Planning for system-managed encryption

Edit online

System-managed encryption (SME) is useful in System z® operating environments.

Note: The capability to use SME is not pre-set. The logical library must be set to use SME. SME is not available for LTO drives. It is available only on 3592 drives.

Encryption policies that specify when to use encryption are set up in z/OS® DFSMS (Data Facility Storage Management Subsystem). Additional software products such as IBM® Integrated Cryptographic Service Facility (ICSF) and IBM Resource Access Control Facility (RACF®) can also be used. Key generation and management are performed by the key manager that is running on the host or externally on another host. Policy controls and keys pass through the data path between the system layer and the encrypting tape drives. Encryption is transparent to the applications.