LTO Encryption - ENCRYPTION UNAVAILABLE FOR ENCR POOL
I have an NBU 701 environment with AIX Master server, AIX media servers and Windows media servers. All Master and Media's are SAN attached to an IBM tape library, containing 4 x IBM.ULT3580-TD5 (LTO5) direct fibre attached drives. SSO is running in the environment, and all servers can write to the library drives OK.
I have just configured KMS using the nbkms command to create the DB, then the nbkmsutil command to create a keygroup (ENCR_TapePool) and a key.(testkey). Pass-phrases used throughout.
I had already created a volume pool named ENCR_TapePool.
When I run a job directed to use the volume pool ENCR_TapePool it mounts a tape from that pool but then reports the following:
Freezing Tape
Encryption Unavailable For An ENCR Pool
It will continue until all the tapes in the pool have been frozen then fail with a 96 error.
I am feeling that this could be a driver issue with the IBM tape drives - not being set to allow Application Managed Encryption. Do I need to load specific IBM drivers for the environments (Windows and AIX), or is there another angle I should look at ?
Thanks,
AJ.
If I get this correct you are using just KMS which does not require a license - this allows hardware encryption. (if doing media server encryption this does not apply)
The thing is you must have a tape drive that can do hardware encryption like LTO4
and If it is in a library you most likely have to go to the library and tell it you want to use hardware encryption.
In the library I use it was buried in a place I did not think to look and was not in the manual for the library - I had to call support for the library and ask how to turn on hardware encryption.
And it was just a matter of saying - yes the tape drives can do hardware encryption - once that is done it should work for you.