DOCSLIB.ORG

IBM System Storage Open Systems Tape Encryption Solutions

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
IBM System Storage Open Systems Tape Encryption Solutions Front cover IBM System Storage Open Systems Tape Encryption Solutions Understanding tape encryption and Tivoli Key Lifecycle Manager Version 2 Planning for and installing hardware and software Configuring and managing the tape encryption solution Alex Osuna Luciano Cecchetti Edgar Vinson ibm.com/redbooks International Technical Support Organization IBM System Storage Open Systems Tape Encryption Solutions December 2010 SG24-7907-00 Note: Before using this information and the product it supports, read the information in “Notices” on page vii. First Edition (December 2010) This edition applies to Tivoli Key Lifecycle Manager (TKLM) Version 2. © Copyright International Business Machines Corporation 2010. All rights reserved. Note to U.S. Government Users Restricted Rights -- Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. Contents Notices . vii Trademarks . viii Preface . ix The team who wrote this book . .x Become a published author . xi Comments welcome. xi Stay connected to IBM Redbooks . xii Chapter 1. Introduction to tape encryption. 1 1.1 IBM System Storage tape drives. 2 1.2 How tape data encryption works . 4 1.3 What to encrypt . 6 1.4 Why use tape data encryption. 7 1.4.1 Why encrypt data in the drive . 7 1.4.2 Fundamental to encryption: Policy and key management . 7 1.4.3 Summary. 8 1.5 Concepts of tape data encryption . 8 1.5.1 Symmetric key encryption. 9 1.5.2 Asymmetric key encryption . 11 1.5.3 Hybrid encryption . 14 1.5.4 Digital certificates . 15 1.6 Simplifying key management with TKLM . 20 1.6.1 Encryption as a critical business process . 20 1.6.2 Encryption and key management for compliance, availability, retention and security 21 1.6.3 Securing data automatically on self-encrypting drives . 21 1.6.4 Addressing objections to encryption of data at rest . 21 Chapter 2. IBM tape encryption methods . 23 2.1 Tivoli Key Lifecycle Manager . 24 2.1.1 What is new in version 2 . 24 2.1.2 Tivoli Lifecycle Key Manager components and resources . 25 2.1.3 Key exchange . 27 2.2 Methods of managing IBM tape encryption. 29 2.2.1 System-managed encryption . 29 2.2.2 Library-managed encryption . 30 2.2.3 Encrypting and decrypting with SME and LME. 32 2.2.4 Application-managed encryption. 34 2.2.5 Mixed mode example . 37 Chapter 3. IBM System Storage tape and tape automation for encryption . 39 3.1 IBM System Storage TS1130 and TS1120 Tape Drive . 40 3.1.1 Tape data encryption support . 40 3.1.2 IBM TotalStorage 3592 Model J70 Tape Controller . 41 3.2 IBM LTO Ultrium tape drives and libraries . 42 3.2.1 LTO overview . 42 3.2.2 LTO media . 43 3.2.3 IBM System Storage TS2240 Tape Drive Express Model . 46 © Copyright IBM Corp. 2010. All rights reserved. iii 3.2.4 IBM System Storage TS2250 Tape Drive Express model . 47 3.2.5 IBM System Storage TS2350 Tape Drive. 48 3.2.6 IBM System Storage TS2900 Tape Autoloader . 48 3.2.7 IBM System Storage TS3100 Tape Library . 50 3.2.8 IBM System Storage TS3200 Tape Library . 51 3.2.9 IBM System Storage TS3310 Tape Library . 53 3.3 IBM System Storage TS3400 Tape Library . 56 3.4 IBM System Storage TS3500 Tape Library . 57 3.4.1 Tape encryption overview . 58 3.4.2 Tape drives, libraries, and media relationship. 63 Chapter 4. Planning for software and hardware. 65 4.1 Encryption planning. 66 4.2 Planning assumptions . 66 4.3 Encryption planning quick-reference. 67 4.4 Choosing encryption methods. 70 4.4.1 Encryption method comparison. 70 4.4.2 Open systems encryption methods. 71 4.4.3 Decision time . 72 4.5 Solutions available by operating system . 72 4.5.1 AIX solution components . 72 4.5.2 Linux on System p, System x, and other Intel or AMD Opteron servers. 74 4.5.3 HP-UX, Sun, and Windows components . 76 4.5.4 IBM Tivoli Storage Manager . 79 4.6 Ordering information . 79 4.6.1 TS1120 tape drive prerequisites . 80 4.6.2 Tape controller prerequisites. 81 4.6.3 LTO4 or LTO5 tape drive prerequisites. 82 4.6.4 Tape library prerequisites . 83 4.6.5 Other library and rack open systems installations. 84 4.6.6 General software prerequisites for encryption . 85 4.6.7 TS1120 and TS1130 supported platforms . 85 4.6.8 IBM LTO4 and LTO5 tape drive supported platforms . 86 4.7 Other planning considerations for tape data encryption . 87 4.7.1 Performance considerations . 87 4.7.2 Encryption with other backup applications . 87 4.7.3 ALMS and encryption in the TS3500 library . ..
