Library managed encryption must be enabled as a library feature using a license key. For more information about enabling license keys, see Applying a License Key.
Library managed encryption on the Scalar i500 is enabled via a centralized key manager application that generates, protects, stores, and manages encryption keys. These keys are used by IBM and/or HP LTO-4 tape drives to encrypt information being written to, and decrypt information being read from, tape media. Library managed encryption is an optional, licensed feature that must be enabled from the library in order to begin encrypting data using the tape drive encryption capabilities. The Scalar i500 library supports two library managed encryption systems:
You can run either or both systems under the same license on the library.
![]() |
NOTE: Q-EKM supports encryption on LTO-4 data cartridges using IBM LTO-4 Fibre Channel and SAS tape drives only. QKM supports encryption on LTO-4 data cartridges using HP LTO-4 Fibre Channel and SAS tape drives only. |
Tape cartridge encryption occurs natively on each IBM/HP LTO-4 tape drive that is in a partition configured for encryption. The encryption keystore is managed outside the library by the key server.
If you are using QKM, you can import and export encryption keys and encryption certificates via the library interface, which enables you to share encrypted tape cartridges with other companies or individuals who use QKM, or create backups in case of server failure. You can also view the key server logs. See Importing Encryption Keys, Importing Encryption Certificates, Exporting Encryption Keys, Exporting Encryption Certificates, and Retrieving QKM Server Logs.
For more information about the key servers and library managed encryption best practices, please refer to the Quantum Encryption Key Manager User’s Guide or the Quantum Key Manager User’s Guide.
See also: