Chapter 7 Encryption Key ManagementKMIP-compliant Encryption Key ManagementScalar i500 User’s Guide 171KMIP-compliant Encryption Key ManagementThe Key Management Interoperability Protocol (KMIP®) is aspecification developed by OASIS®. Its function is to standardizecommunication between enterprise key management systems andencryption systems. With version i7.2, the Scalar i500 provides a KMIPversion 1.0 compliant encryption solution.KMIP is currently only supported with SafeNet® KeySecure servers.Contact your Quantum representative for details.Details about the Scalar i500 KMIP-compliant implementation include:• As with other encryption systems supported by the library, in orderto use KMIP-compliant encryption systems with the Scalar i500, youmust have an Encryption Key Management license installed on thelibrary.• A minimum of two KMIP-compliant encryption servers are requiredfor failover purposes. A total of 10 KMIP-compliant encryptionservers are allowed, for increased failover capability.See Configuring Encryption Key Management on the Library on page 172for more information and instructions on how to configure KMIP-compliant encryption systems on the library.General Notes AboutEncryption on the Library7Keep the following points in mind when using encryption on the library:• Data written to encryption-supported and encryption-capable mediain EKM-supported tape drives will be encrypted unless data waspreviously written to the media in a non-encrypted format. In orderfor data to be encrypted, the media must be blank or have beenwritten to using library managed encryption at the first writeoperation at the beginning of tape (BOT).• You cannot append encrypted data to a non-encrypted tape.• You cannot append non-encrypted data to an encrypted tape.• Only one data encryption key can be used per tape cartridge.