Recovering from an encrypted backup using an encrypted tape
Hardware tape encryption uses tape devices with data encryption capabilities and key management software to encrypt your data. IBM® i supports only library-managed encryption. Use these steps to recover data that you backed up using an encrypting tape drive or tape library.
To restore from an encrypted backup using an encrypting tape
drive or tape library, follow these steps:
- Ensure that the key management software
is running and connected to the system where you plan to restore the
data. The key manager contains the encryption keys that are needed for the recovery operation.
- Restore the data from the most recent backup
tape. When the data is restored, it is decrypted. When you share tapes with another company, the key manager writes the tape with the other company's public key. They can decrypt and read the tape by using their private key.
Attention: It is important to
preserve your keystore data, which is stored in the key manager. Without
access to your keystore data, you cannot decrypt your encrypted tapes
during a restore operation. Back up the keystore data so that you
can recover it as needed. You also can have two key managers that
are mirror images of each other with built-in backup of the critical
keystore information, as well as a failover if one key manager becomes
unavailable. When you configure your tape device, you can point it
to two key managers. If one key manager becomes unavailable for any
reason, your device uses the alternate key manager.