Load more

Recommended publications
  • Operating RISC: UNIX Standards in the 1990S
    Operating RISC: UNIX Standards in the 1990s This case was written by Will Mitchell and Paul Kritikos at the University of Michigan. The case is based on public sources. Some figures are based on case-writers' estimates. We appreciate comments from David Girouard, Robert E. Thomas and Michael Wolff. The note "Product Standards and Competitive Advantage" (Mitchell 1992) supplements this case. The latest International Computerquest Corporation analysis of the market for UNIX- based computers landed on three desks on the same morning. Noel Sharp, founder, chief executive officer, chief engineer and chief bottle washer for the Superbly Quick Architecture Workstation Company (SQAWC) in Mountain View, California hoped to see strong growth predicted for the market for systems designed to help architects improve their designs. In New York, Bo Thomas, senior strategist for the UNIX systems division of A Big Computer Company (ABCC), hoped that general commercial markets for UNIX-based computer systems would show strong growth, but feared that the company's traditional mainframe and mini-computer sales would suffer as a result. Airborne in the middle of the Atlantic, Jean-Helmut Morini-Stokes, senior engineer for the UNIX division of European Electronic National Industry (EENI), immediately looked to see if European companies would finally have an impact on the American market for UNIX-based systems. After looking for analysis concerning their own companies, all three managers checked the outlook for the alliances competing to establish a UNIX operating system standard. Although their companies were alike only in being fictional, the three managers faced the same product standards issues. How could they hasten the adoption of a UNIX standard? The market simply would not grow until computer buyers and application software developers could count on operating system stability.
    [Show full text]
  • The Rise & Development of Illumos
    Fork Yeah! The Rise & Development of illumos Bryan Cantrill VP, Engineering [email protected] @bcantrill WTF is illumos? • An open source descendant of OpenSolaris • ...which itself was a branch of Solaris Nevada • ...which was the name of the release after Solaris 10 • ...and was open but is now closed • ...and is itself a descendant of Solaris 2.x • ...but it can all be called “SunOS 5.x” • ...but not “SunOS 4.x” — thatʼs different • Letʼs start at (or rather, near) the beginning... SunOS: A peopleʼs history • In the early 1990s, after a painful transition to Solaris, much of the SunOS 4.x engineering talent had left • Problems compounded by the adoption of an immature SCM, the Network Software Environment (NSE) • The engineers revolted: Larry McVoy developed a much simpler variant of NSE called NSElite (ancestor to git) • Using NSElite (and later, TeamWare), Roger Faulkner, Tim Marsland, Joe Kowalski and Jeff Bonwick led a sufficiently parallelized development effort to produce Solaris 2.3, “the first version that worked” • ...but with Solaris 2.4, management took over day-to- day operations of the release, and quality slipped again Solaris 2.5: Do or die • Solaris 2.5 absolutely had to get it right — Sun had new hardware, the UltraSPARC-I, that depended on it • To assure quality, the engineers “took over,” with Bonwick installed as the gatekeeper • Bonwick granted authority to “rip it out if itʼs broken" — an early BDFL model, and a template for later generations of engineering leadership • Solaris 2.5 shipped on schedule and at quality
    [Show full text]
  • Chapter 4 Introduction to UNIX Systems Programming
    Chapter 4 Introduction to UNIX Systems Programming 4.1 Introduction Last chapter covered how to use UNIX from from a shell program using UNIX commands. These commands are programs that are written in C that interact with the UNIX environment using functions called Systems Calls. This chapter covers this Systems Calls and how to use them inside a program. 4.2 What is an Operating System An Operating System is a program that sits between the hardware and the application programs. Like any other program it has a main() function and it is built like any other program with a compiler and a linker. However it is built with some special parameters so the starting address is the boot address where the CPU will jump to start the operating system when the system boots. Draft An operating system typically offers the following functionality: ● Multitasking The Operating System will allow multiple programs to run simultaneously in the same computer. The Operating System will schedule the programs in the multiple processors of the computer even when the number of running programs exceeds the number of processors or cores. ● Multiuser The Operating System will allow multiple users to use simultaneously in the same computer. ● File system © 2014 Gustavo Rodriguez-Rivera and Justin Ennen,Introduction to Systems Programming: a Hands-on Approach (V2014-10-27) (systemsprogrammingbook.com) It allows to store files in disk or other media. ● Networking It gives access to the local network and internet ● Window System It provides a Graphical User Interface ● Standard Programs It also includes programs such as file utilities, task manager, editors, compilers, web browser, etc.
