Question & Answer
Question
How can I encrypt the backups on the IBM i?
Cause
It is necessary to protect sensitive data once it is saved to media.
Answer
There are two methods to encrypt your data during the backup as follows:
|
1. |
Hardware Encryption
This requires that your devices have the ability to encrypt, and you also need to configure the IBM Security Guardium Key Lifecycle Manager (GKLM - previously called Security Key Lifecycle Manager(SKLM), TKLM or EKM). IBM i only supports library managed encryption (LME) You can check if your device supports hardware encryption in document N1017856, Tape Drive Model Characteristics. Note that IBM i only supports Library Managed Encryption (LME) which means tape drives have to reside in a tape media library. The GKLM works with IBM encryption-enabled tape drives in generating, protecting, storing and maintaining encryption keys that are used to encrypt information being written to and decrypt information being read from tape media. The GKLM server should reside in a different server than the one being saved. It is supported on AIX, Linux, HP-UX, Sun Solaris and Windows Servers. Once the GKLM server is configured and the device is set to encrypt, all the saves done to that device are saved encrypted. |
| 2. | Software Encryption Starting with R610, it is possible to use software encryption with BRMS as indicated in document N1018803, Using BRMS to Encrypt Data. To use the software encryption function, you must have the BRMS Advanced feature (57xx-BR1 Option 2) and Encrypted Backup Enablement (57xx-SS1 Option 44) installed on the system. This encryption solution is hardware independent, meaning that you do not need to use an encrypting tape drive or other type of encryption device to encrypt the backup data. To set up the environment, it is necessary to create master key, create keystore file, generate a keystore file entry, and then create a media policy that will use the environment created. Steps to perform these tasks are described in document N1018617, How to Set up Encryption Environment to Perform Software Encryption. |
[{"Type":"MASTER","Line of Business":{"code":"LOB57","label":"Power"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SWG60","label":"IBM i"},"ARM Category":[{"code":"a8m0z0000001gnSAAQ","label":"Backup Recovery Install Migration->Save\/restore"}],"ARM Case Number":"","Platform":[{"code":"PF012","label":"IBM i"}],"Version":"7.1.0;7.2.0;7.3.0;7.4.0"},{"Product":{"code":"SSTS2D","label":"IBM i 7.3 Preventative Service Planning"},"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"LOB08","label":"Cognitive Systems"}},{"Product":{"code":"SSC5L9","label":"IBM i 7.2 Preventative Service Planning"},"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"LOB08","label":"Cognitive Systems"}},{"Product":{"code":"SSC52E","label":"IBM i 7.1 Preventative Service Planning"},"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"LOB08","label":"Cognitive Systems"}},{"Product":{"code":"SSC3X7","label":"IBM i 6.1"},"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"","label":""}},{"Type":"MASTER","Line of Business":{"code":"LOB57","label":"Power"},"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SS9QQS","label":"IBM i 7.4 Preventative Service Planning"},"ARM Category":[{"code":"a8m0z0000001gnSAAQ","label":"Backup Recovery Install Migration->Save\/restore"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"},{"Type":"MASTER","Line of Business":{"code":"LOB57","label":"Power"},"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SS9QQS","label":"IBM i 7.4 Preventative Service Planning"},"ARM Category":[{"code":"a8m0z0000000CM3AAM","label":"BRMS encryption"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
02 May 2022
UID
nas8N1021280