Application-managed tape encryption on TS1120, LTO Ultrium 4, and newer tape
drives can use either of two encryption command sets:
v
The IBM encryption command set developed for the key manager
v
The T10 command set defined by the InterNational Committee for Information
Technology Standards (INCITS)
For more information about setting up application-managed encryption for Tivoli
Storage Manager, see your Tivoli Storage Manager documentation or visit
http://publib.boulder.ibm.com/infocenter/tivihelp/v1r1/index.jsp.
Planning for system-managed encryption
This topic explains system-managed encryption (SME).
This method is best for encryption on TS1120, LTO Ultrium 4, and newer tape
drives in System z operating environments.
Open systems
Encryption policies specifying when to use encryption are set up in the IBM tape
device driver. System-managed tape encryption and library-managed tape
encryption interoperate with one another. In other words, a tape encrypted using
system-managed encryption may be decrypted using library-managed encryption,
and vice versa, provided they both have access to the same keys and certificates.
Otherwise, this may not be feasible.
For details on setting up system-managed encryption on tape drives in an AIX,
Linux, Windows, or Solaris environment, see the
IBM Tape Device Drivers
Installation and User's Guide
and the
IBM System Storage TS3500 Tape Library with
ALMS Operator Guide
.
System z
Encryption policies specifying when to use encryption are set up in z/OS DFSMS
(Data Facility Storage Management Subsystem) or implicitly through each instance
of IBM device driver. Additional software products such as IBM Integrated
Cryptographic Service Facility (ICSF) and IBM Resource Access Control Facility
(RACF
®
) may also be used. Key generation and management is performed by the
key manager running on the host or externally on another host. Policy controls and
keys pass through the data path between the system layer and the encrypting tape
drives. Encryption is transparent to the applications.
For TS1120 and newer 3592 tape drives connected to an IBM TS7700 Virtualization
Engine (VE), encryption key labels are assigned on a per-storage pool basis using
the TS7700 Management Interface. DFSMS storage constructs are used by z/OS to
control the use of storage pools for logical volumes, resulting in an indirect form of
encryption policy management. For more information, see the white paper,
IBM
Virtualization Engine TS7700 Series Encryption Overview,
available at
http://www.ibm.com/support/docview.wss?&uid=ssg1S4000504.
For details on setting up system-managed encryption on TS1120 and newer 3592
tape drives in a System z platform environment, see
z/OS DFSMS Software Support
for IBM System Storage TS1130 and TS1120 Tape Drives (3592)
.
218
IBM System Storage TS3500 Tape Library with ALMS: Introduction and Planning Guide
Summary of Contents for System Storage TS3500
Page 1: ...IBM System Storage TS3500 Tape Library with ALMS Introduction and Planning Guide GA32 0593 07...
Page 6: ...vi IBM System Storage TS3500 Tape Library with ALMS Introduction and Planning Guide...
Page 8: ...viii IBM System Storage TS3500 Tape Library with ALMS Introduction and Planning Guide...
Page 14: ...xiv IBM System Storage TS3500 Tape Library with ALMS Introduction and Planning Guide...
Page 18: ...xviii IBM System Storage TS3500 Tape Library with ALMS Introduction and Planning Guide...
Page 24: ...xxiv IBM System Storage TS3500 Tape Library with ALMS Introduction and Planning Guide...
Page 114: ...90 IBM System Storage TS3500 Tape Library with ALMS Introduction and Planning Guide...
Page 156: ...132 IBM System Storage TS3500 Tape Library with ALMS Introduction and Planning Guide...
Page 196: ...172 IBM System Storage TS3500 Tape Library with ALMS Introduction and Planning Guide...
Page 234: ...210 IBM System Storage TS3500 Tape Library with ALMS Introduction and Planning Guide...
Page 238: ...214 IBM System Storage TS3500 Tape Library with ALMS Introduction and Planning Guide...
Page 246: ...222 IBM System Storage TS3500 Tape Library with ALMS Introduction and Planning Guide...
Page 254: ...230 IBM System Storage TS3500 Tape Library with ALMS Introduction and Planning Guide...
Page 289: ......
Page 290: ...Printed in USA GA32 0593 07...