1. Forum Rules (PLEASE CLICK HERE TO READ BEFORE POSTING) Click the link to access ADSM.ORG Acceptable Use Policy and forum rules which should be observed when using this website. Violators may be banned from this website. This message will disappear after you have made at least 12 posts. Thank you for your cooperation.

Application Level Encryption

Discussion in 'Tape / Media Library' started by melvernon, May 15, 2009.

  1. melvernon

    melvernon New Member

    Joined:
    Sep 16, 2008
    Messages:
    12
    Likes Received:
    0
    Hello,

    We are attempting to implement application level encryption in the following environment...

    IBM TS3500 Tape Library, Firmware level 8750; with ALMS installed.
    LTO4 Ultrium drives, Firmware level 89B2
    AIX 5.3.2 server, TSM server 5.4.1

    After encryption is enabled, we continually get the following pair of errors when attempting a restore (backup works fine): The errors occur with different volumes, and all 12 drives.

    ANR8302E I/O error on drive DRIVE01 (/dev/rmt3) with
    volume SS3145 (OP=READ, Error Number=47, CC=0, KEY=07,

    ASC=74, ASCQ=01, SENSE=F0.00.07.00.00.00.50.58.00.00.00.-
    00.74.01.30.00.11.88.A1.00.00.01.53.43.33.31.36.37.4C.00-
    .00.00.07.CA.32.00.00.00.00.00.80.08.60.00.00.00.00.00.0-
    0.00.00.00.00.00.00.00.00.00.00.00.00.00.00.00.00.00.00.-
    00.00.00.00.00.00.00.00.00.00.00.00.00.00.00.00.00.00.00-
    .38.39.42.32.00.00.00.00.00.00, Description=An
    undetermined error has occurred). Refer to Appendix C in
    the 'Messages' manual for recommended action. (SESSION:
    8714)
    ANR8355E I/O error reading label for volume SS3145 in
    drive DRIVE01 (/dev/rmt3). (SESSION: 8714)



    If you have implemented application level encryption in a similar environment, and you overcame the above errors, please let me know.



    Did or did you not have to install Feature Code 1604?

    Thanks
     
  2.  
  3. heada

    heada Moderator

    Joined:
    Sep 23, 2002
    Messages:
    2,560
    Likes Received:
    168
    Occupation:
    Storage Administrator
    Location:
    Indiana
    Have you tried to relabel a tape after enabling encryption?

    -Aaron
     
  4. zatogo

    zatogo New Member

    Joined:
    Feb 24, 2007
    Messages:
    207
    Likes Received:
    2
    Location:
    Pacific NW...USA
    You do not need the 1604 feature code to use application-based encryption with TSM.

    You shouldn't need to relabel tapes either.

    It also looks like you are running a version of TSM Server that supports LTO4 encryption.

    Does the device class for your encrypted library/drives have the drive encryption flag set to yes?

    The switch --> drivee=yes
     
  5. melvernon

    melvernon New Member

    Joined:
    Sep 16, 2008
    Messages:
    12
    Likes Received:
    0
    Aaron, yes we did try to relabel a tape. If it had been encrypted, you cannot relable it. If it is new tape, no problem.

    Thanks
     
  6. melvernon

    melvernon New Member

    Joined:
    Sep 16, 2008
    Messages:
    12
    Likes Received:
    0
    Yes, the parameter drive encryption is set to on.
     
  7. melvernon

    melvernon New Member

    Joined:
    Sep 16, 2008
    Messages:
    12
    Likes Received:
    0
    application level encryption fixed

    We were finally able to get this up and running. Tests showed that you could read the tape thaty was encrypted, as long as the tape went to the same drive that you used when it was written to.

    IBM researched this problem, and we upgraded to TSM server Version 5, Release 4, Level 5.0. After this, the encryption has worked with no problem

    Thanks
     

Share This Page