Chapter 8: Encryption Key Management
Using SKM
Using SKM
SKM Management
316
LTO-4, LTO-5 or LTO-6 FC drives are encryption-capable, but to use the
Q-EKM software application, you must purchase an Encryption Key
Management license and provide a server or servers on which to install
Q-EKM. Q-EKM does not currently support encryption on other tape
drive types or manufacturer brands, even if they are assigned to a
partition selected for encryption.
Note: You must be running Q-EKM version 2.0 (or higher) to support
IBM LTO-5 or LTO-6 tape drives.
The encryption keys pass through the library, so that encryption is
"transparent" to the applications. If you purchase Q-EKM, Quantum's
Service department will schedule an appointment to install the
application onto your server(s).
If you purchase SKM, you will receive the software application, two
servers (optional beginning with SKM 1.1), and installation and
configuration instructions. This chapter describes how to configure your
encryption key management (EKM) solution (Q-EKM or SKM) on the
library.
Sharing Encrypted Tape Cartridges
If you are using SKM, you can use the library to facilitate sharing
encrypted tapes with other companies and individuals who also use
SKM for managing encryption keys.
Each SKM server provides a unique encryption key for each tape
cartridge that is encrypted. To read an encrypted tape in a library that is
attached to a SKM server that is different than the one that originally
provided the encryption key, the encryption key from the originating
(i.e., source) SKM server needs to be shared with the receiving (i.e.,
destination) SKM server.
The key (or list of keys, if there is more than one tape) is exported from
the source SKM server to a file, which is sent to the destination
Quantum Scalar i6000 User's Guide