Mainframe computers serve as the operational center for most large companies. These mainframes handle everything from financial management to customer record processing to manufacturing management. To handle these tasks, mainframes are generally connected to a variety of peripheral devices such as tape drives, disk arrays, and so forth.
One common type of peripheral storage device is an Enterprise System Connection (ESCON) tape system. Some industry experts estimate that there are about four million ESCON channels worldwide. Though tape systems based on newer protocols such as Fiber Connection (FICON) and Fibre Channel Protocol (FCP) are available, many companies have elected to continue to use their legacy ESCON tape systems due to the high cost of switching out large numbers of peripherals. As a result, the number of ESCON channels, at present, far exceeds the number of FICON and Fibre-Channel channels.
Due to privacy and identity-theft issues, data encryption has become a must for many financial institutions and other businesses that store sensitive data. This need has been driven in part by legislation such as California's SB 1386 and initiatives such as the Payment Card Industry (PCI) Data Security Standard. The necessity of encrypting data written to peripheral devices presents a serious challenge to companies using legacy ESCON tape systems because the ESCON protocol does not provide natively for data encryption and decryption.
One solution is to feed the ESCON data from the mainframe to a device that converts ESCON data to FCP. The FCP data can in turn be fed to a FCP-compatible compression and encryption device, and the encrypted data can be transmitted to an open-system FCP-compatible tape system. A major disadvantage of this approach is that the enterprise has to replace existing ESCON tape systems with new open-system tape systems at high cost and inconvenience.
Another solution is to replace all ESCON tape systems with current FICON tape systems, which have built-in encryption. Again, a significant disadvantage is the high cost and inconvenience of replacing the legacy ESCON tape systems with new tape systems.
Another solution is to encrypt the data on the mainframe via software before it is sent to the ESCON tape system. This is also a very expensive solution because encryption is highly CPU-intensive, and mainframe usage is charged by the CPU cycles used.
Yet another solution is to eliminate the use of tape drives altogether and to use, for example, disk drives that emulate tape drives. This is also a costly solution.
It is thus apparent that there is a need in the art for an improved method and apparatus for encrypting and decrypting data to/from an ESCON tape system.