Dear Aldrin
I'm not sure I understand what you meant by "Application-Managed Hardware Encryption". Could you explain what you meant by "application-managed"?
In my experience with many IBM i servers using IBM tape devices that support HW data encryption, the tape HW encryption feature is turned on and encryption key is enabled in the tape device setup and it works transparently to IBM i. You just run all IBM i SAVXXXX commands as usual. The decryption works transparently with RSTXXXX commands as well.
But if your tape device does not come with HW encryption feature, you can optionally install and use IBM i installable option Encrypted Backup Enablement (57xx-SS1 Option 44) but this feature consumes Power Server's CPU and it prolongs the entire data backup time somewhat because this feature does not compress or compact data as well as non-encrypted data. This Technote describes how to enable this feature in IBM i : How to Set up Encryption Environment to Perform Software Encryption at https://www.ibm.com/support/pages/how-set-encryption-environment-perform-software-encryption.
------------------------------
Satid S
------------------------------
Original Message:
Sent: Fri September 26, 2025 02:48 AM
From: Aldrin Dela Cruz
Subject: LTO-9 backup tape encryption via hardware encryption
Anyone here implemented Application-Managed Hardware Encryption via IBM i Native Tools (No BRMS)? I want to know how to setup this. Thanks
Your help is greatly appreciated.
Aldrin
------------------------------
Aldrin Dela Cruz
Senior IBM i System Administrator
BCSI - VeteransBank
------------------------------