> I have a TS3500 that is to be setup as in library-managed and not > system- > managed for encryption. In the process I came across this statement in > the > EKM manual for setting up the encryption. > > Configure 3592 E05, E06, or EU6 tape drives for Encryption. > a. If 3592 E05, E06, or EU6 tape drives are installed in an Enterprise > System > and connected to a 3592 C06 or J70, you must use system-managed > encryption only. > > We have the 3592 E06 with the 3592 C06. This is the only place that I > found > this. Would it be true if the TS3500 is setup as Library-managed and > you are > running z/OS that you are not doing any tape encryption? If yes can I > just > have one or 2 drives System-managed using encryption? >
We installed the EKM software (JAVA Based) to encypt Tape on our TS3500 with E05 drives. >From what I remember, without EKM or Tivoli Key manager you would need crypto cards or the like. You can setup all drives or some drives for encryption and handle that through your SMS mgt class. Only if you see messages - TAPE ENCRYPTED (I am not at work so cannot provide the correct syntax) you are not encrypting tape. I can send you some of my notes on what I had to do to encrypt tape. It required 1) EKM Software 2) JAVA 6 3) HFS Files 4) DFSMS Mgmt Class 5) Certificate in TOP SECRET (or Racf or ACF2) Then the hardware now encrypts all tapes we have selected based on our mgmtclas. I think at some point I need to go with Tivoli Key manager, but I need to research that. EKM was free from IBM. Also, search the IBM Main Archives. We have been fairly vocal about tape encryption in 2007/8/9 Lizette ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
