Book description
IBM® experts recognize the need for data protection, both from hardware or software failures, and from physical relocation of hardware, theft, and retasking of existing hardware.
The IBM DS8000® supports encryption-capable hard disk drives (HDDs) and flash drives. These Full Disk Encryption (FDE) drive sets are used with key management services that are provided by IBM Security Key Lifecycle Manager software or Gemalto SafeNet KeySecure to allow encryption for data at rest. Use of encryption technology involves several considerations that are critical for you to understand to maintain the security and accessibility of encrypted data.
Failure to follow the requirements that are described in the IBM Redpaper can result in an encryption deadlock.
Starting with Release 8.5 code, the DS8000 also supports Transparent Cloud Tiering (TCT) data object encryption. With TCT encryption, data is encrypted before it is transmitted to the cloud. The data remains encrypted in cloud storage and is decrypted after it is transmitted back to the IBM DS8000.
Starting with DS8000 Release 9.0, the DS8900F provides Fibre Channel Endpoint Security when communicating with an IBM z15™, which supports link authentication and the encryption of data that is in-flight. For more information, see IBM Fibre Channel Endpoint Security for IBM DS8900F and IBM Z, SG24-8455.
This edition focuses on IBM Security Key Lifecycle Manager Version 3.0.1.3 or later, which enables support Key Management Interoperability Protocol (KMIP) with the DS8000 Release 9.0 code or later and updated DS GUI for encryption functions.
Table of contents
- Front cover
- Notices
- Preface
- Summary of changes
- Chapter 1. Encryption overview
- Chapter 2. IBM DS8000 encryption mechanisms
- Chapter 3. Planning and guidelines for IBM DS8000 encryption
-
Chapter 4. IBM DS8000 encryption implementation
- 4.1 Installing IBM SKLM V3.0 in silent mode
- 4.2 WebSphere, Java, and SKLM hardening
- 4.3 Key Manager setup
- 4.4 Configuration for data at rest Configuration
- 4.5 Configuration for TCT encryption
- 4.6 Configuration for Endpoint Security
- 4.7 Data at rest encryption and Copy Services functions
- 4.8 NIST SP 800-131a requirements for key servers
- 4.9 Migrating certificates
- 4.10 Using a custom generated Gen 1 or Gen 2 certificate
- Chapter 5. Maintaining the IBM DS8000 encryption environment
- Related publications
- Back cover
Product information
- Title: IBM DS8000 Encryption for data at rest, Transparent Cloud Tiering, and Endpoint Security (DS8000 Release 9.0)
- Author(s):
- Release date: April 2020
- Publisher(s): IBM Redbooks
- ISBN: 9780738458427
You might also like
book
Security and Privacy in Cyber-Physical Systems
Written by a team of experts at the forefront of the cyber-physical systems (CPS) revolution, this …
book
Building an Enterprise-Wide Business Continuity Program
Drawing on over two decades of experience creating continuity plans and using them in actual recoveries, …
book
Asset Protection through Security Awareness
Supplying a high-level overview of how to protect your company's physical and intangible assets, Asset Protection …
book
Configuration Management for Senior Managers
Configuration Management for Senior Managers is written to help managers in product manufacturing and engineering environments …