You can specify that library maintenance encrypt the data it copies to tape, CD or DVD . When you encrypt tapes, CDs and DVDs, library maintenance automatically decrypts data when reading from the encrypted media.

Library maintenance encryption provides a way for a site to securely back up its files, and to facilitate disaster backup and recovery.

Library maintenance encryption automatically encrypts or decrypts a tape, CD or DVD, relieving operators and organizations from having to designate a key. This, together with the easy-to-use key management capabilities of Security Center, enables organizations to securely and efficiently back up data.

You can encrypt all library maintenance tapes created on a system by setting the system option LMENCRYPT. Thus, tapes can be encrypted without having to change existing WFL jobs. You can automatically encrypt all library maintenance tape copies and all ARCHIVE backup, rollout, and merge tape copies.

Library maintenance supports Media Encryption Version 2, which enhances the security of encrypted media. Version 2 supports the industry standard AES in Galois Counter Mode (AES-GCM) algorithm, and provides for using unique, random initialization vectors when using AES or Triple-DES in CBC mode encryption (ESSIV). ESSIV is automatically used when a Version 2 copy is done when specifying AES or Triple-DES mode. Version 1 is the default, but version 2 is recommended because of its enhanced security.

You can take an encrypted tape to another ClearPath MCP system and decrypt it, but only after you have exported the encryption keys from the system that encrypted the media and imported the keys to the destination system. Use the MCP Cryptography Services Manager module of Security Center to perform these key management functions.