Application Layer
Initiates data transfer for tape storage, for example TSM.
System Layer
Everything between the application and the tape drives, for example the
operating system, z/OS DFSMS, device drivers, and FICON/ESCON
controllers.
Library Layer
The IBM System Storage TS3500 Tape Library, which contains an internal
interface to each tape drive within it.
Planning for application-managed encryption
This topic explains application-managed encryption (AME).
This method is best where operating environments run an application already
capable of generating and managing encryption policies and keys, such as Tivoli
Storage Manager (TSM). Policies specifying when encryption is to be used are
defined through the application interface. The policies and keys pass through the
data path between the application layer and the encrypting tape drives. Encryption
is the result of interaction between the application and the encryption-enabled tape
drive, and does not require any changes to the system and library layers. Because
the application manages the encryption keys, data volumes written and encrypted
using the application-managed encryption method can only be read by the same
software application that wrote them.
A key manager is not required by, or used by, application-managed tape
encryption.
Library
Library Drive Interface
System
Application
Policy
Policy
Policy
or
or
Data Path
Data Path
a14m0177
Figure 59. Three possible locations for encryption policy engine and key management.
Chapter 8. Tape encryption overview 217
To Next Page
Loading...
Need help?
General