    [Show full text]
  • Open Technology Development (OTD): Lessons Learned & Best Practices for Military Software
    2011 OTD Lessons Learned Open Technology Development (OTD): Lessons Learned & Best Practices for Military Software 2011-05-16 Sponsored by the Assistant Secretary of Defense (Networks & Information Integration) (NII) / DoD Chief Information Officer (CIO) and the Under Secretary of Defense for Acquisition, Technology, and Logistics (AT&L) This document is released under the Creative Commons Attribution ShareAlike 3.0 (CC- BY-SA) License. You are free to share (to copy, distribute and transmit the work) and to remix (to adapt the work), under the condition of attribution (you must attribute the work in the manner specified by the author or licensor (but not in any way that suggests that they endorse you or your use of the work)). For more information, see http://creativecommons.org/licenses/by/3.0/ . The U.S. government has unlimited rights to this document per DFARS 252.227-7013. Portions of this document were originally published in the Software Tech News, Vol.14, No.1, January 2011. See https://softwaretechnews.thedacs.com/ for more information. Version - 1.0 2 2011 OTD Lessons Learned Table of Contents Chapter 1. Introduction........................................................................................................................... 1 1.1 Software is a Renewable Military Resource ................................................................................ 1 1.2 What is Open Technology Development (OTD) ......................................................................... 3 1.3 Off-the-shelf (OTS) Software Development
    [Show full text]
  • An Analysis of the Strategic Management of Technology in the Context of the Organizational Life-Cycle
    An Analysis of the Strategic Management of Technology in the Context of the Organizational Life-Cycle by Steven W. Klosterman BSEE (1983), University of Cincinnati Submitted to the System Design and Management Program in partial fulfillment of the requirements for the degree of Master of Science in Engineering and Management at the Massachusetts Institute of Technology June 2000 C 2000 Steven W. Klosterman. All rights reserved. The author hereby grants to MIT permission to reproduce and to distribute publicly paper and electronic copies of this thesis document in whole or in part. Signature of Author --------- System Design and Management Program. June, 2000 Certified by Thomas Kochan George M. Bunker Professor of Management Thesis Supervisor Accepted by Thomas Kochan Co-Director, System Design and Management Program Sloan School of Management Acceptedby Paul A. Lagace Co-Director, System Design and Management Program Professor of Aeronautics and Astronautics MASSACHUSETTS INSTITUTE OF TECHNOLOGY EN JUN 1 4 2000 LIBRARIES I Acknowledgements I would like to thank the individuals and organizations that have helped me pursue this thesis and my MIT education: To the System Design and Management (SDM) program for providing the vision of flexible, distance learning as an enabler for mid-career engineers to study at one of the world's foremost centers of learning. To Tom Magnanti, Tom Kochan, Ed Crawley, John Williams, Margee Best, Anna Barkley, Leen Int'Veld, Dan Frey, Jon Griffith and Dennis Mahoney, I cannot sufficiently express my gratitude for being given the privilege of becoming a member of the MIT community. To my fellow students in the SDM program for providing the support, encouragement and help, I am honored to be associated with you.
