On 2 Aug 2005 21:47:45 -0700, in bit.listserv.ibm-main you wrote: >Joel wrote on 03/08/2005 12:32:05 PM: > >> Has anyone else out there looked at the overhead of encrypting all >> tapes, which seems to be the approach some are advocating? The obvious >> problem from the standpoint of efficiency is that good encryption of the >> data, which destroys apparent patterns in the data, will make tape >> hardware compression perform poorly. It seems at present that if one >> wants to do tape encryption under MVS, you are also pretty much also >> forced to also do data compression (first) to avoid tripling the amount >> of physical tape required. You incur not only the CP overhead of of the >> encryption, but that of compression as well. > >Haven't looked into it, but seems a can of worms. As well as all the >overhead issues, what about; >- DR, >- all those warehouses full of tapes/carts you have (currently >unencrypted), >- DASD, >- data going in/out to terminals, >- third parties you need to send data to ... > >We had a small roadshow from IBM yesterday on the z9 - part of this >concentrated on encryption requirements. >This is obviously a hot button - Terri (I believe her name was) basically >said "watch this space - we are onto it". >Doesn't help now, and may not help non-z9 customers in the future; who >knows. > >Shane ... >
In all of this discussion about encryption, my concern is that the tape can be read when and where it is needed. The problems are multi-fold. First the capability to physically read the tape must exist which means that a drive capable of reading the tape must be available and that the tape is physically readable (how sure are you about your week old backups, year old, decade old?). The second is that it is logically readable. For application data, is there a program that can read it or at least a set of data descriptions that can be used to create a program to read the data. HSM, FAVER, the FDR products, etc add a second layer because they have to be able to read the files to create the logical files which in turn have to logically readable. Encryption just adds another requirement which is decryption capability which is controlled well enough to make the encryption worth while. Keys posted on the Internet would sort of defeat the purpose but lack of a 10 year old key could make the 10 year old tape unreadable. I would suggest that our organizations had better make sure that they have the whole process of backup / archiving / recovery well in hand before adding encryption to the mix. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
