42
Software Requirements	44
Installation and Configuration Instructions	44
Installation Procedure	45
Configuring Tape and Medium Changer Devices	45
Deconfiguring Tape Devices	46
Deconfiguring Medium Changer Devices	46
Uninstalling	46
Tape Drive, Media, and Device Driver Parameters	46
Configuration Parameters	47
Media Parameters	51
Automatic Cartridge Facility Mode	52
Special Files	52
Special Files for Tape Devices	52
Special Files for Medium Changer Devices	53
Persistent Naming Support	54
Changing the Logical Name After Initial Boot	54
Control Path Failover Support for Tape Libraries	55
Configuring and Unconfiguring Path Failover Support	55
Primary and Alternate Paths	56
Querying Primary and Alternate Path Configurations	56
Configuring and Unconfiguring Primary and Alternate Devices	57
Data Path Failover and Load Balancing Support for Tape Drives	57
Installing Data Path Failover License Key	57
Configuring and Unconfiguring Path Failover Support	58
Primary and Alternate Paths	58
Querying Primary and Alternate Path Configuration	59
Configuring and Unconfiguring Primary and Alternate Devices	59
System-Managed Encryption	59
Device Driver Configuration	59
Querying Tape Drive Configuration	60
Testing Data Encryption Configuration and Connectivity	60
Error Logging	60
Field Support Information	60
Problem Determination	61
Using the Dump Support	61
Device and Volume Information Logging	61
Log File	62
Tape Log Utility	62
Reservation Conflict Logging	62
Error Logging	63
Error Log Templates	63
Automatic Dump Facility	65
Trace Facility	65
Atape System Trace (ATRC) Utility	66
Component Tracing	66
Atape Component Trace (ACTRC) Utility	66
Tape Drive Service Aids	66
Details of Tape Service Aids	67
Performance Considerations	69
Data Path	69
Common AIX Utilities	70
AIX iostat Utility for Tape Performance	70
Before Calling Support	70
Chapter 4. HP-UX Tape and Medium Changer Device Driver	73
Purpose	73
Data Flow	73
Product Requirements	74
ATDD Implementation	74
Hardware Requirements	74
Software Requirements	75
Software Interface to the Device Driver	76
Installation and Configuration Instructions	76
Installation and Configuration for PCI Drivers	76
Installation and Configuration of Precision Bus Drivers	84
Supported Configuration Parameters	93
Configuration Parameter Definitions	93
Special Files	97
Persistent Naming Support	98
Control Path Failover Support for Tape Libraries	99
Configuring and Unconfiguring Path Failover Support	99
Primary and Alternate Paths	100
Querying Primary and Alternate Path Configurations	100
Disable and Enable Primary and Alternate Paths	100
Data Path Failover and Load Balancing Support for Tape Drives	101
Configuring and Unconfiguring Path Failover Support	101
Primary and Alternate Paths	102
Querying Primary and Alternate Path Configuration	103
Disable and Enable Primary and Alternate Paths	103
Problem Determination	103
Error Logging	103
Reservation Conflict Logging	103
Sense Data Logging	104
Support_info Script	104
Tracing Facility	104
Atdd_d Log Daemon	105
Problems and Solutions	107
Chapter 5. Linux Tape and Medium Changer Device Driver	111
Purpose	111
Data Flow	111
Product Requirements	112
Hardware Requirements for Intel and AMD Opteron Processors	112
Hardware Requirements for IBM System p Models	113
Hardware Requirements for IBM System z Models	113
Software Requirements for Intel and AMD Opteron Processors	114
Software Requirements for IBM System p Models	114
Software Requirements for IBM System z Models	114
Installation and Configuration Instructions	114
Conventions Used	114
Components Created During Installation	115
Installation Procedure	115
Updating Procedure	116
Querying the Installed Package	116
Verifying Installation and Updating	117
Configuring Tape and Medium Changer Devices on Intel-Compatible Systems	117
Configuring Tape and Medium Changer Devices on IBM System p Models	118
Configuring Tape and Medium Changer Devices on IBM System z Models	118
Uninstall Procedure	120
Tape Drive, Media, and Device Driver Parameters	120
Configuration Parameters	120
Nonchangeable Parameters	121
Changeable Parameters	122
Special Files	125
Special Files for the Tape Device	125
Special Files for the Medium Changer Device	125
Control Path Failover Support for Tape Libraries	126
Configuring and Unconfiguring Path Failover Support	126
Primary and Alternate Paths	126
Querying Primary and Alternate Path Configuration	127
Disable and Enable Primary and Alternate Paths	127
Data Path Failover and Load Balancing Support for Tape Drives	128
Primary and Alternate Paths	129
Querying Primary and Alternate Path Configuration	129
