The Web client allows you to configure a partition so that the tape cartridges it contains are encrypted by the library. Library managed encryption works with an external Encryption Key Manager (EKM) server. For an overview of library managed encryption, see About Library Managed Encryption.
The library supports only IBM LTO-4 and IBM LTO-5 Fibre-Channel and SAS tape drives and LTO-4 and LTO-5 tape cartridges for encryption using library managed encryption. If no IBM LTO-4 or IBM LTO-5 tape drives are assigned to a partition, the encryption method for that partition will show as Unsupported on the screen. If a partition contains a mix of IBM LTO-4/LTO-5 tape drives along with other tape drive types, only LTO-4/LTO-5 tape cartridges written to and read by IBM LTO-4/LTO-5 Fibre-Channel or SAS tape drives will be encrypted. Additionally, in order for data to be encrypted, the media must be blank or have been written to using library managed encryption at the first write operation at the beginning of tape (BOT). If the media was previously written in a non-encrypted format, all data subsequently written to it will continue to be non-encrypted.
![]() |
NOTE: This operation should not be performed concurrently by multiple administrators logged in from different locations. You can access the appropriate screens, but you cannot apply changes while another administrator is performing the same operation. |
You need administrator privileges to configure partition encryption settings.
![]() |
NOTE: When you change a partition from Library Managed to Application Managed or None, the data that was written to the tapes while the partition was configured for library managed encryption can no longer be read, until you change the partition back to Library Managed. |
![]() |
CAUTION: Only fill in the overrides section if you want different partitions to use different EKM servers. Otherwise, leave this section alone and allow the values from the Setup > Encryption > System Configuration screen to populate these fields. Once you make any changes to the overrides section, the default values from the Setup > Encryption > System Configuration screen will no longer automatically populate these fields. If you want to return to the default settings after changing the overrides, you must enter them manually. |
![]() ![]() |
NOTE: Keys are always encrypted before being sent from the EKM server to a drive, whether SSL is enabled or not. Enabling SSL provides additional security. |
![]() ![]() |
NOTE: Restriction on EKM servers used for overrides: If you are using primary and secondary servers for overrides, the following restriction applies. (If you are not using a secondary server, there are no restrictions.)
|
Do one of the following:
![]() |
NOTE: When you change the encryption method on a partition, the partition is taken offline. When the change completes, the partition comes back online automatically. |
For instructions on how to save the library configuration, see Saving the Configuration.
See also: