Skip to main content

IBM System Storage Tape Encryption Solutions

An IBM Redbooks publication

Note: This is publication is now archived. For reference only.


Published on 14 May 2009, updated 15 February 2011

  1. .PDF (20.9 MB)

Share this page:   

ISBN-10: 0738432733
ISBN-13: 9780738432731
IBM Form #: SG24-7320-02

Authors: Babette Haeusser, Jonathan Barney and Arthur Colvig

    menu icon


    This IBM® Redbooks® publication gives a comprehensive overview of the IBM System Storage™ Tape Encryption solutions that started with the TS1120 Tape Drive in 2006 and have been made available in the TS7700 Virtualization Engine in early 2007. Also in 2007, the IBM Ultrium Linear Tape-Open (LTO) Generation 4 Tape Drive was announced including its support for tape data encryption. In 2008, additional enhancements to the tape drives that support encryption and to key management have been made. This edition of the book has been updated with information about the TS1130 Tape Drive and the IBM Tivoli® Key Lifecycle Manager (TKLM).

    This publication is intended for System Programmers, Storage Administrators, Hardware and Software Planners, and other IT personnel involved in planning, implementing, and operating IBM tape data encryption solutions, and anyone seeking details about tape encryption.

    This book also provides practical guidance for how to implement an enterprise-wide encryption solution. We describe the general concepts of encryption and the implementation options that are available when using IBM Tape to encrypt tape data. We explain the key management options, including the Encryption Key Manager, which is a Java™ application that allows for enterprise-wide keystores and key management across a wide variety of platforms. We also provide detailed information for planning, implementation, and operation of tape data encryption for IBM z/OS® and Open Systems hosts.

    Table of Contents

    Part 1. Introducing IBM tape encryption solutions

    Chapter 1. Introduction to tape encryption

    Chapter 2. IBM tape encryption methods

    Chapter 3. IBM System Storage tape and tape automation for encryption

    Chapter 4. Planning for software and hardware

    Part 2. Implementing and operating the EKM

    Chapter 5. Planning for EKM and its keystores

    Chapter 6. Implementing EKM

    Chapter 7. Planning and managing your keys

    Chapter 8. EKM operational considerations

    Part 3. Implementing and operating the TKLM

    Chapter 9. Planning for TKLM and its keystores

    Chapter 10. Implementing TKLM

    Chapter 11. TKLM operational considerations

    Part 4. Implementing tape data encryption

    Chapter 12. Implementing TS1100 series Encryption in System z

    Chapter 13. Implementing TS7700 Tape Encryption

    Chapter 14. Implementing TS1120 and TS1130 Encryption in an Open Systems environment

    Chapter 15. Tape data encryption with i5/OS

    Part 5. Appendixes

    Appendix A. z/OS planning and implementation checklists

    Appendix B. z/OS Java and Open Edition tips

    Appendix C. Asymmetric and Symmetric Master Key change procedures

    Appendix D. z/OS tape data encryption diagnostics

    Appendix E. IEHINITT exits and messages for rekeying

    Appendix F. TS1100 and LTO4 SECURE key EKM on z/OS


    Others who read this also read