Configure Library Encryption (LME)
Enable the library to manage the enrollment and key delivery for designated encryption-capable drives. The library acts as the OKM agent, meaning you only need to enroll the library with OKM rather than individual drives.
Pre-requisites
- Minimum library firmware 1.1.0
- Library contains IBM LTO 6+ drives
- No drives in the library are currently enrolled with OKM
- Configuration of library settings and network settings is complete
Obtain Information from OKM
Have the OKM administrator use the OKM GUI to create an SL4000 library agent. Then, record the following information:
- OKM Cluster IP address
- Agent Name
- Passphrase
Configure the SL4000 to Manage Encryption
- Library encryption must be configured separately and after all other library configuration options. Ensure you have completed the network configuration and rebooted the library before configuring encryption.
- If you previously enrolled individual drives with OKM, unenroll all drives before enabling LME.
- Launch the Configuration Wizard. Then, select Configure Library Encryption.
- From the "Library Encryption Status:" drop-down, select Encrypting.
- Enter the following:
- OKM Cluster IP address
- Agent Name
- Passphrase
- Leave the OKM tuning parameters at their default setting unless instructed to change them by your OKM administrator.
-
Click Next. Review and apply the changes.
Verify the SL4000 Agent is Enrolled
After confirming the changes within the Configuration Wizard, have the OKM administrator go to the OKM GUI and verify that the SL4000 agent now shows "Enrolled: True".
See the OKM documentation for more information.
Enable Specific Drives for Encryption
The configuration wizard enables LME on the library, but initially no drives will be enabled for encryption. You must select IBM LTO 6+ drives and enable encryption on them by modifying the Drive Settings.