cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

LTO Encryption - ENCRYPTION UNAVAILABLE FOR ENCR POOL

Go to solution
SYMAJB
Level 5
Partner

‎05-11-2011 03:54 PM

I have an NBU 701 environment with AIX Master server, AIX media servers and Windows media servers.  All Master and Media's are SAN attached to an IBM tape library, containing 4 x IBM.ULT3580-TD5 (LTO5) direct fibre attached drives.  SSO is running in the environment, and all servers can write to the library drives OK.

I have just configured KMS using the nbkms command to create the DB, then the nbkmsutil command to create a keygroup (ENCR_TapePool) and a key.(testkey).  Pass-phrases used throughout.

I had already created a volume pool named ENCR_TapePool.

When I run a job directed to use the volume pool ENCR_TapePool it mounts a tape from that pool but then reports the following:

Freezing Tape

Encryption Unavailable For An ENCR Pool

It will continue until all the tapes in the pool have been frozen then fail with a 96 error.

 

I am feeling that this could be a driver issue with the IBM tape drives - not being set to allow Application Managed Encryption.  Do I need to load specific IBM drivers for the environments (Windows and AIX), or is there another angle I should look at ?

Thanks,

AJ. 

Reply
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
J_H_Is_gone
Level 6

‎05-11-2011 04:02 PM

If I get this correct you are using just KMS which does not require a license - this allows hardware encryption.  (if doing media server encryption this does not apply)

The thing is you must have a tape drive that can do hardware encryption like LTO4

and If it is in a library you most likely have to go to the library and tell it you want to use hardware encryption.

In the library I use it was buried in a place I did not think to look and was not in the manual for the library - I had to call support for the library and ask how to turn on hardware encryption. 

And it was just a matter of saying - yes the tape drives can do hardware encryption - once that is done it should work for you.

View solution in original post

0 Kudos
Reply
3 REPLIES 3

Go to solution
J_H_Is_gone
Level 6

‎05-11-2011 04:02 PM

If I get this correct you are using just KMS which does not require a license - this allows hardware encryption.  (if doing media server encryption this does not apply)

The thing is you must have a tape drive that can do hardware encryption like LTO4

and If it is in a library you most likely have to go to the library and tell it you want to use hardware encryption.

In the library I use it was buried in a place I did not think to look and was not in the manual for the library - I had to call support for the library and ask how to turn on hardware encryption. 

And it was just a matter of saying - yes the tape drives can do hardware encryption - once that is done it should work for you.

0 Kudos
Reply

Go to solution
thesanman
Level 6

‎05-11-2011 10:56 PM

I had a similar problem; your IBM library must have Application-Managed encyption enabled.  On a TS3500 you need to be running ALMS and enabled it on a per library basis.

You can see this on the library Web GUI via Library > ALMS.  If you don't have ALMS enabled it will not do it!  That said, the cost of the ALMS enabler license is quite small and the config is quick and easy.

0 Kudos
Reply

Go to solution
SYMAJB
Level 5
Partner

‎05-12-2011 07:45 AM

Thanks to the input above by Judy I sorted this one.

I went into the library admin console, selected manage logical library, and within there you can set the encryption method - set to AME (Application Managed Encryption).

No other changes to drivers etc. were required - all now works.

0 Kudos
Reply