About Library Managed Encryption

Library managed encryption on the library is enabled via a centralized key manager application that generates, protects, stores, and manages encryption keys. These keys are used by IBM LTO-4 and LTO-5 tape drives to encrypt information being written to, and decrypt information being read from, tape media. You must have a Library Managed Encryption license installed on the library in order to begin encrypting data using the tape drive encryption capabilities. For more information about enabling license keys, see Applying a License Key.

Dell™ Encryption Key Manager (Dell EKM) is a centralized key manager application that manages the encryption keys used as part of the IBM LTO-4 and LTO-5 drive-based data encryption process. Library support for the Dell EKM application is an optional, licensed feature that must be enabled from the library in order to begin encrypting data using the IBM LTO-4 and LTO-5 tape drive encryption capabilities.

NOTE: Dell EKM supports encryption on LTO-4 and LTO-5 data cartridges using IBM LTO-4 and LTO-5 Fibre Channel and SAS tape drives only. Dell EKM does not support encryption on other tape drive types or manufacturer brands, even if they are assigned to a partition selected for encryption.

Tape cartridge encryption occurs natively on each IBM LTO-4 or LTO-5 tape drive that is in a partition configured for encryption. The encryption keystore is managed outside of the library by the Dell EKM server.

For more information about the Dell EKM server and Dell EKM best practices, please refer to the Dell PowerVault Encryption Key Manager User's Guide or the Dell Encryption Key Manager and Library Managed Encryption Best Practices and FAQ.

See also: