Establishing
an
Encryption
Policy
Two
types
of
encryption
policies
are
available:
Barcode
Encryption
Policy
(BEP)
and
Internal
Label
Encryption
Policy
(ILEP).
v
Barcode
Encryption
Policy
(BEP)
is
a
method
that
uses
volser
ranges,
saved
as
tables
in
the
3494
Library
Manager,
to
determine
if
volumes
should
be
encrypted
or
not,
and,
if
encrypted,
what
key
labels
to
use
for
a
particular
volume.
The
LM
sends
the
necessary
Key
Labels
to
the
drive
each
time
a
tape
is
mounted.
The
volser
range
tables
are
created
by
the
customer
through
the
3494
User
Interface
(UI)
or
through
the
3494
Web
Interface.
v
Internal
Label
Encryption
Policy
(ILEP)
is
a
method
that
reads
a
header
on
each
tape
to
determine
if
that
tape
is
eligible
for
encryption
through
the
use
of
pools.
The
drive
uses
the
pool
numbers
that
are
read
from
the
header
to
create
key
labels
that
are
sent
to
the
LM.
The
LM
contains
a
table
of
key
label
mappings
(that
map
or
translate
one
key
label
into
a
different
key
label)
and
uses
it
to
determine
if
one
or
both
of
the
key
labels
received
from
the
drive
should
be
remapped.
The
LM
then
responds
to
the
drive
with
a
message
containing
either
the
original
key
labels
from
the
drive
or
one
or
two
remapped
Key
Labels.
Both
methods
ultimately
determine
a
set
of
key
labels
which
the
Library
Manager
sends
to
the
drive.
The
drive
then
passes
these
labels
to
an
encryption
key
manager,
referred
to
hereafter
in
this
publication
as
EKM.
The
EKM
selects
an
encryption
key,
which
the
EKM
then
encrypts
and
sends
back
to
the
drive.
The
drive
then
un-encrypts
the
encrypted
key
and
uses
the
key
to
encrypt
the
data
that
is
sent
to
the
tape
from
the
host.
The
host
has
no
knowledge
of
whether
the
data
is
being
encrypted
or
not.
The
EKM
has
TCP/IP
connectivity
to
the
LM,
but
the
drive
does
not.
Because
the
drive
must
communicate
with
the
EKM
to
get
encryption
keys,
and
the
drive
has
no
direct
path
to
the
EKM,
the
LM
acts
as
a
proxy
between
the
drive
and
the
encryption
key
manager.
The
drive
communicates
with
the
Library
Manager
using
normal
RS-422
messages
and
the
Library
Manager
communicates
with
the
encryption
key
manager
using
normal
TCP/IP
communications.
For
instructions,
see
the
following
topics:
v
v
v
v
Setting
Up
and
Using
Encryption
This
section
introduces
how
to
set
up
encryption
and
perform
encryption-related
tasks.
Attention:
There
is
no
recovery
for
lost
encryption
keys.
To
set
up
and
use
encryption
in
the
3494
Tape
Library,
perform
the
following
tasks.
Note:
In
some
instances
IBM
Systems
Services
Representative
(SSR)s
will
be
required
to
enable
encryption
at
a
hardware
level
when
service
access
or
service
password
controlled
access
is
required.
Customer
setup
support
is
by
Field
Technical
Sales
Specialist
(FTSS),
customer
documentation,
and
software
support
for
encryption
software
problems.
Customer
“
how
to”
support
is
also
provided
via
support
line
contract.
Chapter
3.
Operational
Characteristics
65
Содержание TotalStorage 3494 Tape Library
Страница 1: ...IBM TotalStorage 3494 Tape Library Operator Guide GA32 0449 14...
Страница 2: ......
Страница 3: ...IBM TotalStorage 3494 Tape Library Operator Guide GA32 0449 14...
Страница 14: ...xii 3494 Tape Library Operator Guide...
Страница 22: ...xx 3494 Tape Library Operator Guide...
Страница 72: ...46 3494 Tape Library Operator Guide...
Страница 84: ...58 3494 Tape Library Operator Guide...
Страница 124: ...98 3494 Tape Library Operator Guide...
Страница 136: ...110 3494 Tape Library Operator Guide...
Страница 150: ...124 3494 Tape Library Operator Guide...
Страница 352: ...Figure 206 Service Window 326 3494 Tape Library Operator Guide...
Страница 536: ...510 3494 Tape Library Operator Guide...
Страница 572: ...546 3494 Tape Library Operator Guide...
Страница 580: ...554 3494 Tape Library Operator Guide...
Страница 600: ...574 3494 Tape Library Operator Guide...
Страница 603: ......
Страница 604: ...Part Number 95P6750 EC H79941 GA32 0449 14 1P P N 95P6750...
Страница 605: ...Spine information IBM TotalStorage 3494 Tape Library 3494 Tape Library Operator Guide...