Walt Farrell wrote: > On Thu, 10 Apr 2008 20:56:04 -0500, Russell Witt <[EMAIL PROTECTED]> wrote: > > >> That will work just fine Mark, if your DR site is dedicated to you and you >> have a running system there that is not recovered from your DR tapes >> themselves. If your DR is running at a Sunguard/IBM shared DR recovery site, >> then that will not work. In that case, you will have to have a backup of >> your RACF database (in un-encrypted form of course) and restore that first; >> re-ipl using the new RACF database (can RACF be re-activated with a new >> database without an IPL?); then restore the rest of your backups. DR is one >> of the biggest issues with any encryption product; and of course Key >> Management is the other major concern (don't let your digital certificates >> expire when you are still using them). >> > > I think he'll need an unencrypted copy of his ICSF databases, too, Russell. > > And yes, you can activate a new RACF DB without an IPL, but only if it has > the same dsname as the one you're already running. > >
We have a one volume zOS 1.8 environment that includes its own RACF and ICSF databases. We restore it from the floor system, ipl it, enter the master keys into the cryptographic hardware, start ICSF and EKM and start restoring the encrypted full volume backup tapes. At the end of the test we erase the keys from the cryptographic hardware, securely wipe the volume that we ipled with(along with the restored volumes of course) and go home. -- Mark Jacobs Time Customer Service Tampa, FL ---- We have a special climate-controlled room that keeps the worms at a low enough temerature so that they remain dormant. If the temperature varies by more than +-0.73K, the worms either freeze to death, or eat throught the CrTiAl alloy of the airlock doors. Dicey. -Branko Cibej <[EMAIL PROTECTED]>, concerning the can of worms ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
