This IBM® Redbooks® publication gives a comprehensive overview of the IBM System Storage™ Tape Encryption solutions that started with the TS1120 Tape Drive in 2006 and have been made available in the TS7700 Virtualization Engine in early 2007. Also in 2007, the IBM Ultrium Linear Tape-Open (LTO) Generation 4 Tape Drive was announced including its support for tape data encryption. In 2008, additional enhancements to the tape drives that support encryption and to key management have been made. This edition of the book has been updated with information about the TS1130 Tape Drive and the IBM Tivoli® Key Lifecycle Manager (TKLM).

This publication is intended for System Programmers, Storage Administrators, Hardware and Software Planners, and other IT personnel involved in planning, implementing, and operating IBM tape data encryption solutions, and anyone seeking details about tape encryption.

This book also provides practical guidance for how to implement an enterprise-wide encryption solution. We describe the general concepts of encryption and the implementation options that are available when using IBM Tape to encrypt tape data. We explain the key management options, including the Encryption Key Manager, which is a Java™ application that allows for enterprise-wide keystores and key management across a wide variety of platforms. We also provide detailed information for planning, implementation, and operation of tape data encryption for IBM z/OS® and Open Systems hosts.

Part 1. Introducing IBM tape encryption solutions

Chapter 1. Introduction to tape encryption

Chapter 2. IBM tape encryption methods

Chapter 3. IBM System Storage tape and tape automation for encryption

Chapter 4. Planning for software and hardware

Part 2. Implementing and operating the EKM

Chapter 5. Planning for EKM and its keystores

Chapter 6. Implementing EKM

Chapter 7. Planning and managing your keys

Chapter 8. EKM operational considerations

Part 3. Implementing and operating the TKLM

Chapter 9. Planning for TKLM and its keystores

Chapter 10. Implementing TKLM

Chapter 11. TKLM operational considerations

Part 4. Implementing tape data encryption

Chapter 12. Implementing TS1100 series Encryption in System z

Chapter 13. Implementing TS7700 Tape Encryption

Chapter 14. Implementing TS1120 and TS1130 Encryption in an Open Systems environment

Chapter 15. Tape data encryption with i5/OS

Part 5. Appendixes

Appendix A. z/OS planning and implementation checklists

Appendix B. z/OS Java and Open Edition tips

Appendix C. Asymmetric and Symmetric Master Key change procedures

Appendix D. z/OS tape data encryption diagnostics

Appendix E. IEHINITT exits and messages for rekeying

Appendix F. TS1100 and LTO4 SECURE key EKM on z/OS