User's Guide

ManualsBrandsQuantum ManualsNetwork RouterScalar i500

181

182

183

184

185

186

187

188

189

190

Chapter 7 Encryption Key Management

KMIP-compliant Encryption Key Management

Scalar i500 User’s Guide 168

Details about the Scalar i500 KMIP-compliant implementation include:

• As with other encryption systems supported by the library, in order

to use KMIP-compliant encryption systems with the Scalar i500, you

must have an Encryption Key Management license installed on the

library.

• A minimum of two KMIP-compliant encryption servers are required

for failover purposes. A total of 10 KMIP-compliant encryption

servers are allowed, for increased failover capability.

See Configuring Encryption Key Management on the Library

on page 169

for more information and instructions on how to configure KMIP-

compliant encryption systems on the library.

General Notes About

Encryption on the Library7

Keep the following points in mind when using encryption on the library:

• Data written to encryption-supported and encryption-capable media

in EKM-supported tape drives will be encrypted unless data was

previously written to the media in a non-encrypted format. In order

for data to be encrypted, the media must be blank or have been

written to using library managed encryption at the first write

operation at the beginning of tape (BOT).

• You cannot append encrypted data to a non-encrypted tape.

• You cannot append non-encrypted data to an encrypted tape.

• Only one data encryption key can be used per tape cartridge.

• Encryption is configured by partition. Partitions must be configured

for “Library Managed Encryption.” EKM partitions must contain

only the tape drives supported by the encryption system you are

using. (For more information, see Step 6: Configuring Partitions for

Library Managed Encryption on page 180.

About the EKM License 7

If you purchase an EKM license after you purchased your library, you

must install the license key on your library to enable the EKM

functionality. The EKM license is sold on a per-drive basis. The license

corresponds to the number of tape drives that you can enable for library

managed encryption. If your library contains more encryption-enabled

tape drives than are covered by the license, you will need to purchase an

additional license to cover them. Your new license key replaces your

current license key and contains the entire license for the total number of

tape drives.