Chapter 8: Encryption Key Management
Setting up EKM on the Scalar i6000
Quantum Scalar i6000 User’s Guide
307
Encryption Methods, Details, and Restrictions
The following encryption methods are available on the library:
•
Application Managed
(default)— Allows your host application to
provide encryption support on all encryption-capable tape drives
and media within the partition. This is the default setting if the
partition contains encryption-capable tape drives. If you select this
option, the library will not communicate with the key server on this
partition. If you want an application to manage encryption, you
must specifically configure the application to do so. The library will
not participate in performing encryption. See your host
documentation for further details.
•
Library Managed
— Select check box to enable. Permits library
managed encryption support via a connected key manager server—
either Quantum Encryption Key Manager (Q-EKM), Scalar Key
Manager (SKM), Tivoli Key Lifecycle Manager (TKLM), Secure Key
Lifecycle Manager (SKLM) or KMIP-compliant key server—for all tape
drives and encryption-capable media assigned to the partition.
Details and restrictions for using library managed encryption
include:
• You must have an EKM license installed on the library (
Installing the EKM License Key
on page 293) before you can
select this option. Ensure the EKM license contains the
appropriate quantity of drives to match or exceed what is
currently installed in the library.
• Your encryption key servers must be installed, operational, and
configured on the library (
Setup > Encryption > Server
Configuration
), before you can enable a partition for library
managed encryption (
Setup > Encryption > Partition
Configuration
).
• Only HP and IBM LTO-4 and later tape cartridges will be
encrypted in library managed encryption partitions, unless they
contain unencrypted data already, and data is appended. The
partition may contain LTO-2 and LTO-3 tape cartridges, but they
will not be encrypted.
• Encrypted data will never be appended to unencrypted data on
tape, and unencrypted data will never be appended to
encrypted data on tape.
• For data to be encrypted via library managed encryption, the
media must be blank or have been written to using library
Summary of Contents for Scalar i6000
Page 1: ...User s Guide Scalar i6000 6 66879 15 Rev B...
Page 276: ...Chapter 3 Configuring Your Library Working with Towers 258 Quantum Scalar i6000 User s Guide...
Page 344: ...Chapter 8 Encryption Key Management Using SKM 326 Quantum Scalar i6000 User s Guide...
Page 444: ...Chapter 11 Configuring Access to StorNext 426 Quantum Scalar i6000 User s Guide...
Page 450: ...Chapter 12 Partition Utilization Reporting 432 Quantum Scalar i6000 User s Guide...
Page 574: ...Chapter 15 Maintaining Your Library Maintenance Actions 556 Quantum Scalar i6000 User s Guide...
Page 730: ...Appendix A Frequently Asked Questions 684 Quantum Scalar i6000 User s Guide...