    [Show full text]
  • An Introduction to X Window Application Development
    Calhoun: The NPS Institutional Archive Theses and Dissertations Thesis Collection 1992-03 An introduction to X Window application development. Rust, David Michael Monterey, California. Naval Postgraduate School http://hdl.handle.net/10945/23933 FV KNOX LIBRARY •Ud SCHOOL SivAL POSTGRADUATE SoNTEHEV.CAUFORN.AG^^ CURITY CLASSIFICATION OF THIS PAGE REPORT DOCUMENTATION PAGE 1b. RESTRICTIVE MARKINGS REPORT SECURITY CLASSIFICATION UNCLASSIFIED a SECURITY CLASSIPICAT I6M AUTH6RITV 3. bisTRiBuTi6N7AVAlLABiUTY 6P REP5RT Approved for public release; b. dECLAssIFICATIoN/doWNgRADINg SCHEDULE distribution is unlimited PERFORMING ORGANIZATION REP6RT NUM&ER(S) 5. M6niT6Ring6Rgani2aTi6n rep6rT numbER(S) *. NAME 6F PERFORMING 6R6ANIZATI6N 6b OFFICE SYMBOL 7a. NAME 6E M6NIT6R1NG ORGANIZATION vdministrative Sciences Department (if applicable) Naval Postgraduate School Javal Postgraduate School AS :. ADDRESS (City, State, and ZIP Code) 7b. ADDRESS (City, State, and ZIP Code) /lonterey, CA 93943-5000 Monterey, CA 93943-5000 NAME OF FUNDING/SPONSORING 8b. OFFICE SYMBOL g PROCURE M E N T I NST RUMEN T ID E N T I FI CATION NUMBE R ORGANIZATION (if applicable) 6. ADDRESS (City, State, and ZIP Code) 10. SOURCE OF FUNDING NUMBERS PROGRAM 1 PR6JECT TTa^R" WoRkUNiT ELEMENT NO. NO. NO. ACCESSION NO. 1 . TITLE (Include Security Classification) ^N INTRODUCTION TO X WINDOW APPLICATION DEVELOPMENT (U) 2 PERSONAL AUTHOR(S) lust, David M. 3a. type of report 13b. time covered 14. DATE OF REPORT (Year, Month, Day) 16. PAGE COUNT Master's Thesis from 10/90 to 03/92 1992, March, 23 70 supplementary notation 6 The views expressed in this ^sis ^ those of the author md do not reflect the official policy or position of the Department of Defense or the United States Government.
    [Show full text]
  • Oracle Solaris Administration Common Tasks
    Oracle® Solaris Administration: Common Tasks Part No: 821–1451–11 December 2011 Copyright © 1998, 2011, Oracle and/or its affiliates. All rights reserved. This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited. The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing. If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, the following notice is applicable: U.S. GOVERNMENT RIGHTS Programs, software, databases, and related documentation and technical data delivered to U.S. Government customers are "commercial computer software" or "commercial technical data" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, the use, duplication, disclosure, modification, and adaptation shall be subject to the restrictions and license terms set forth in the applicable Government contract,and, to the extent applicable by the terms of the Government contract, the additional rights set forth in FAR 52.227-19, Commercial Computer Software License (December 2007). Oracle America, Inc., 500 Oracle Parkway, Redwood City, CA 94065.
    [Show full text]
  • A Source Book from the Open Group
    A Source Book from The Open Group The Single UNIX· Specification: The Authorized Guide to Version 3, 2nd Edition The Open Group Copyright ¶ June 2004, The Open Group All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without the prior permission of the copyright owners. A Source Book from The Open Group The Single UNIX· Specification: The Authorized Guide to Version 3, 2nd Edition ISBN: 1-931624-47-X Document Number: G041 Published in the U.S. by The Open Group, June 2004. Any comments relating to the material contained in this document may be submitted by email to: [email protected] ii A Source Book from The Open Group (2004) ____________________________________________________ Contents ____________________________________________________ Chapter 1 The Single UNIX Specification............................................ 1 1.1 Introduction.................................................................................. 1 1.2 Background ................................................................................. 1 1.3 The Value of Standards................................................................ 2 1.4 The Single UNIX Specification ..................................................... 2 1.5 Benefits for Application Developers.............................................. 3 1.6 Benefits for Users........................................................................ 3 1.7 The
    [Show full text]
  • Chapter 2 Unix
    Chapter 2 Unix UNIX is basically a simple operating system, but you have to be a genius to understand the simplicity. –DennisRitchie 2.1 Unix History For many people the term “System Administrator” implies operation of Unix systems, even though the same concepts, tasks and practices apply largely to the maintenance of hosts running any operating system. In this book, we strive to describe principles that are universally applicable and not bound by a specific operating system. We will regularly use Unix as the prime example and cite its features and specific aspects because of its academic background, long history of openness, high penetration of the infrastructure marketplace, and its role as a cornerstone of the Internet. 2.1.1 The Operating System How the Unix operating system came to be and how that relates to the de- velopment of the Internet and various related technologies is fascinating; just 28 CHAPTER 2. UNIX 29 about every other Unix-related book already covers this topic in great detail. In this chapter, we summarize these developments with a focus on the major milestones along the road from the birth of Unix as a test platform for Ken Thompson’s “Space Travel” game running on a PDP-7 to the most widely used server operating system that nowadays also happens to power consumer desktops and laptops (in the form of Linux and Apple’s OS X), mobile de- vices (Apple’s iOS is OS X based and thus Unix derived; Google’s Android is a Linux flavor), TVs, commodity home routers, industry scale networking equipment, embedded devices on the Internet of Things (IoT), and virtually all supercomputers1.
