Herbie, 3592 encyrption IS available; but the key's are stored in one of a couple of different places. The EKM (the IBM Key Manager) can store them in its own database (running on a unix/linux box or even on z/OS) or in the security system (RACF/ACF2/Top Secret) database. So stealing a tape drive plus the cartridges won't help; you would need to steal the correct server plus the cartridges.
Russell Witt CA-1 L2 Support Manager -----Original Message----- From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] Behalf Of Van Dalsen, Herbie Sent: Friday, November 30, 2007 1:33 PM To: IBM-MAIN@BAMA.UA.EDU Subject: Hardware encryption question(was Data Center Theft) That is probably the reason that our auditors decided that we should implement a encryption package on a different server, in the second server room, to do the encryption on all UNIX and NT servers(which can be shifted be a single man). They claim that it is useless to have the decryption code on the same device as the physical disk that is being encrypted... until the network link to both the encryption servers are down... My question is this... if hardware encryption becomes available on 3590/2's will the encryption be programmed, and how will the DR site cope... Regards Herbie ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
