On Thu, 10 Apr 2008 20:56:04 -0500, Russell Witt <[EMAIL PROTECTED]> wrote:
>That will work just fine Mark, if your DR site is dedicated to you and you >have a running system there that is not recovered from your DR tapes >themselves. If your DR is running at a Sunguard/IBM shared DR recovery site, >then that will not work. In that case, you will have to have a backup of >your RACF database (in un-encrypted form of course) and restore that first; >re-ipl using the new RACF database (can RACF be re-activated with a new >database without an IPL?); then restore the rest of your backups. DR is one >of the biggest issues with any encryption product; and of course Key >Management is the other major concern (don't let your digital certificates >expire when you are still using them). I think he'll need an unencrypted copy of his ICSF databases, too, Russell. And yes, you can activate a new RACF DB without an IPL, but only if it has the same dsname as the one you're already running. -- Walt Farrell, CISSP IBM STSM, z/OS Security Design ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html