Disable and Enable Primary and Alternate Paths	129
Open Source Device Driver - lin_tape	130
IBMtape and lin_tape Comparison	130
Installation	130
Driver parameters and special device files	130
Path Failover Support	131
lin_taped Daemon	131
System-Managed Encryption	131
Device Driver Configuration	131
Querying Tape Drive Configuration	132
Testing Data Encryption Configuration and Connectivity	133
Problem Determination	134
Configure and Run lin_taped Daemon	134
Reservation Conflict Logging	138
Tape Drive Service Aids	139
Chapter 6. Solaris Tape and Medium Changer Device Driver	141
Purpose	141
Data Flow	141
Product Requirements	142
Hardware Requirements	142
Software Requirements	144
Installation and Configuration Instructions	144
Preventing Conflicts with Other Device Drivers	145
Preinstallation Considerations	145
Installing and Updating IBMtape	146
Configuring IBM tape devices with Fibre Channel and SAS HBAs	151
Solaris Zones Support	154
Configuration Parameters	157
Removing IBMtape	160
Adding or Removing Devices	160
Deconfiguring Tape Devices	161
Tapelist Utility Program	162
Special Files	163
Device Behaviors	164
File Naming Conventions	165
Persistent Naming Support	166
Control Path Failover Support for Libraries	167
Configuring and Deconfiguring Path Failover Support	167
Primary and Alternate Paths	167
Querying Primary and Alternate Path Configuration	168
Disable and Enable Primary and Alternate Paths	168
Data Path Failover and Load Balancing Support for Tape Drives	168
Configuring and Deconfiguring Path Failover Support	168
Primary and Alternate Paths	170
Querying Primary and Alternate Path Configuration	170
Disable and Enable Primary and Alternate Paths	171
System-Managed Encryption	171
Device Driver Configuration	171
Querying Tape Drive Configuration	172
Testing Data Encryption Configuration and Connectivity	172
Field Support Information	173
Problem Determination	173
Functional Verification	173
Installation Problems	174
Tape Monitor Daemon (tmd)	174
Tracing Facility	175
Dynamic Tracing Utility	177
Setting the IBM_trace Level for Static Tracing	177
Running Diags_info Script	178
iostat Command	178
Reservation Conflict Logging	179
Chapter 7. Windows Tape and Medium Changer Device Driver	181
Purpose	181
Data Flow	181
Product Requirements	182
Hardware Requirements	182
Software Requirements	183
Installation and Configuration Instructions	183
Windows NT Instructions	183
Windows 2000, Windows Server 2003, and Windows Server 2008 Instructions	195
Persistent Naming Support on Windows Server 2003 and Windows Server 2008	199
Control Path Failover Support for Tape Libraries	200
Configuring and Unconfiguring Control Path Failover Support	200
Querying Primary and Alternate Path Configuration	200
Checking Disablement of Control Path Failover Setting	200
Data Path Failover Support for Tape Drives	201
Configuring and Unconfiguring Data Path Failover Support	201
Querying Primary and Alternate Path Configuration	201
Checking Disablement of Data Path Failover Setting	201
System-Managed Encryption	202
Device Driver Configuration	202
Configuration File	202
Querying Tape Drive Configuration Settings	203
Problem Determination	203
Windows NT Instructions	203
Windows 2000/Windows Server 2003 Instructions	204
Reservation Conflict Logging	206
Chapter 8. Tru64 Device Driver	207
Purpose	207
Product Requirements	207
Hardware Requirements	207
Software Requirements	207
Setting Up the Environment	207
Chapter 9. 3494 Enterprise Tape Library Support	211
Purpose	211
MTLIB Program	212
Syntax and Examples	212
MTEVENT Program	223
Library Driver Information	223
Software Interface	223
Library Manager Event Notification	223
Synchronous and Asynchronous Operations	224
Operation Complete Notification	224
Unsolicited Notification	224
Driver Message Queue	224
Volume Categories	224
IBM TotalStorage Virtual Tape Server Subsystem Attachment	225
3494 Library Emulation	227
Overview	227
3494 Emulation Design	227
Using the 3494 API Emulation and MTLIB Program	228
SMC Library Names	228
Volume Categories	228
Asynchronous Library Operations	229
Performance Considerations	229
AIX	230
Data Flow	230
Product Requirements	230
Installation Instructions	231
Special Files	237
Problem Determination	237
HP-UX	239
Data Flow	239
Product Requirements	240
Installation Instructions	241
Problem Determination	244
Linux	246
Data Flow	246
Product Requirements	247
Installation and Configuration Instructions	248
Problem Determination	251
Solaris	252
Data Flow	252
Product Requirements	253
Installation Instructions	254
Problem Determination	257
Windows	258
Data Flow	258
Product Requirements	259
