Encryption; Encryption Concepts; Performance Groups And Policies - IBM DS8800 Introduction And Planning Manual

The I/O Priority Manager maintains statistics for the set of logical volumes in each
performance group that can be queried. If management is performed for the
performance policy, the I/O Priority Manager controls the I/O operations of all
managed performance groups to achieve the goals of the associated performance
policies. The performance group defaults to 0 if not specified. Table 10 lists
performance groups that are predefined and have the associated performance
policies:

Encryption

The DS8000 series supports data encryption through the use of the IBM Full Disk
Encryption feature and IBM Tivoli Key Lifecycle Manager.
Encryption technology has a number of considerations that are critical to
understand to maintain the security and accessibility of encrypted data. This
section contains the key information that you have to know to manage IBM
encrypted storage and to comply with IBM requirements for using IBM encrypted
storage.
Failure to follow these requirements can result in a permanent encryption
deadlock, which can result in the permanent loss of all key-server-managed
encrypted data at all of your installations.

Encryption concepts

Encryption is the process of transforming data into an unintelligible form in such a
way that the original data either cannot be obtained or can be obtained only by
using a decryption process.
Data that is encrypted is referred to as ciphertext. Data that is not encrypted is
referred to as plaintext. The data that is encrypted into ciphertext is considered
securely secret from anyone who does not have the decryption key.
The following encryption algorithms exist:
Symmetric encryption algorithm
Asymmetric encryption algorithm
70
Introduction and Planning Guide
Table 10. Performance groups and policies
Performance group
0
1-5
6-10
11-15
Note: Performance group settings can be managed using DS CLI or the DS Storage
Manager.
A common key is used to both encrypt and decrypt data. Therefore, the
encryption key can be calculated from the decryption key and the
decryption key can be calculated from the encryption key.
Two keys are used to encrypt and decrypt data. A public key that is
known to everyone and a private key that is known only to the receiver or
sender of the message. The public and private keys are related in such a
Performance policy
0
1
2
3
Performance policy
description
No management
Fixed block high priority
Fixed block medium priority
Fixed block low priority