Encryption

Edit online

All supported tape drives in this library support encryption.

The encryption enabled drive contains the necessary hardware and firmware to encrypt and decrypt host tape application data. Encryption policy and encryption keys are provided by the host application or host server. A drive digital certificate is installed at manufacturing time. Each drive receives a unique serial number and certificate. The T10 application might validate each drive instance by checking the drive's digital certificate.

The library provides these options.
  1. Encryption disabled
  2. Application Managed Encryption (AME) is the default
  3. Library Managed Encryption (LME). LME is a built-in feature that is enabled by using a purchased license. The LME feature can be ordered from the factory, or you can order it as a field upgrade. To order a feature, contact your IBM Sales Representative or Business Partner. See Optional Features. For configuration details, see Configuring Library Managed Encryption.
The default is Application Managed Encryption.
Note: All encryption settings must be configured or reverified in the drive after any library or drive reset. A new drive might be added or an existing drive might be swapped with another drive.