IBM® experts recognize the need for data protection, both from hardware or software failures, and also from physical relocation of hardware, theft, and retasking of existing hardware.
The IBM DS8880 supports encryption-capable hard disk drives (HDDs) and flash drives. These Full Disk Encryption (FDE) drive sets are used with key management services that are provided by IBM Security Key Lifecycle Manager software or Gemalto SafeNet KeySecure to allow encryption for data-at-rest on a DS8880. Use of encryption technology involves several considerations that are critical for you to understand to maintain the security and accessibility of encrypted data.
This IBM Redpaper™ publication contains information that can help storage administrators plan for disk encryption. It also explains how to install and manage the encrypted storage and how to comply with IBM requirements for using the IBM DS8000® encrypted disk storage system. Failure to follow these requirements can result in an encryption deadlock.
This edition focuses on IBM Security Key Lifecycle Manager Version 2.6. It also introduces Gemalto SafeNet KeySecure Version 8.3.2, which supports the Key Management Interoperability Protocol (KMIP) with the DS8000 Release V8.1 code and updated GUI for encryption functions.
Table of contents
Chapter 1. Encryption overview
Chapter 2. IBM DS8000 encryption mechanism
Chapter 3. Planning and guidelines for IBM DS8000 encryption
Chapter 4. IBM DS8000 encryption implementation
Chapter 5. Maintaining the IBM DS8000 encryption environment