A new IBM Redbook titled "IBM System Storage Tape Encryption Solutions" is available on the IBM Redbooks site. Redbooks are not only great publications, but a great learning experience when participating on a residency (sieze an opportunity if one presents itself - better still, make it happen for yourself).
This is the first redbook on the new Tivoli Key Lifecycle Manager (TKLM) product. TKLM evolved from an embedded encryption management solution (EKM) available previously with IBM and OEM storage devices. From the Redbook site:
"This IBM Redbooks publication gives a comprehensive overview of the IBM System Storage Tape Encryption solutions that started with the TS1120 Tape Drive in 2006 and have been made available in the TS7700 Virtualization Engine in early 2007. Also in 2007, the IBM Ultrium Linear Tape-Open (LTO) Generation 4 Tape Drive was announced including its support for Tape Encryption. In 2008, additional enhancements to the tape drives supporting encryption as well as to key managment have been made. This edition of the book has been updated with the TS1130 Tape Drive and the Tivoli Key Lifecycle Manager (TKLM).
This book also provides practical guidance for how to implement an enterprise-wide encryption solution. We describe the general concepts of encryption and the implementation options that are available when using IBM Tape to encrypt tape data. We explain the key management options, including the Encryption Key Manager, which is a Java application that allows for enterprise-wide keystores and key management across a wide variety of platforms. We also provide detailed information for planning, implementation, and operation of Tape Encryption for z/OS and Open Systems hosts."