IBM System Storage Tape Encryption Solutions

An IBM Redbooks publication

Note: This is publication is now archived. For reference only.

Published 14 May 2009, updated 15 February 2011

cover image

ISBN-10: 0738432733
ISBN-13: 9780738432731
IBM Form #: SG24-7320-02
(694 pages)

More options

Rate and comment

Authors: Babette Haeusser, Jonathan Barney, Arthur Colvig

Abstract

This IBM® Redbooks® publication gives a comprehensive overview of the IBM System Storage™ Tape Encryption solutions that started with the TS1120 Tape Drive in 2006 and have been made available in the TS7700 Virtualization Engine in early 2007. Also in 2007, the IBM Ultrium Linear Tape-Open (LTO) Generation 4 Tape Drive was announced including its support for tape data encryption. In 2008, additional enhancements to the tape drives that support encryption and to key management have been made. This edition of the book has been updated with information about the TS1130 Tape Drive and the IBM Tivoli® Key Lifecycle Manager (TKLM).

This publication is intended for System Programmers, Storage Administrators, Hardware and Software Planners, and other IT personnel involved in planning, implementing, and operating IBM tape data encryption solutions, and anyone seeking details about tape encryption.

This book also provides practical guidance for how to implement an enterprise-wide encryption solution. We describe the general concepts of encryption and the implementation options that are available when using IBM Tape to encrypt tape data. We explain the key management options, including the Encryption Key Manager, which is a Java™ application that allows for enterprise-wide keystores and key management across a wide variety of platforms. We also provide detailed information for planning, implementation, and operation of tape data encryption for IBM z/OS® and Open Systems hosts.

Table of contents

Part 1. Introducing IBM tape encryption solutions
Chapter 1. Introduction to tape encryption
Chapter 2. IBM tape encryption methods
Chapter 3. IBM System Storage tape and tape automation for encryption
Chapter 4. Planning for software and hardware
Part 2. Implementing and operating the EKM
Chapter 5. Planning for EKM and its keystores
Chapter 6. Implementing EKM
Chapter 7. Planning and managing your keys
Chapter 8. EKM operational considerations
Part 3. Implementing and operating the TKLM
Chapter 9. Planning for TKLM and its keystores
Chapter 10. Implementing TKLM
Chapter 11. TKLM operational considerations
Part 4. Implementing tape data encryption
Chapter 12. Implementing TS1100 series Encryption in System z
Chapter 13. Implementing TS7700 Tape Encryption
Chapter 14. Implementing TS1120 and TS1130 Encryption in an Open Systems environment
Chapter 15. Tape data encryption with i5/OS
Part 5. Appendixes
Appendix A. z/OS planning and implementation checklists
Appendix B. z/OS Java and Open Edition tips
Appendix C. Asymmetric and Symmetric Master Key change procedures
Appendix D. z/OS tape data encryption diagnostics
Appendix E. IEHINITT exits and messages for rekeying
Appendix F. TS1100 and LTO4 SECURE key EKM on z/OS

Follow IBM Redbooks

Follow IBM Redbooks