Configuring Partition Encryption

The Setup - Partition Encryption screen allows you to change the tape cartridge encryption method for each partition in the library.

Encryption Methods, Details, and Restrictions

The following encryption methods are available on the library:

Enable Library Managed — Enables library managed encryption support via a connected key manager server— either Scalar Key Manager (SKM) or Quantum Encryption Key Manager (Q-EKM) — for all tape drives and encryption-capable media assigned to the partition.

Allow Application Managed — Allows your host application to provide encryption support on all encryption-capable tape drives and media within the partition.This is the default setting if the partition contains encryption-capable tape drives. If you select this option, the library will NOT communicate with the key server on this partition. If you want an application to manage encryption, you must specifically configure the application to do so. The library will not participate in performing encryption. See your host documentation for further details.

Unsupported — If Unsupported is shown, it means that no tape drives in that partition support encryption, and you will not be able to change the setting.

Changing the Encryption Method

NOTE: This operation should not be performed concurrently by multiple administrators logged in from different locations. You can access the appropriate screens, but you cannot apply changes while another administrator is performing the same operation.

You need administrator privileges to configure partition encryption settings.

  1. From the Setup menu, select Encryption > Partition Configuration.

    The Setup - Partition Configuration screen displays. Each partition's current encryption method is listed under Encryption Method.

    NOTE: If a partition uses Library Managed Encryption, this screen also displays whether it is using SKM or Q-EKM (automatically assigned by the library based on whether the tape drives in the partition are HP or IBM); the IP addresses of the key servers; and whether SSL is enabled. This information is view-only on this screen. It is configurable from the Setup - Encryption Key Server Access Configuration screen (Setup > Encryption > System Configuration). See Configuring Encryption Key Server Access for details.

  2. If you want to change the encryption method for a partition, make sure that no tape drives in that partition have cartridges loaded in them. If they do, you cannot change the encryption method.
  3. For any library partition, change the encryption method by selecting from the Encryption Method drop-down list (see above for explanations and restrictions):

    NOTE: When you change a partition from Enable Library Managed to Allow Application Managed, the data that was written to the tapes while the partition was configured for library managed encryption can no longer be read, until you change the partition back to Enable Library Managed.


    NOTE: If a partition uses Library Managed Encryption, this screen also displays whether it is using SKM or Q-EKM (automatically assigned by the library based on whether the tape drives in the partition are HP or IBM); the IP addresses of the key servers; and whether SSL is enabled. This information is view-only on this screen. It is configurable from the Setup - Encryption Key Server Access Configuration screen (Setup > Encryption > System Configuration). See Configuring Encryption Key Server Access for details.

  4. Click Apply. The Progress Window displays. The Progress Window contains information on the action, elapsed time, and status of the requested operation.

    Do one of the following:

  5. NOTE: When you change the encryption method on a partition, the partition is taken offline. When the change completes, the partition comes back online automatically.

  6. Save the library configuration.

    For instructions on how to save the library configuration, see Saving the Configuration.

You may also access the EKM Path Diagnostics from this screen. For more information, see Encryption Key Manager Path Diagnostics.

See also: