IBM System Storage - Oxford University TSM Symposiatsm-symposium.oucs.ox.ac.uk/2007/papers/Christina...
Transcript of IBM System Storage - Oxford University TSM Symposiatsm-symposium.oucs.ox.ac.uk/2007/papers/Christina...
TSM Symposium September 2007
TSM encryption options:Using IBM tape hardware encryption
Christina CouttsChristina CouttsFTSS Removable [email protected]
IBM System Storage© 2007 IBM Corporation
IBM System Storage
TSM Symposium September 2007
Security of Data: a Business ImperativeSecurity of Data: a Business Imperative
Many government agencies are requiring disclosure ofMany government agencies are requiring disclosure of security breaches– 32 states in USA have security breach similar legislation,
Source: www.Privacyrights.org
Industry organizations are also increasing scrutiny of security procedures.– Source: Payment Card Industry Security Audit Procedures
V i 1Version 1
Over 150 million consumers have been notified of potential security breaches regarding personal information since 2005information since 2005– Source: www.Privacyrights.org
Information is the most valuable property of a company– Computer crime grows steadily
IBM System Storage2 Tape encryption | Christina Coutts
IBM System Storage™
Other Regulatory Drivers for EncryptionOther Regulatory Drivers for EncryptionEU – Directive on Data Protection of 1995
Implemented by National Legislationp y g
Generally Does not require Encryption
Generally imposes fines for failure to adequately protect subject information
Payment Card Industry (PCI) Data Security StandardApplies to all member merchants of Visa, Mastercard, and other credit card companies that store cardholder data. Applies to commerce conducted via retail, phone, mail, and e-commerce channelschannels
PCI recommends encryption as “the ultimate mechanism” to protect stored data.
VISA Merchants that fail to comply potentially face hundreds of thousands of dollars in penalties, in addition to the costs of notification credit monitoring and new account creationin addition to the costs of notification, credit monitoring and new account creation.
Basel IIApplies to Large Global & Money Center Banks
Requires establishment of separate Capital Accounts restricted from traditional uses like lending , trading, etc. to offset Operational Risk
Initiatives (like Data Security) that reduce Operational Risk free up this capital for productive use.
© 2007 IBM CorporationPage 3
TSM Symposium September 2007
AgendaAgenda
Storage securityStorage securityTSM and data security
Encryption overview
TSM and encryption yp– Client software-based– Hardware-based
Encryption implementation in the tape drive– Encryption methods– LME components
Encryption Key Manager and other SW components
Key serving: LTO and TS1120
More information?
IBM System Storage4 Tape encryption | Christina Coutts
IBM System Storage™
Storage SecurityStorage Security
Parameters and settings:Ensure resources are available to authorised users and trusted networks
E il bl t lEnsure resources are unavailable to everyone else
Parameters and settings controlled in:Organisation’s policies
Communications protocols
Programming
Hardware
© 2007 IBM CorporationPage 5
TSM Symposium September 2007
Securing Data at RestSecuring Data at Rest
1. Establish a Perimeter:
Secure Mobile Data• Enforce password protection /
encryption of confidential data on all laptopson all laptops
• Monitoring agents
• Implement encryption on all data stored on tape
IBM System Storage6 Tape encryption | Christina Coutts
TSM Symposium September 2007
Securing Data at RestSecuring Data at Rest
2. Strengthen Fortifications
Limit Access based on Roles• Implement table / database
level encryption leveraging hardware Crypto Providershardware Crypto Providers
• Share keystores & key management environment
IBM System Storage7 Tape encryption | Christina Coutts
TSM Symposium September 2007
Securing Data at RestSecuring Data at Rest
3. Implement DASD Encryption (when available)
Complete Protection Initiative• Secure remaining data files
• Secure HDDs for loss of control / process escapes during MA & de-acquisition
IBM System Storage8 Tape encryption | Christina Coutts
IBM System Storage™
TSM and Data SecurityTSM and Data Security
Authentication, Authorization, Access controlAre you who you say you are?
– Passwords– Admin Centre and Web Admin serverAdmin Centre and Web Admin server– Firewall support based on TCP/IP port specification
Do you have permission to do, or access, this?
Control lists or role-based access.
Protection of data – in flight, and at restg ,EncryptionEncryptionCyclic Redundancy Checks
Data Retention Protection
Data shredding (secure data erase)
© 2007 IBM CorporationPage 9
TSM Symposium September 2007
AgendaAgenda
Storage securitysecurity
TSM and data security
Encryption overviewEncryption overviewTSM and encryptionTSM and encryption
– Client software-based– Hardware-based
Encryption implementation in the tape drive– Encryption methods– LME components
Encryption Key Manager and other SW components
Key serving: LTO and TS1120
More information?
IBM System Storage10 Tape encryption | Christina Coutts
IBM System Storage™
What is Encryption?What is Encryption?
Transformation of readable, understandable data to a form that is not (cipher text)
Transformation is based on a mathematical formula
There are formulas for the transformation of different types of dataKeysTextPersonal Identification Numbers
Some advanced functions associated with cryptography are combinations of basic cryptographic functions applied in a specific manner against specific datacryptographic functions applied in a specific manner against specific data
A number of cryptographic functions are used: DES, AES128, AES256
HELLO!HELLO! LIOBOHMMGMLJLIOBOHMMGMLJHELLO!HELLO! LIOBOHMMGMLJLIOBOHMMGMLJ
© 2007 IBM CorporationPage 11
[Example shown uses STEW ( Symmetric Transient Encryption Wave) ]
TSM Symposium September 2007
Helps protect data from unauthorised accessHelps protect data from unauthorised access
Encryption ProcessEncryption Process
Encryption algorithm(e.g. AES)
Clear or plain textCipher Text
(Encrypted Data)K ( yp )
Decryption Process
Key
Encryption algorithmCipher Text
Clear or plain textKey
Data that is not encrypted is referred to as “clear text”
“Cl t t” i t d b i ith “k ” d “ ti l ith ”
Key
“Clear text” is encrypted by processing with a “key” and an “encryption algorithm”– Several standard algorithms exist, include DES*, TDES and AES
Keys are bit streams that vary in length
IBM System Storage12 Tape encryption | Christina Coutts
– For example AES supports 128, 192 and 256 bit key lengths *DES, invented by IBM in 1974
TSM Symposium September 2007
Symmetric EncryptionSymmetric Encryption
S k d t t d d tSame key used to encrypt and decrypt
Symmetric Keys must be stored and secured against unauthorized access
IBM System Storage13 Tape encryption | Christina Coutts
TSM Symposium September 2007
Asymmetric EncryptionAsymmetric Encryption
A key pair is used to encrypt and decrypt– The key used to encrypt is often referred to as the Public key
The Key used to decrypt is referred to as the Private key– The Key used to decrypt is referred to as the Private key
The Public key may be made widely available without fear of compromise
The Private Key must be secured against unauthorized access
IBM System Storage14 Tape encryption | Christina Coutts
Public / Private encryption is widely used for exchange of data between organizations (eMail)
TSM Symposium September 2007
AgendaAgenda
Storage security
TSM and data security
Encryption overview
TSM and encryptionTSM and encryptionypyp– Client software-based– Hardware-based
Encryption implementation in the tape drive– Encryption methods– LME components
Encryption Key Manager and other SW components
Key serving: LTO and TS1120
More information?
IBM System Storage15 Tape encryption | Christina Coutts
TSM Symposium September 2007
TSM and encryptionTSM and encryptionTSM Client encryption– Encryption in software– Encryption in software– Performed by client host– Keys managed by TSM client or server
PLUS new methods using tape drive hardware:Application Managed EncryptionApplication Managed Encryption– Keys managed by TSM server– Keys managed by TSM server
Library Managed EncryptionLibrary Managed Encryption– Encryption is transparent to TSM– Keys managed externally– Library hardware provides proxy
System managed encryptionSystem managed encryption– Encryption is transparent to TSM– Keys managed externally
IBM System Storage16 Tape encryption | Christina Coutts
– Device driver on server provides proxy
TSM Symposium September 2007
Enabling TSM Client encryptionEnabling TSM Client encryption
Set encryption options (dsm.opt, dsm.sys, or Client Server Options)– Select data to encrypt
• “include.encrypt” TSM Clients • “exclude.encrypt”
– Select encryption method• “encryptiontype=aes128” for AES128
TSM ClientsAES128 or DES56
Encryption key is derived from an Encryption Key Password
“You” supply and save key– You supply and save key• “encryptkey=save”• “encryptkey=prompt”
Key randomly generated and TSM server saves
TSM Server
TSM – Key randomly generated and TSM server saves key with meta data• “enableclientencryptkey=yes”
TSMDB
IBM System Storage17 Tape encryption | Christina Coutts
TSM Symposium September 2007
TSM client versus hardware encryptionTSM client versus hardware encryption
Client Encryption– Protects data while being written (“over
the wire”)
Hardware encryption– No performance overhead at the host
server– Remains encrypted while at rest on-line– Remains encrypted while at rest on
removable mediaHardware vendor agnostic
– Encryption is transparent to write performance
– Encryption applied after compression so data will be compressed as normal– Hardware vendor agnostic
– Increased CPU utilization during backup – so performance may suffer
– No compression on tape – so backup
p– Uses AES256 key format– Data is not encrypted during write
transfersizes may double
– Uses AES128 or DES56 key format– Requires software key and
management on restore
– Requires hardware encryption capability and key management on restore
management on restore
IBM System Storage18 Tape encryption | Christina Coutts
TSM Symposium September 2007
AgendaAgenda
Storage security
TSM and data security
Encryption overview
TSM and encryption – Client software-based– Hardware-based
Encryption implementation in the tape driveEncryption implementation in the tape drive– Encryption methods– LME components
Encryption Key Manager and other SW components
Key serving: LTO and TS1120
More information?
IBM System Storage19 Tape encryption | Christina Coutts
TSM Symposium September 2007
IBM Encryption Capable Tape DrivesIBM Encryption Capable Tape Drives
Shipped on all new TS1120 drives shipped 9.8.2006 or later – Feature Code # 9592 – Encryption Capable, Plant installed– No charge (NC) feature
Identified by label on drive canister– Identified by label on drive canister
Can be added to existing TS1120 3592E05s by MES Upgrade– Feature Code # 5592 – Encryption Capable – Field– CE Installed – new hardware and drive microcode
Shipped on all LTO Generation 4 drives– All LTO4 have encryption hardwareyp– No additional charge on drive
So what does having encryption hardware mean?So what does having encryption hardware mean?
IBM System Storage20 Tape encryption | Christina Coutts
So what does having encryption hardware mean?So what does having encryption hardware mean?
TSM Symposium September 2007
Encryption in the Tape DriveEncryption in the Tape Drive
Built-in AES 256-bit data encryptionFC Port
0 Drive
Clea
!@M
A8Built-in AES 256-bit data encryption
engine in every driveLocated “below” compression engine
Host Interface DMA Drive
Firmware
Processor
ar Clear C
le8%
w*q03!k3iKm
4 r ear g– Virtually no performance or capacity
impact (<1%)– data can be compressed and be
t d i lt
Compression Decompression
AES Encryption
AES Decryption
Code Memory
ar Clear clear
*^Fj&fgtrS
Iaasl
4msW
Cle
ar C
lear
encrypted simultaneous
Look-aside decryption & decompression help assure data integrity
Application Specific Integrated Circuit
Encryption Decryption
Buffer
w*q03!k3iKm4Aw^1*
#*4
DriveintegrityPreserves performance and compression characteristics
ECC and Format Encoding
Read/Write Electronics
Read/Write Head
DriveCertificate
withDrive’s
RSA Key
Tape Mediaw*q03!k3iKm4Aw^1*
But anyone can put a card in a driveBut anyone can put a card in a drive
IBM System Storage21 Tape encryption | Christina Coutts
But anyone can put a card in a drive…But anyone can put a card in a drive…
TSM Symposium September 2007
IBM Encryption Implementation and ManagementIBM Encryption Implementation and Management
Application-Managed PolicyApplication Managed(Currently TSM)
Policy
nage
r System-Managed________(z/OS, AIX & Solaris)
Policy
Key
Man
Lib M d
( , )_________
cryp
tion Library-Managed
Policy
En
(TS3500,TS3400,TS3100,TS3200,TS3310)
Policy
IBM System Storage22 Tape encryption | Christina Coutts
TSM Symposium September 2007
TSM Application Managed Encryption (AME)TSM Application Managed Encryption (AME)
Application provides Policy Engine toTSM Server
TSM DB
Application provides Policy Engine to determine if data is encrypted – Policy set in tape device class
DRIVEENCRYPTION=ON|ALLOW|OFF
VOL123– Data access through standard TSM access
controls
TSM generates encrypts and stores the S ge e ates e c ypts a d sto es t ekey in the DB with other meta data– Provides interface to key services– Associates correct key with fileAssociates correct key with file– Keys flow to the drive in the clear
Not applicable to TSM DB backups, backup set Export tapes or zOS TSM
VOL123
backup set, Export tapes, or zOS TSM server
IBM System Storage23 Tape encryption | Christina Coutts
TSM Symposium September 2007
TSM Library Managed Encryption (LME)TSM Library Managed Encryption (LME)
Policy Mechanisms provided by LibraryKeystore
EKM DB
Policy Mechanisms provided by Library Microcode– Library policies for Library Managed– DATACLAS in zOS (uses System Managed)DATACLAS in zOS (uses System Managed)
Encryption Keys provided by external Encryption Key Manager
C i ti i IP P ti f
keylabel keylabel
– Communication via IP Proxy connection from IBM Tape Library (LME)
– Key flows authenticated and secured via SSL-like interactionlike interaction
EKM environment applicable to TSM or NetBack Up Media Server – or other applications
LTO001JAG001
applicationsEncryption is “transparent” to TSM (and applications above the library layer).
IBM System Storage24 Tape encryption | Christina Coutts
TSM Symposium September 2007
AME fits a narrow set of requirementsAME fits a narrow set of requirements.
You use only TSM for backup and to createYou use only TSM for backup and to create Tape
yesno
You have no known requirements for non-TSM environments
yesno
You have lower security requirements for B2B Data interchange via Tape
Implement Transparent Encryptionno
You require support for cartridge interchange across different Tape Drive vendors
(LME/SME)yes
noacross different Tape Drive vendors
Consider Application Managed Encryption
yesno
IBM System Storage25 Tape encryption | Christina Coutts
pp g yp
TSM Symposium September 2007
IBM Tape Encryption MethodsIBM Tape Encryption Methods
Encryption Policy Policy Data KeyEncryption Method
y
Encrypt?
y
Key Label?Data Key
Generation
Application TSM Devclass NA TSM
Atape/IBMtape Encryption Key Encryption KeySystem Open Atape/IBMtape Device Driver
Encryption Key Manager (EKM)
Encryption Key Manager (EKM)
DFSMS D t DFSMS Data E ti KSystem z/OS DFSMS Data Class or JCL DD
DFSMS Data Class, JCL DD or
EKM
Encryption Key Manager (EKM)
TS3500 (3584)Library (or Transparent)
TS3500 (3584)TS3400 (3577)
Web Interface
TS3500 (3584)TS3400 (3577)
Web Interface or Encryption Key Manager (EKM)
IBM System Storage26 Tape encryption | Christina Coutts
(log. Lib or Volser range) Web Interface EKM
TSM Symposium September 2007
Library Managed Encryption components summaryLibrary Managed Encryption – components summary
TSMTSM server Supports AME or SME
Keystore Crypto Services TS1120or LTO4
Provides encryption card hardware
HW or SW basedHW or SW based HW or SW basedGenerates keys
HW or SW basedStores keys
Encryption Key ManagerIBM Tape Library Supports LMEFree IBM program
Run in IBM JREEKMEKM
Run in IBM JRERuns on server of your choiceManages key distribution
EKM management forS
IBM System Storage27 Tape encryption | Christina Coutts
LME or SME
TSM Symposium September 2007
AgendaAgenda
Storage security
TSM and data security
Encryption overview
TSM and encryption Cli t ft b d– Client software-based
– Hardware-based
Encryption implementation in the tape drive– Encryption methods
LME t– LME components
Encryption Key Manager and other SW componentsEncryption Key Manager and other SW components
Key serving: LTO and TS1120Key serving: LTO and TS1120
More information?
IBM System Storage28 Tape encryption | Christina Coutts
TSM Symposium September 2007
Encryption Key Manager Overview• Runs in IBM Java Runtime Environment (JRE)• Supplied free from IBM
Encryption Key Manager Overview
Encryption
• Does not perform any crypto operations itself
EncryptionKey Manager
(EKM)• Drive Table contains list of• Config File tells EKM how to run
ConfigFile
DriveTable
• Drive Table contains list of valid drives
• Config File tells EKM how to run.–Where Keystore is located–Where Drive Table is located–Default key labels
K t Crypto ServicesKeystore C ypto Se cesProvider
• Hardware or Software based• Stores certificates and keys
• Hardware or Software based• Generates Data Keys (DK)
IBM System Storage29 Tape encryption | Christina Coutts
• Stores certificates and keys • Generates Data Keys (DK)• Wraps/Unwraps/Rewraps DKs
IBM System Storage™
The Transparent Encryption solution: assembled from a p ypcombination of existing and new components.
Key Administration
Component
Authorization Component
Library Encryption
Policy ComponentComponent
Key Distribution Component
Crypto ProviderComponent
Embedded Crypto Provider
Componentp
Key Store
Component E i ti C t N C t
© 2007 IBM CorporationPage 30
Existing Component New Component
IBM System Storage™
EKM Environment components run together in a single server image and may support Centralized Key Management .
Encryption Key
Administration
Authorization Component
May reside on a different server or different platform than the server connected to
Crypto Provider
the Tape Drive.
Does not have to be implemented in a dedicated
IBM EKM Key Distribution Component
implemented in a dedicated system or LPAR.
May reside in a different l ti th th t d i
Key Store
Key
plocation than the tape drive.
Implemented on standard server platforms.
Component
ConfigFile
DriveTableKey
Storefile EKM
Environment
pFile Table
© 2007 IBM CorporationPage 31
Environment
TSM Symposium September 2007
Encryption KeystoreEncryption Keystore
Maintained on server or in hardware crypto device
Contains key label, public keys and private keys
Populated by self generated or imported certificates
Example:
Key Label Public Key
Private Key
Acme 12345… abcde…
Offsite BP RR 98765… Not Available
IBM System Storage32 Tape encryption | Christina Coutts
TSM Symposium September 2007
Supported KeyStoresSupported KeyStores
Distributed – JCEKS (file based)
PKCS11IMPLKS (PKCS11 hardware crypto)– PKCS11IMPLKS (PKCS11 hardware crypto)
I5 – JCEKS (file based)( )– IBMi5OSKeyStore (I5 platform capabilities)
z/OS– JCEKS (file based)– JCE4758KS/JCECAAKS (ICSF Secure hardware)– JCE4785RACFKS/JCECCARACFKS (RACF with secure hardware)( )– JCERACFKS (RACF/SAF)
IBM System Storage33 Tape encryption | Christina Coutts
TSM Symposium September 2007
AgendaAgenda
Storage security
TSM and data security
Encryption overview
TSM and encryption – Client software-based– Hardware-based
Encryption implementation in the tape driveE ti th d– Encryption methods
– LME components
Encryption Key Manager and other SW components
Key serving: LTO and TS1120Key serving: LTO and TS1120More information?
IBM System Storage34 Tape encryption | Christina Coutts
TSM Symposium September 2007
IBM uses both methods for secure key exchangeIBM uses both methods for secure key exchange
Symmetric Key Key Pair
Public KeyPrivate Key
The same key is used to encrypt and decrypt the data.
Pairs of different, mathematically related keys are used to encrypt & decrypt data
Symmetric Key Key Pair
decrypt the data.Implementation requires exceptional focus on securing access to the key. Usually deployed within an enterprise or
are used to encrypt & decrypt data.The “Public” key may be made widely availableThe “Private” key is must be secured Widely used as the outer layer of an encryptiony p y p
within a layered architecture using asymmetric protection for key exchange.Preferred for high data volumes because they are more efficient
Widely used as the outer layer of an encryption architecture to protect keys. IBM Solution uses Asymmetric RSA2048 Keys for Key-Encrypting Keys (KEKs)
they are more efficient. IBM Solution uses Symmetric AES256 Keys for Data Keys
IBM System Storage35 Tape encryption | Christina Coutts
*Name of the three mathematics Rivest, Shamir and Adleman
TSM Symposium September 2007
Putting it all togetherPutting it all together…
IBM System Storage36 Tape encryption | Christina Coutts
TSM Symposium September 2007
Encryption Key Generation and Communication:Encryption Key Generation and Communication:How is it such a secure system?
1Load cartridge
specifying encryptionDrive requests data key sending
its own private key certificate 2Encryption
Key Manager(EKM)
its own private key certificate 2
( )Config
FileDriveTable
Key manager transmits both encrypted data keys to tape drive4
Key manager generates data key and encrypts with 2 different “public” keys: first with the drive’s key and second with the
35
Drive writes
Drive decrypts one key, writes encrypted data, discards key
6data’s policy key
JAG001
Drive writes second encrypted key to the cartridge
discards key.
IBM System Storage37 Tape encryption | Christina Coutts
cartridge
TSM Symposium September 2007
TS1120 Encryption Process summaryTS1120 Encryption Process - summary
ClearClearText
CipherT tDK(Data)
DK EncryptedTape
Text( )
(Symmetric)
KEK(DK) EEDK
Tape
EEDKKEK(DK)KEK(DK) EEDK
KEKKEK (Asymmetric)
DK – Data Key (Symmetric)KEK – Key Encrypted Key (Asymmetric)
IBM System Storage38 Tape encryption | Christina Coutts
EEDK – Externally Encrypted Data Key
TSM Symposium September 2007
TS1040 (LTO) Encryption ProcessTS1040 (LTO) Encryption Process –
ClearText
TS1040TS1040Encrypted
Tape
CipherTextDK(Data)
(Symmetric)DK
(Symmetric)
DK – Data Key (Symmetric)
IBM System Storage39 Tape encryption | Christina Coutts
• Encryption Process Defined by T10 Standard
TSM Symposium September 2007
Advice on working with keys/certificatesAdvice on working with keys/certificates
Don't lose your (public/private) keys and certificates
Don't leave your (public/private) keys and certificates lying around
Make sure you backup your ( bli / i t ) k d tifi t(public/private) keys and certificates
IBM System Storage40 Tape encryption | Christina Coutts
TSM Symposium September 2007
AgendaAgenda
Storage security
TSM and data security
Encryption overview
TSM and encryption – Client software-based– Hardware-based
Encryption implementation in the tape driveE ti th d– Encryption methods
– LME components
Encryption Key Manager and other SW components
Key serving: LTO and TS1120
More information?More information?
IBM System Storage41 Tape encryption | Christina Coutts
TSM Symposium September 2007
TSM ResourcesTSM Resources
TSM manuals on the internet - Tivoli Information CentreCentre– http://publib.boulder.ibm.com/infocenter/tivihelp/v1r1/index.jsp?
toc=/toc /com.ibm.itstorage.doc/toc.xml
TSM support websitepp– http://www..ibm.com/software/sysmgmt/products/support/
IBMTivoliStorageManager.html
IBM System Storage42 Tape encryption | Christina Coutts
TSM Symposium September 2007
Other IBM ResourcesOther IBM ResourcesJava Encryption Key Manager Support Page– http://www-1.ibm.com/support/docview.wss?&uid=ssg1S4000504
White Papers TS1120 Performance with Encryption– TS1120 Performance with Encryption
– TS1120 Encrypting Data
– TS3500 Library Managed Encryption
Redbook– IBM System Storage TS1120 Tape Encryption: Planning,
Implementation and Usage Guide (SG24-7320)Implementation, and Usage Guide (SG24 7320)
TSM Encryption Overview Presentation– http://w3-
103.ibm.com/software/xl/portal/viewcontent?type=doc&srcID=XW&docID=H800739N06088R56
IBM System Storage43 Tape encryption | Christina Coutts
TSM Symposium September 2007
IBM Tape Encryption DocumentationIBM Tape Encryption DocumentationLibrary
– 3584 Intro and Planning Guide - GA32-0469
– 3584 Operator’s Guide - GA32-0468
– EKM Intro, Planning, and Users Guide - GA76-0418
System– 3584 Intro and Planning Guide - GA32-0469
– 3584 Operator’s Guide - GA32-0468358 Ope ato s Gu de G 3 0 68
– EKM Intro, Planning, and Users Guide - GA76-0418
– IBM Tape Device Driver Install and Users Guide - GC35-0154
– DFSMS Software Support for IBM TotalStorage Enterprise Tape DriveDFSMS Software Support for IBM TotalStorage Enterprise Tape Drive TS1120 ( 3592 ) - SC26-7514
Application3584 Intro and Planning Guide GA32 0469– 3584 Intro and Planning Guide - GA32-0469
– 3584 Operator’s Guide - GA32-0468
– TSM 5.4 Admin Guide - GC32-0768• TSM 5 3 4 Readme interim
IBM System Storage44 Tape encryption | Christina Coutts
• TSM 5.3.4 Readme interim
TSM Symposium September 2007
Other ResourcesOther Resources
Cryptography Decrypted – Mel and Baker, 2001
Privacy Rights Clearinghouse – www privacyrights orgPrivacy Rights Clearinghouse www.privacyrights.org
Consumer Union -http://www.consumersunion.org/campaigns/Breach_laws_May05.pdfp g p g _ _ y p
California Department of Consumer Affairs –“Recommended Practices on Notification of Security Breach Involving Personal Information”http://www.privacy.ca.gov/recommendations/secbreach.pdf
N ti l I tit t f St d d d T h lNational Institute of Standards and Technologyhttp://csrc.nist.gov/publications/nistpubs
IBM System Storage45 Tape encryption | Christina Coutts
TSM Symposium September 2007
TrademarksThe following are trademarks of the International Business Machines Corporation in the United States and/or other countries. For a complete list of IBM Trademarks, see www.ibm.com/legal/copytrade.shtml: AS/400, DBE, e-business logo, ESCO, eServer, FICON, IBM, IBM Logo, iSeries, MVS, OS/390, pSeries, RS/6000, S/30, VM/ESA, VSE/ESA, Websphere, xSeries, z/OS, zSeries, z/VM
Th f ll i t d k i t d t d k f th iThe following are trademarks or registered trademarks of other companies
Lotus, Notes, and Domino are trademarks or registered trademarks of Lotus Development CorporationJava and all Java-related trademarks and logos are trademarks of Sun Microsystems, Inc., in the United States and other countriesLINUX is a registered trademark of Linux TorvaldsUNIX is a registered trademark of The Open Group in the United States and other countries.Microsoft, Windows and Windows NT are registered trademarks of Microsoft Corporation.SET and Secure Electronic Transaction are trademarks owned by SET Secure Electronic Transaction LLC.Intel is a registered trademark of Intel Corporation* All other products may be trademarks or registered trademarks of their respective companies.
NOTES:
Performance is in Internal Throughput Rate (ITR) ratio based on measurements and projections using standard IBM benchmarks in a controlled environment. The actual throughput that any user will experience will vary depending upon considerations such as the amount of multiprogramming in the user's job stream, the I/O configuration, the storage configuration, and the workload processed. Therefore, no assurance can be given that an individual user will achieve throughput improvements equivalent to the performance ratios stated here.p g g p p q p
IBM hardware products are manufactured from new parts, or new and serviceable used parts. Regardless, our warranty terms apply.
All customer examples cited or described in this presentation are presented as illustrations of the manner in which some customers have used IBM products and the results they may have achieved. Actual environmental costs and performance characteristics will vary depending on individual customer configurations and conditions.
This publication was produced in the United States. IBM may not offer the products, services or features discussed in this document in other countries, and the information may be subject to change without notice. Consult your local IBM business contact for information on the product or services available in your area.to change without notice. Consult your local IBM business contact for information on the product or services available in your area.
All statements regarding IBM's future direction and intent are subject to change or withdrawal without notice, and represent goals and objectives only.
Information about non-IBM products is obtained from the manufacturers of those products or their published announcements. IBM has not tested those products and cannot confirm the performance, compatibility, or any other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products.
Prices subject to change without notice. Contact your IBM representative or Business Partner for the most current pricing in your geography.
References in this document to IBM products or services do not imply that IBM intends to make them available in every country.
Any proposed use of claims in this presentation outside of the United States must be reviewed by local IBM country counsel prior to such use.
The information could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein; these changes will be incorporated in new editions of the publication. IBM may make improvements and/or changes in the product(s) and/or the program(s) described in this publication at any time without notice.
Any references in this information to non IBM Web sites are provided for convenience only and do not in any manner serve as an endorsement of those Web sites The materials at those
IBM System Storage47 Tape encryption | Christina Coutts
Any references in this information to non-IBM Web sites are provided for convenience only and do not in any manner serve as an endorsement of those Web sites. The materials at those Web sites are not part of the materials for this IBM product and use of those Web sites is at your own risk.