IBM System Storage Tape Encryption Solutions
An IBM Redbooks publication
Note: This is publication is now archived. For reference only.
This IBM® Redbooks® publication gives a comprehensive overview of the IBM System Storage™ Tape Encryption solutions that started with the TS1120 Tape Drive in 2006 and have been made available in the TS7700 Virtualization Engine in early 2007. Also in 2007, the IBM Ultrium Linear Tape-Open (LTO) Generation 4 Tape Drive was announced including its support for tape data encryption. In 2008, additional enhancements to the tape drives that support encryption and to key management have been made. This edition of the book has been updated with information about the TS1130 Tape Drive and the IBM Tivoli® Key Lifecycle Manager (TKLM).
This publication is intended for System Programmers, Storage Administrators, Hardware and Software Planners, and other IT personnel involved in planning, implementing, and operating IBM tape data encryption solutions, and anyone seeking details about tape encryption.
This book also provides practical guidance for how to implement an enterprise-wide encryption solution. We describe the general concepts of encryption and the implementation options that are available when using IBM Tape to encrypt tape data. We explain the key management options, including the Encryption Key Manager, which is a Java™ application that allows for enterprise-wide keystores and key management across a wide variety of platforms. We also provide detailed information for planning, implementation, and operation of tape data encryption for IBM z/OS® and Open Systems hosts.
Part 1. Introducing IBM tape encryption solutions
Chapter 1. Introduction to tape encryption
Chapter 2. IBM tape encryption methods
Chapter 3. IBM System Storage tape and tape automation for encryption
Chapter 4. Planning for software and hardware
Part 2. Implementing and operating the EKM
Chapter 5. Planning for EKM and its keystores
Chapter 6. Implementing EKM
Chapter 7. Planning and managing your keys
Chapter 8. EKM operational considerations
Part 3. Implementing and operating the TKLM
Chapter 9. Planning for TKLM and its keystores
Chapter 10. Implementing TKLM
Chapter 11. TKLM operational considerations
Part 4. Implementing tape data encryption
Chapter 12. Implementing TS1100 series Encryption in System z
Chapter 13. Implementing TS7700 Tape Encryption
Chapter 14. Implementing TS1120 and TS1130 Encryption in an Open Systems environment
Chapter 15. Tape data encryption with i5/OS
Part 5. Appendixes
Appendix A. z/OS planning and implementation checklists
Appendix B. z/OS Java and Open Edition tips
Appendix C. Asymmetric and Symmetric Master Key change procedures
Appendix D. z/OS tape data encryption diagnostics
Appendix E. IEHINITT exits and messages for rekeying
Appendix F. TS1100 and LTO4 SECURE key EKM on z/OS