    [Show full text]
  • Linux System Programming Focuses on Everything Above the Kernel, Where Applications Such As Apache, Bash, Cp, Vim, Emacs, Gcc, Gdb, Glibc, Ls, Mv, and X Exist
    Overview This book is about writing software that makes the most effective use of the system you're running on -- code that interfaces directly with the kernel and core system libraries, including the shell, text editor, compiler, debugger, core utilities, and system daemons. The majority of both Unix and Linux code is still written at the system level, and Linux System Programming focuses on everything above the kernel, where applications such as Apache, bash, cp, vim, Emacs, gcc, gdb, glibc, ls, mv, and X exist. Written primarily for engineers looking to program (better) at the low level, this book is an ideal teaching tool for any programmer. Even with the trend toward high-level development, either through web software (such as PHP) or managed code (C#), someone still has to write the PHP interpreter and the C# virtual machine. Linux System Programming gives you an understanding of core internals that makes for better code, no matter where it appears in the stack. Debugging high-level code often requires you to understand the system calls and kernel behavior of your operating system, too. Key topics include: • An overview of Linux, the kernel, the C library, and the C compiler • Reading from and writing to files, along with other basic file I/O operations, including how the Linux kernel implements and manages file I/O • Buffer size management, including the Standard I/O library • Advanced I/O interfaces, memory mappings, and optimization techniques • The family of system calls for basic process management • Advanced process management,
    [Show full text]
  • System Administration Guide: Advanced Administration
    System Administration Guide: Advanced Administration Sun Microsystems, Inc. 4150 Network Circle Santa Clara, CA 95054 U.S.A. Part No: 819–2380–13 May 2008 Copyright 2008 Sun Microsystems, Inc. 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved. Sun Microsystems, Inc. has intellectual property rights relating to technology embodied in the product that is described in this document. In particular, and without limitation, these intellectual property rights may include one or more U.S. patents or pending patent applications in the U.S. and in other countries. U.S. Government Rights – Commercial software. Government users are subject to the Sun Microsystems, Inc. standard license agreement and applicable provisions of the FAR and its supplements. This distribution may include materials developed by third parties. Parts of the product may be derived from Berkeley BSD systems, licensed from the University of California. UNIX is a registered trademark in the U.S. and other countries, exclusively licensed through X/Open Company, Ltd. Sun, Sun Microsystems, the Sun logo, the Solaris logo, the Java Coffee Cup logo, docs.sun.com, Java, OpenSolaris, Sun xVM hypervisor, and Solaris aretrademarks or registered trademarks of Sun Microsystems, Inc. in the U.S. and other countries. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. in the U.S. and other countries. Products bearing SPARC trademarks are based upon an architecture developed by Sun Microsystems, Inc. Adobe is a registered trademark of Adobe Systems, Incorporated. PostScript is a trademark or registered trademark of Adobe Systems, Incorporated, which may be registered in certain jurisdictions.
    [Show full text]
  • IBM AIX Version 7.1 Differences Guide
    Front cover IBM AIX Version 7.1 Differences Guide AIX - The industrial strength UNIX operating system AIX Version 7.1 Standard Edition enhancements An expert’s guide to the new release Richard Bassemir Thierry Fauck Chris Gibson Brad Gough Murali Neralla Armin Röll Murali Vaddagiri ibm.com/redbooks International Technical Support Organization IBM AIX Version 7.1 Differences Guide December 2010 SG24-7910-00 Note: Before using this information and the product it supports, read the information in “Notices” on page xiii. First Edition (December 2010) This edition applies to AIX Version 7.1 Standard Edition, program number 5765-G98. © Copyright International Business Machines Corporation 2010. All rights reserved. Note to U.S. Government Users Restricted Rights -- Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. Contents Figures . ix Tables . xi Notices . xiii Trademarks . xiv Preface . xv The team who wrote this book . xv Now you can become a published author, too! . xvii Comments welcome. xviii Stay connected to IBM Redbooks . xviii Chapter 1. Application development and debugging . 1 1.1 AIX binary compatibility . 2 1.2 Improved performance using 1 TB segments . 2 1.3 Kernel sockets application programming interface . 5 1.4 UNIX08 standard conformance . 6 1.4.1 stat structure changes. 8 1.4.2 open system call changes. 9 1.4.3 utimes system call changes . 9 1.4.4 futimens and utimensat system calls . 10 1.4.5 fexecve system call . 10 1.5 AIX assembler enhancements . 10 1.5.1 Thread Local Storage (TLS) support. 10 1.5.2 TOCREL support.
    [Show full text]