Installation Instructions	260
Problem Determination	264
TRU64	265
Data Flow	265
Product Requirements	266
Installation and Configuration Instructions	267
Problem Determination	269
SGI IRIX	271
Data Flow	271
Product Requirements	272
Installation Instructions	273
Chapter 10. IBM Tape Diagnostic Tool (ITDT)	277
Purpose	278
Accessing ITDT	280
Supported Systems	280
Standard Edition (ITDT-SE)	280
Graphical Edition (ITDT-GE)	281
Supported Equipment	281
Standard Edition - Installation	282
Installing ITDT-SE on Windows Operating Systems	282
Installing ITDT-SE on i5/OS Operating Systems	282
Installing ITDT-SE on Other Supported Operating Systems	285
Standard Edition - Initial Startup	285
Starting ITDT-SE on Solaris Operating Systems	285
Starting ITDT-SE on Windows Operating Systems	287
Starting ITDT-SE on i5/OS Operating Systems	287
Starting ITDT-SE on Other Supported Operating Systems	288
Standard Edition - Known Issues and Limitations	288
AIX Operating Systems	288
HP-UX Operating Systems	289
Linux Operating Systems	289
Solaris Operating Systems	289
Windows Operating Systems	290
i5/OS Operating Systems	290
All Supported Operating Systems	291
Standard Edition - Start Menu Commands	292
Standard Edition - Scan Menu Commands	292
Scan	294
Test	295
Dump	297
Firmware Update	298
Encryption	301
Full Write	303
Tape Usage	304
Other	305
System Test	305
Library Self-Test	307
Manual Inspect	307
Return	308
Standard Edition - Tapeutil Menu Commands	308
[1] Open a Device	309
[2] Close a Device	309
[3] Inquiry	309
[4] Test Unit Ready	309
[5] Reserve Device	309
[6] Release Device	309
[7] Request Sense	309
[8] Log Sense	310
[9] Mode Sense	310
[10] Query Driver Ver. (Version)	310
[11] Display All Paths	310
[20] Rewind	310
[21] Forward Space File Marks	310
[22] Backward Space File Marks	310
[23] Forward Space Records	310
[24] Backward Space Records	310
[25] Space to End of Data	311
[26] Read and Write Tests	311
[27] Read or Write Files	311
[28] Erase	311
[29] Load Tape	311
[30] Unload Tape	311
[31] Write File Marks	312
[32] Synchronize Buffers	312
[33] Query/Set Parameter	312
[34] Query/Set Tape Position	312
[35] Query Encryption Status	312
[36] Display Message	312
[37] Report Density Supp (Support)	312
[38] Test Encryp. Path (Test Encryption Key Path/Setup)	313
[50] Element Information	313
[51] Position to Element	313
[52] Element Inventory	313
[53] Exchange Medium	314
[54] Move Medium	314
[55] Initialize Element Status	314
[56] Prevent/Allow Medium Removal	314
[57] Initialize Element Status Range	314
[58] Read Device IDs	314
[59] Read Cartridge Location	314
[70] Dump/Force Dump/Dump	315
[71] Firmware Update	315
Standard Edition - Tapeutil Scripting Commands	315
allow	317
devinfo	317
inquiry	318
logpage	318
loop	318
modepage	318
prevent	318
print	318
qrypath	319
qryversion	319
release	319
reqsense	319
reserve	319
resetdrive	320
sleep	320
tur	320
vpd	320
append	320
bsf	320
bsr	321
density	321
display	321
erase	321
fsf	321
fsr	322
getparms	322
load	322
logsense	322
qrypos	322
read	322
rewind	323
rtest	323
rwtest	323
seod	323
setparm	324
setpos	324
sync	325
unload	325
weof	325
write	325
wtest	325
audit	326
cartridgelocation	326
elementinfo	326
exchange	326
inventory	327
move	327
position	327
dump	327
ekmtest	327
encryption	328
ucode	328
Deprecated Commands	328
Standard Edition Scripting Commands: Known Limitations and Deviations	329
Graphical Edition - Installation	330
Windows	330
Linux	330
Graphical Edition - Known Issues and Limitations	331
Linux	331
Windows	332
All Supported Operating Systems	332
Graphical Edition - User Interface Description	332
Graphical Edition - Scan Menu Commands	335
Scan	336
Test	337
Dump	339
Firmware Update	340
Encryption	341
Full Write	342
Tape Usage	344
System Test	344
Library Diagnostic Self-Test	345
Manual Inspection Record Entry	345
Graphical Edition - Tapeutil Menu Commands	346
Open	349
Close	349
Inquiry	350
Test Unit Ready	350
Reserve Device	350
Release Device	350
Request Sense	350
Log Sense	350
Mode Sense	350
Query Driver Version	350
Display All Paths	350
Rewind	351
Forward Space Filemarks	351
Backward Space Filemarks	351
Forward Space Records	351
Backward Space Records	351
Space to End of Data	351
Read and Write Tests	351
Read or Write Files	353
Erase	354
Load Tape	354
Unload Tape	354
Write Filemarks	354
Synchronize Buffers	354
Query/Set Parameter	354
Query/Set Position	354
Query Encryption Status	355
Display Message	355
Report Density Support	355
Test Encryption Path	356
Element Information	356
Position to Element	356
Element Inventory	356
Exchange Medium	356
Move Medium	356
Initialize Element Status	357

