Choosing or modifying an encryption method

Encryption is managed at the logical library level. All encryption-enabled drives that are assigned to a logical library use the same method of encryption. Enable encryption, or modify the method that is being used, on the Logical Libraries page.

To enable encryption, or modify the method that is being used, select a logical library on the Logical Libraries page. Then select Actions > Modify Encryption Method . Choose a method from the Encryption menu on the Modify Encryption Method Window and click Modify .

The following methods can be used for encryption:
Application-managed encryption (AME)
Use this method if the application generates and manages encryption policies and keys. Applications such as TivoliĀ® Storage Manager can manage encryption.
Library-managed encryption (LME) by bar code
Use this method to use the default key that is specified by the key manager for all VOLSER ranges. The encryption policy is specified based on cartridge volume serial numbers.
Note: To modify the behavior for different VOLSER ranges, use the modifyVolserRanges CLI command.
Library-managed encryption (LME) by internal label selective encryption
Use this method if you use Symantec NetBackup or the EMC Legato NetWorker. This encryption method encrypts cartridges with pool identifiers from 1500 - 9999 (inclusive), using keys specific to each pool. Labels for these keys are generated by the tape drive based on the pool identifier. For instance, key label INTERNAL_LABEL_NBU_1505_A would be generated for a cartridge in pool 1505. Go to Settings > Security and click on the Key Label Mapping tab to map these generated labels to the wanted key-encrypting key labels in the keystore of the encryption key manager. All other cartridges remain unencrypted.

Click Ping on the Modify Encryption Method window to test the connection to the encryption key servers if using LME.

To set up or modify the encryption key servers, go to Settings > Security and click the Encryption Key Servers tab .