IBM System Storage Data Encryption

An IBM Redbooks publication

Published 09 June 2010

Authors: Alex Osuna, David Crowther, Reimar Pflieger, Esha Seth, Ferenc Toth


Strong security is not a luxury anymore in today's round-the-clock, global business environment. It is a requirement. Ensuring the protection and security of an organization's information is the foundation of any successful business. Encrypting data is a key element when addressing these concerns. IBM® provides a wide range of IBM storage hardware products that are capable of encrypting the data that is written on them. This product line includes a variety of disk systems and tape drives. Several IBM storage products support encryption.

Data can be encrypted by means of special software programs, hardware adapters, facilities, or outside of the device where the data is stored. Encrypting data with software programs takes away processor power, and encrypting data with hardware requires additional investment in hardware for the computers. In addition to hardware encryption facilities, IBM disk systems and tape drives provide data encryption capabilities. This IBM Redbooks® publication explores the IBM solutions to encrypt data in the enterprise, as well as key management using the Tivoli® Key Lifecycle Manager.

This book describes IBM System Storage® data encryption. This book is intended for anyone who needs to learn more about the concepts of data encryption and the IBM storage hardware and software that enable data encryption.

Table of contents

Part 1. Introduction to data encryption
Chapter 1. Encryption concepts and terminology
Chapter 2. Introduction to storage data encryption
Chapter 3. IBM storage encryption methods
Chapter 4. IBM System Storage tape automation for encryption
Chapter 5. Full Disk Encryption technology in disk subsystems
Part 2. IBM System Storage DS5000
Chapter 6. Understanding Full Disk Encryption in DS5000
Chapter 7. Configuring encryption on DS5000 with Full Disk Encryption drives
Chapter 8. DS5000 Full Disk Encryption best practices
Chapter 9. Frequently asked questions
Part 3. Implementing tape data encryption
Chapter 10. Planning for software and hardware to support tape drives
Chapter 11. Planning for Tivoli Key Lifecycle Manager and its keystores
Chapter 12. Implementing Tivoli Key Lifecycle Manager
Chapter 13. Tivoli Key Lifecycle Manager operational considerations
Chapter 14. Planning for Encryption Key Manager and its keystores
Chapter 15. Implementing the Encryption Key Manager
Chapter 16. Planning and managing your keys with Encryption Key Manager
Chapter 17. Encryption Key Manager operational considerations
Chapter 18. Implementing TS1100 series encryption in System z
Chapter 19. Implementing TS7700 tape encryption
Chapter 20. Implementing TS1120 and TS1130 encryption in an open systems environment
Chapter 21. Tape data encryption with i5/OS
Part 4. DS8000 encryption features
Chapter 22. IBM System Storage DS8000 encryption preparation
Chapter 23. DS8000 encryption features and implementation
Chapter 24. DS8700 advanced encryption features and implementation
Chapter 25. Best practices and guidelines for DS8000 encryption
Appendix A. z/OS planning and implementation checklists
Appendix B. DS8700 encryption-related system reference codes
Appendix C. z/OS Java and Open Edition tips
Appendix D. Asymmetric and Symmetric Master Key change procedures
Appendix E. z/OS tape data encryption diagnostics
Appendix F. IEHINITT exits and messages for rekeying
Appendix G. TS1100 and LTO4/LTO5 SECURE key Encryption Key Manager on z/OS
Appendix H. Encryption testing in an open systems environment

Follow IBM Redbooks

Follow IBM Redbooks