Lizette Koehler wrote: > I have some basice questions on setting up the Tape Encryption on our TS3500. > > We have installed JAVA 1.5. I have a Data Class defined. I have an ACS > routine to limit who can specifiy the encryption on tape. > > My basic Q's (and I have read the Planning Guide, the TS3500, and TS1120 > Manuals and just get lost) > > 1) Can our SAF handle the keys without me having to create a LABEL? > 2) In IEHINITT doc it shows the REKEY parameter needing a KEYLABEL parm? > Where does that come from? > 3) In JCL I know you can specify the dataclass and a Key Label. Is the Key > label required? > 4) Do I need to run the EKM anywhere else besides the z/OS V1.9 LPAR? > 5) Are the IP addressess unique to the EKM or can I use the ones already in > place for my Mainframe LPAR? I am not sure how the IP works with EKM. > > I probably have more but this should get me started. > > Lizette > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO > Search the archives at http://bama.ua.edu/archives/ibm-main.html > >
I'm assuming that you are using JCECCARACFKS security, (RACF(SAF) and ICSF) if not some of my answers might be incorrect. 1) The keylabels that are used correspond to key labels in the ICSF PKDS database. If you are protecting ICSF keys with the CSFKEYS resource class then you do have to give EKM read access to the keys. 2) AFAIK you specify the the new key label which has to already exist, attached to the EKM keyring and give EKM read access to the key. 3) If the dataclass has key label in the construct then no, else yes, 4) We have two sysplexes running EKM. One is a single system environment so EKM only runs on their zOS lpar. The other sysplex has two EKM's up on different lpars. One as primary, the other as secondary. 5) You can use the same IP address as the mainframe for the SETIOS EKM command. Let me know if you need additional setup help, I have fought and hopefully solved the issues that you have come up here. -- Mark Jacobs Time Customer Service Tampa, FL ---- "We're in the stickiest situation since Sticky the stick insect got stuck on a sticky bun." Rowan Atkinson as Captain Edmund Blackadder in Blackadder Goes Forth ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
