User's Manual

ManualsBrandsQuantum ManualsNetwork RouterScalar i500

Setting Up Quantum Encryption Key Manager on Your Scalar i500 Library

Document 6-01601-04

March 2010

4 Setting Up Q-EKM On the Library

Step 5: Configure Partition

Encryption

Encryption on the Scalar i500 tape library is enabled by partition only. You cannot select

individual tape drives for encryption; you must select an entire partition to be encrypted.

Q-EKM partitions can only contain IBM LTO-4 and IBM LTO-5 tape drives.

Data written to encryption-supported and encryption-capable media in Q-EKM-

supported tape drives will be encrypted unless data was previously written to the media

in a non-encrypted format. In order for data to be encrypted, the media must be blank or

have been written to using library managed encryption at the first write operation at the

beginning of tape (BOT).

Configure the partition(s) as follows:

1 From the web client, select

Setup > Encryption > Partition Configuration.

A list of all your partitions displays, along with a drop-down menu displaying the

encryption method for each partition.

2 If you want to change the encryption method for a partition, make sure that no tape

drives in that partition have cartridges loaded in them. If tape drives have cartridges

loaded, you cannot change the encryption method.

3 Select an encryption method from the drop-down menu for each partition. (For tape

drives that support encryption, the default is

Allow Application Managed.) The

Encryption Method applies to all encryption-capable tape drives and media in that

partition.

Caution: You must be running Q-EKM version 2.0 (or higher) to support

IBM LTO-5 tape drives.

Encryption Method Description

Enable Library

Managed

For use with Q-EKM. Enables encryption support via a

connected Q-EKM server for all encryption-capable tape

drives and media assigned to the partition.

Allow Application

Managed

Not for use with Q-EKM. Allows an external backup

application to provide encryption support to all

encryption-capable tape drives and media within the

partition. The library will NOT communicate with the

Q-EKM key server on this partition.

This is the default setting if you have encryption-capable

tape drives in the partition. This option should remain

selected unless you are connecting the library to an

external Q-EKM server.

Note: If you want an external application to manage

encryption, you must specifically configure the

application to do so. The library will not participate in

performing this type of encryption.

Unsupported Means that no tape drives in that partition support

encryption.

Unsupported is shown, it will be greyed out and you will

not be able to change the setting.