1.  Home
  2. MIDRANGE-L
  3. October 2018

RE: Tape Backup encryption

Hello,

We use SKLM here with a TS3500 tape library.

Here is how it works here.

The SKLM server (windows based) generates, serves and keeps the encryption keys. New sets of keys are generated at fixed interval and old sets are kept for several years according to our governance rules.

In the TS3500 configuration, for the tape drive that we want to work with encryption, they are configure to ask the SKLM server (trough it's IP address) for an encryption key.

During backup, the TS3500 receives the data from the IBM I and encrypt it using the key provided by SKLM. On the tape, the ID of the key is written automatically along with the encrypted data.

During a restore, the key ID is retrieved. The TS3500 ask the SKLM server for the corresponding key and is then able to decrypt the tape during the restore.

If you go that way, make sure that your SKLM server is well protected (we have 1 master and 2 slaves located in different data centers). If you loose your keys, you tape will become useless.

Hope this help


Denis Robitaille
Chef de service TI – Solution d’entreprise
Infrastructure et opérations

CASCADES CENTRE DES TECHNOLOGIES
412 Marie Victorin
Kingsey falls(Québec) Canada J0A 1B0
Tél : 819 363 6100 Poste :52130
Cell : 819 352 9362


-----Message d'origine-----
De : MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxx> De la part de Gad Miron
Envoyé : 28 octobre 2018 10:18
À : Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>
Objet : Tape Backup encryption

Hello Pundits

An auditor has visited us lately and suggested we encrypt backup tapes sent to external facility.
Tape is a 3580 LTO7, machine is P9 7.3 .
I've found here
https://www-01.ibm.com/support/docview.wss?uid=nas8N1021280
http://www-01.ibm.com/support/docview.wss?uid=nas8N1017856

that the 3580 tape is capable of hardware encryption/decryption if you configure it with something known as SKLM .
I've noticed that the A/M SKLM is a Windowz/Linux tool not an IBMi one.
Now, How a Windowz/Linux tool causes a 3580 tape connected to IBMi to encrypt/decrypt ?

Any help will be greatly appreciated

Gad
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related questions.

Help support midrange.com by shopping at amazon.com with our affiliate link: http://amzn.to/2dEadiD Cascades - ATTENTION: Ce courriel provient de l'extérieur de l'organisation. Ne pas cliquer sur les liens et ne pas ouvrir les pièces jointes sauf si vous reconnaissez l'expéditeur et que vous êtes sûr que le contenu est légitime.
Cascades - CAUTION: This email is from outside the organization. Do not click on links or open attachments unless you recognize the sender and you are sure the content is safe.


As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.