Configuring Partition Encryption
The web client allows you to configure a partition so that the tape cartridges it contains are encrypted by the library. Library managed encryption works with an external Quantum Encryption Key Manager (Q-EKM) server. For an overview of library managed encryption key management, see About Encryption Key Management.
The library supports only IBM LTO-4 Fibre-Channel and SAS tape drives and LTO-4 tape cartridges for encryption using library managed encryption . If no IBM LTO-4 tape drives are assigned to a partition, the encryption method for that partition will show as Unsupported on the screen. If a partition contains a mix of IBM LTO-4 tape drives and other tape drive types, only LTO-4 tape cartridges written to and read by IBM LTO-4 Fibre-Channel or SAS tape drives will be encrypted. Additionally, in order for data to be encrypted, the media must be blank or have been written to using library managed encryption at the first write operation at the beginning of tape (BOT). If the media was previously written in a non-encrypted format, all data subsequently written to it will continue to be non-encrypted.
 |
NOTE: This operation should not be performed concurrently by multiple administrative users logged in from different locations. You can access the appropriate screens, but you cannot apply changes while another administrative user is performing the same operation.
|
Users with administrative privileges can configure partition encryption settings, but users with user privileges cannot.
- From the Setup menu, select Encryption > Partition Configuration.
The Setup - Partition Configuration screen appears. Each partition's current encryption method is listed under Encryption Method.
- If you want to change the encryption method on a partition, make sure that no tape drives in that partition have cartridges in them. If they do, you cannot change the encryption method.
- For any library partition, do one of the following:
- Select Enable Library Managed from the Encryption Method drop-down list to enable encryption support via a connected server for all encryption-capable tape drives and media assigned to the partition.
- Select Allow Application Managed from the Encryption Method drop-down list to allow external application-managed encryption support on all encryption-capable tape drives and media within the partition. If you select this option, the library will NOT communicate with the Q-EKM server on this partition. (Note: If you want an application to manage encryption, you must specifically configure the application to do so. The library will not participate in performing encryption.)
- If Unsupported is shown, it means that no tape drives in that partition support encryption, and you will not be able to change the setting.
-
- Click Apply. The Progress Window appears. The Progress Window contains information on the action, elapsed time, and status of the requested operation.
Do one of the following:
-
- If Success appears in the Progress Window, the partition encryption settings were successfully configured. Click Close to close the Progress Window.
- If Failure appears in the Progress Window, the partition encryption settings were not successfully configured. Follow the instructions listed in the Progress Window to resolve any issues that occurred during the operation.
- Save the library configuration.
For instructions on how to save the library configuration, see Saving the Configuration.
See also: