Library managed encryption on the library is enabled via a centralized key manager application that generates, protects, stores, and manages encryption keys. These keys are used by IBM or HP LTO-4 and LTO-5 tape drives to encrypt information being written to, and decrypt information being read from, tape media. You must have an Encryption Key Management (EKM) license installed on the library in order to begin encrypting data using the tape drive encryption capabilities. For more information about enabling license keys, see Applying a License Key.
The Scalar i500 library supports two library managed encryption solutions (you cannot run both simultaneously on the same library):
Tape cartridge encryption occurs natively on each IBM or HP LTO-4 or LTO-5 tape drive that is in a partition configured for encryption. The encryption keystore is managed outside of the library by the key server.
If you are using SKM, you can import and export encryption keys and encryption certificates via the library interface, which enables you to share encrypted tape cartridges with other companies or individuals who use SKM, or create backups in case of server failure. You can also view the key server logs. See Importing Encryption Keys, Importing Encryption Certificates, Exporting Encryption Keys, Exporting Encryption Certificates, and Retrieving SKM Server Logs.
For more information about the key servers and library managed encryption best practices, please refer to the Quantum Encryption Key Manager User’s Guide or the Scalar Key Manager User’s Guide.
See also: