Tape Encryption

Product Overview

As data security breaches become more frequent and more sophisticated, public concern for data protection is on the rise. Poor management of data protection can result in legal and regulatory penalties. Penalties might include mandatory reporting—to the international community—of theft or loss of personal and sensitive data that has not been secured through data encryption. These penalties in turn might result in loss of confidence in the organization and ultimately affect revenue.

Tape Encryption provides the solution you need to create a secure environment.

General Features

The Tape Encryption product adds encryption capabilities to the following products:

  • MCP TapeStack

  • LIBRARY/MAINTENANCE

MCP TapeStack Encryption

The Tape Encryption product adds encryption capability to the MCP TapeStack utility—which is included in the operating environment—to provide the following functionality:

  • Copy data from tape to tape, encrypting the data in the process.

  • Copy data from an encrypted tape to a new tape, decrypting the data in the process. (This functionality does not require the Tape Encryption product.)

  • Use the optional integrated control from the TapeManager application supplied by Dynamic Solutions International.

Tape Encryption can also be used with the stacking capabilities of the complete MCP TapeStack product (style CSP10nn-MTS), which is an optional product, to provide the following additional functionality:

  • Stack data from several tapes onto a single stacked tape, encrypting the original data in the process.

  • Append data from several tapes to the end of a single stacked tape, encrypting the original data in the process.

  • Locate, unstack, and decrypt the specified virtual tape volumes contained on the physical stacked tape to physical tapes that you specify. (This functionality does not require the Tape Encryption product or the complete MCP TapeStack product.)

Library Maintenance Encryption

The Tape Encryption product includes the following encryption capabilities of the MCP Library Maintenance. (The MCP TapeStack product is not required.)

  • CD-ROM encryption. You can use ENCRYPT=<algorithm> in COPY and ARCHIVE statements in a similar manner as that used in tape encryption.

  • To use this feature, you must have a license for the Tape Encryption product (CSP10nn-MTE).

  • Capability to use standard Enterprise Database Server DUMP and COPYAUDIT QUICKCOPY operations to encrypt database data when the data is written to dump and audit tapes.

    To use this capability, you must have licenses for both the Tape Encryption product (CSP10nn-MTE) and the Enterprise Database Server product.

  • Simplified management of tape encryption keys.

  • Use of the COPY command to make encrypted tape copies of files that reside on disk or tape.

  • Use of the COPY and COMPARE command to encrypt data.

  • Use of the SYSOPS (System Options) command to encrypt data by default when copying files to tape.

  • Automatic data decryption when copying data from a source tape. This functionality is available only if the appropriate encryption keys are present on the system.

  • Facility (Security Center) to export and import encryption keys when sharing of encryption keys is required, such as in disaster and recovery situations.

Generate Additional Key Set

This feature of Tape Encryption enables you to generate an additional key set for a given MCP release. In the past, only one key set per MCP release could exist. This capability is useful if you believe that a key of the set was compromised or if you want to change the keys used because of a local security policy (for example, keys must be changed every year).

This capability enables you to

  • Designate a key set as compromised and to automatically generate another key set

  • Recognize read-only keys (those imported from other systems) and compromised keys (those whose key-set numbers are not in use for the local host) through icons for each

  • Export and import compromised key sets, which are helpful for reading old tapes

  • Audit tape encryption key operations such as key creation, compromise, and use

Configuration Information

Software

  • Operating Environment Encryption Option.

  • Complete MCP TapeStack product (for certain capabilities as specified under “General Features”).

Hardware

  • A Cryptography CoProcessor attached to one of the following Libra servers: 750, 780, 790, 880, or 890.

Ordering Information

Platform

Style

ClearPath

The ordering style for Tape Encryption is CSP10nn-MTE, where nn represents performance groups 10 through 160 (in increments of 10).

Source code is not available for this product.

Product Information

Refer to the System Software Utilities Operations Reference Manual (8600 0460) for more information.

Prev  Up  Next
Security Support Library   Home   Application Development