Hello,
I need to be able to encrypt LTO tapes that our AIX writes to for backups.
We have a tape library (IBM TS3100) that our AIX host uses to write to LTO6 tapes. We then take those tapes off-site and restore to another AIX system using a 3580-H6S LTO6 tape drive - this is a very simple environment (single AIX host with a tape library/drive directly attached).
I know that the TS3100 has capabilities to encrypt the tapes that we can activate in the web interface of the tape library - however since we need to restore using a 3580-H6S tape drive I don't think this will work.
So from my research it looks like we need to leverage application managed encryption (AME) as this is the only supported form of encryption on the 3580-H6S. It appears we need IBM Security Key Lifecycle Manager (ISKLM) but what I am failing to understand is how all this ties in together. If I install the ISKLM on Windows - do I update the driver configuration on AIX to poll ISKLM for encryption keys (which I would think would be transparent to the backup application as its being done at the driver level). There seems to be a lot of information on various products to make this work and I am just not getting it.
My goal is to encrypt the data offloaded to LTO6 tapes and to make it transparent to the backup application running within AIX (lets assume this is a shell script/wrapper around the tar command).
If anyone could point me to the right direction that would be great.