IBM DS8880 Data-at-rest Encryption

An IBM Redpaper publication

Note: A new draft version of this publication is now available

Published 21 July 2016, updated 06 March 2018

cover image

ISBN-10: 0738455407
ISBN-13: 9780738455402
IBM Form #: REDP-4500-06
(192 pages)

More options


Authors: Bert Dufrasne, Sherry Brunson, Andreas Reinhardt, Robert Tondini, Roland Wolf


IBM® experts recognize the need for data protection, both from hardware or software failures, and also from physical relocation of hardware, theft, and retasking of existing hardware.

The IBM DS8880 supports encryption-capable hard disk drives (HDDs) and flash drives. These Full Disk Encryption (FDE) drive sets are used with key management services that are provided by IBM Security Key Lifecycle Manager software or Gemalto SafeNet KeySecure to allow encryption for data-at-rest on a DS8880. Use of encryption technology involves several considerations that are critical for you to understand to maintain the security and accessibility of encrypted data.

This IBM Redpaper™ publication contains information that can help storage administrators plan for disk encryption. It also explains how to install and manage the encrypted storage and how to comply with IBM requirements for using the IBM DS8000® encrypted disk storage system. Failure to follow these requirements can result in an encryption deadlock.

This edition focuses on IBM Security Key Lifecycle Manager Version 2.6. It also introduces Gemalto SafeNet KeySecure Version 8.3.2, which supports the Key Management Interoperability Protocol (KMIP) with the DS8000 Release V8.2 code and updated GUI for encryption functions.

Table of contents

Chapter 1. Encryption overview
Chapter 2. IBM DS8000 encryption mechanism
Chapter 3. Planning and guidelines for IBM DS8000 encryption
Chapter 4. IBM DS8000 encryption implementation
Chapter 5. Maintaining the IBM DS8000 encryption environment

Follow IBM Redbooks

Follow IBM Redbooks