Match case Limit results 1 per page

System-Managed Encryption

Device Driver Configuration

System-managed encryption parameters on Windows are placed in the registry

under the key for the device driver. The parameters are populated in user-created

subkey containing the serial number of the device. The registry keys

(

sys_encryption_proxy

and

sys_encryption_write

) are used to determine SME

enablement and invocation of the EKM proxy on write, respectively.

Note:

Leading zeros in the serial number should be excluded. For example, if the

serial number of the encryption-capable tape drive were 0123456789, the

user would create the following registry key:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ibmtp2k3\123456789

Under this key, the user would create DWORD values called

sys_encryption_proxy

and/or

sys_encryption_write

, and assign them values corresponding with the

desired behavior.

The device driver SME settings can be set for all drives at once by placing the

″

sys_encryption_proxy

″

and

″

sys_encryption_write

″

registry options under the

device driver key, found at:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ibmtp2k3

When this option is chosen, the settings established for all drives are overridden by

the serial-number specific settings described the previous paragraph.

If no options are specified in the registry, the driver uses the default values for the

parameters.

The default value for

sys_encryption_proxy

is 1.

This value causes the device driver to handle encryption key requests, if the

drive is set up for system-managed encryption. This value should not need to be

changed. A value of 0 causes the device driver to ignore encryption key requests

for system-managed encryption drives, and is not desirable.

The default value for

sys_encryption_write

is 2.

This value causes the device driver to leave the encryption write-from-BOP

settings alone. It does not turn on or turn off encryption writing, but instead

uses the settings that are already in the drive. If encryption has not been set up

previously, then the drive writes unencrypted data. A value of 0 causes the

device driver to write unencrypted data. A value of 1 causes the device driver to

write encrypted data.

Changes to the registry require a reboot before the settings are able to be viewed;

however, during new installations of the driver, if the old driver is not uninstalled,

the old settings remain in place and no reboot is required.

Configuration File

The file

%system_root%:\IBMEKM.conf

is used to store the IP address of the EKM

server and other network-related parameters. The phrase

%system_root%

refers to

the drive letter where the Windows installation is located, typically C (for example

C:\IBMEKM.conf).

The format for the EKM server parameters is:

Windows System-Managed Encryption

184

IBM Tape Device Drivers Installation and User’s Guide