Application-managed tape encryption
Application-managed tape encryption is described.
This method is best where operating environments run an application already capable of generating and managing encryption policies and keys, such as Tivoli® Storage Manager. Policies specifying when encryption is to be used are defined through the application interface. The policies and keys pass through the data path between the application layer and the encrypting tape drives. Encryption is the result of interaction between the application and the encryption-enabled tape drive, and does not require any changes to the system and library layers. Because the application manages the encryption keys, data volumes that are written and encrypted with the application-managed encryption method can be read only by the same software application that wrote them.
An encryption key server is not required by, or used by, application-managed tape encryption.
- The IBM encryption command set developed for the encryption key server
- The T10 command set defined by the InterNational Committee for Information Technology Standards (INCITS)
- IBM TS3400 tape library
- IBM TS3500 Tape Library
- IBM 3494 Tape Library
- IBM TS4500 Tape Library
- IBM TS2340 Tape Drive Express® Model S43 and with Xcc/HVEC 3580S4X
- IBM TS3100 tape library
- IBM TS3200 tape library
- IBM TS3310 tape library
- IBM TS3500 tape library
For information about setting up application-managed encryption, see your Tivoli Storage Manager documentation or go to https://www.ibm.com/support/knowledgecenter/SSAVT2_5.5.0/KC_ditamaps/product_welcome.html .