> -----Original Message----- > From: IBM Mainframe Discussion List > [mailto:[EMAIL PROTECTED] On Behalf Of Jeffrey D. Smith > Sent: Friday, September 01, 2006 12:57 PM > To: IBM-MAIN@BAMA.UA.EDU > Subject: Re: IBM announces Encrypting tape drives > >
<snip> Very good points. I agree with them. > > 7. An upside to external encryption is that it minimizes impact to > legacy applications. A CPU-based encryption solution requires some > kind of change to an application I/O to perform the ciphering. This > can be a direct change to the application or maybe through a front-end > of OPEN SVC and the GET/PUT/READ/WRITE routines. Changing a perfectly <snip> This case can be addressed as well. Writing a "subsystem" is not that difficult anymore. Many vendors know how to do it. So the JCL might need to be changed something like: //SYSUT2 DD SUBSYS=(ENCR,'DD:SYSUT2A') //SYSUT2A DD DSN=encrypted.dataset.name, // ... all the rest of the stuff The program still opens SYSUT2. The ENCR subsystem gets control, creates appropriate control blocks, opens SYSUT2A. For each record written to SYSUT2, the ENCR's write subroutine gets control, encrypts the record (or something), then eventually writes it to SYSUT2A. It might even be possible for ENCR to "buffer up" a number of logical records, then encrypt and write a block. I would prefer this to "front ending" OPEN et al. I don't really like "front ending" things any more. This should not require rewriting the program. In fact, we use a product, SYSB, which does this. It redirects VSAM I/O to the specified CICS region. It allows our batch jobs to do updates to VSAM files via the owning CICS region, thus allowing updates in batch while it is open to CICS. > > 2 cents worth. Your mileage may vary. > > Jeffrey D. Smith -- John McKown Senior Systems Programmer HealthMarkets Keeping the Promise of Affordable Coverage Administrative Services Group Information Technology This message (including any attachments) contains confidential information intended for a specific individual and purpose, and its content is protected by law. If you are not the intended recipient, you should delete this message and are hereby notified that any disclosure, copying, or distribution of this transmission, or taking any action based on it, is strictly prohibited. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html