The TSM Redbook found at http://www.redbooks.ibm.com/redbooks/pdfs/sg247505.pdf has a chapter on TSM managed tape encryption and how it is handled.
David -----Original Message----- From: ADSM: Dist Stor Manager [mailto:[email protected]] On Behalf Of McWilliams, Eric Sent: Wednesday, July 08, 2015 2:50 PM To: [email protected] Subject: [ADSM-L] Tape Encryption We are currently encrypting our data as it is being written to tape. The auditors want to know how the encryption keys are managed. All I can find is that the keys are managed by the Tivoli Storage Manager. Does anyone have any documentation that explains how the keys are managed and what keeps someone from decrypting a tape that is lost or stolen? tsm: >q dev ltodevc f=d Device Class Name: LTODEVC Device Access Strategy: Sequential Storage Pool Count: 1 Device Type: LTO Format: DRIVE Est/Max Capacity (MB): Mount Limit: DRIVES Mount Wait (min): 60 Mount Retention (min): 60 Label Prefix: ADSM Drive Letter: Library: MEDSLIB Directory: Server Name: Retry Period: Retry Interval: Twosided: Shared: High-level Address: Minimum Capacity: WORM: No Drive Encryption: On Scaled Capacity: Primary Allocation (MB): Secondary Allocation (MB): Compression: Retention: Protection: Expiration Date: Unit: Logical Block Protection: No Last Update by (administrator): Last Update Date/Time: 12/08/2014 13:14:44 Volume Name: XXXXXXX Storage Pool Name: TAPEPOOL Device Class Name: LTODEVC Estimated Capacity: 2.3 T Scaled Capacity Applied: Pct Util: 100.0 Volume Status: Full Access: Read/Write Pct. Reclaimable Space: 0.0 Scratch Volume?: Yes In Error State?: No Number of Writable Sides: 1 Number of Times Mounted: 1 Write Pass Number: 1 Approx. Date Last Written: 07/02/2015 05:16:24 Approx. Date Last Read: 07/02/2015 05:16:24 Date Became Pending: Number of Write Errors: 0 Number of Read Errors: 0 Volume Location: Volume is MVS Lanfree Capable : No Last Update by (administrator): Last Update Date/Time: 06/30/2015 18:17:40 Begin Reclaim Period: End Reclaim Period: Drive Encryption Key Manager: Tivoli Storage Manager Logical Block Protected: No Thanks Eric ********************************************************************** *** CONFIDENTIALITY NOTICE *** This message and any included attachments are from MedSynergies, Inc. and are intended only for the addressee. The contents of this message contain confidential information belonging to the sender that is legally protected. Unauthorized forwarding, printing, copying, distribution, or use of such information is strictly prohibited and may be unlawful. If you are not the addressee, please promptly delete this message and notify the sender of the delivery error by e-mail or contact MedSynergies, Inc. at [email protected].
