DFSMSdss supports encryption for DUMPs. I believe you need the software
encryption facility on your system and then a license to allow DSS to use
it. Usage is explained in the z/OS V1R11.0 DFSMSdss Storage Administration
guide.
DFSMSdss can use the following types of host-based encryption to
Inc.
416-229-2950 Ext 304
-Original Message-
From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf
Of Russell Witt
Sent: Thursday, February 18, 2010 12:14 AM
To: IBM-MAIN@bama.ua.edu
Subject: Re: DFSMSrmm Tape encryption
TKLM is IBM's new Tivoli Key Lifecycle
Hi team,
I mean, we are evaluating the way to encrypt the data saved into cartridges or
tapes.
Is there some way to activate the tape encryption with RMM?
Is it a software or Hardware functionality?
Which is the easiest way to start encrypting our tapes?
Best regards,
Enrique Montero
On 02/17/10 10:39, MONTERO ROMERO, ENRIQUE ELOI wrote:
Hi team,
I mean, we are evaluating the way to encrypt the data saved into cartridges or
tapes.
Is there some way to activate the tape encryption with RMM?
Is it a software or Hardware functionality?
Which is the easiest way to start
On 2/17/2010 5:04 PM, Tom Longfellow wrote:
We use IBM's 3592 Tape Encryption technology for all our tape
encryption needs. Any software based tape encryption is going to cost
CPU cycles whereas offloading the encryption/decryption to the
hardware we've found to be a cost effective solution
makes those backups much easier); but DB2 backups would still need to
be copied and re-copied. Again, IBM has a product here as does Megacryption
and Innovation. The encryption process is done in the main CPU, so CPU usage
does increase.
Last is generic software encryption (CA Tape Encryption
is
that it is only for existing clients and new clients must use TKLM.
And to be honest, as Lizette has indicated in earlier posts even EKM is not
that easy to install. While key management of the tape encryption keys is
critical (that is why we have CA Key Manager as well); I really don't see
why
In
off9cb0ea2.92a21273-on852576b5.00494604-852576b5.004ba...@siriuscom.com,
on 01/24/2010
at 08:46 AM, Rob Schramm rob.schr...@siriuscom.com said:
Of course if you just hardcode the IP address .. then DNS is removed from
the equation.
At the risk of being burned when your network people
Paris, Grand Rapids, MI 49546 MD RSCB1G
p 616.653.8429
f 616.653.8497
-Original Message-
From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On
Behalf Of Lizette Koehler
Sent: Sunday, January 24, 2010 12:59 AM
To: IBM-MAIN@bama.ua.edu
Subject: DNS, IP, Internet and EKM (Tape
:59 PM
To: IBM-MAIN@bama.ua.edu
Subject: DNS, IP, Internet and EKM (Tape Encryption)
I am not strong on IP and server stuff, so I have a question I hope someone
can answer
We had two things go on tonight. One was a cpu upgrade from z890 to z10.
No big deal.
However, during this time we also
:59:20 -0500
From: stars...@mindspring.com
Subject: DNS, IP, Internet and EKM (Tape Encryption)
To: IBM-MAIN@bama.ua.edu
I am not strong on IP and server stuff, so I have a question I hope someone
can answer
We had two things go on tonight. One was a cpu upgrade from z890 to z10
Lizette,
As with so many things it depends.
Do you have a DNS entry coded in the IECIOSxx member?
Is the DNS entry coded for the drives? (Library managed encryption comes
to mind - the discussion regarding z/OS DNS and resolution becomes moot
for this scenario)
As far as the IP stack is
On Sun, Jan 24, 2010 at 7:40 AM, J R jayare...@hotmail.com wrote:
I don't know EKM. However, in general, you should be able to hardcode
the IP address in your configuration file or, better, in local host tables.
Although hardcoding sounds less flexible, it has to be done somewhere -
either
If the EKM is on z/OS, then the whole thing is under sysprog control. An
external DNS becomes somewhat superfluous.
Rob Schramm
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to
EKM is on z/OS - I plus a DNS or IP address in to my tape library and in IOS
through the IECIOSxx member of parmlib.
Though it is rare, our whole internet/intranet connection was out for an
extended period of time. I was hoping there might be some way to keep EKM
happy on the mainframe while
I am not strong on IP and server stuff, so I have a question I hope someone
can answer
We had two things go on tonight. One was a cpu upgrade from z890 to z10.
No big deal.
However, during this time we also had a six hour internet outage. Some
upgrade that required a larger outage than
Hi all,
Anyone using mainframe tape encryption to selectively encrypt DSN's on tape
volumes or entire volumes? Successes? Issues?
Bob
Robert B. Fake
InfoSec, Inc. http://infosecinc.com/PSU%20Form.html (click here for info
on the InfoSec PSU program!)
703-825-1202 (o)
571-241-5492
Robert Fake rf...@infosecinc.com wrote in message
news:01a601ca1a59$1fb6ddd0$5f2499...@com...
Hi all,
Anyone using mainframe tape encryption to selectively encrypt DSN's on
tape
volumes or entire volumes? Successes? Issues?
Bob
Before the issue could arise here, we went
, FDR CRYPT) -- I am
sure if I indicated the wrong software, some kind soul will
correct me :-D)
When you ask about tape datasets are they individual, one per tape, or are
you asking about multiple files on one tape?
Here is my config with tape encryption.
We are using a TS1120 E05 tape drives
When you run tape Encryption on a stacked tape do you encrypt all files that
are stacked on a tape or just one file on the stacked tape?
For example, I have a batch backup job that places 35 dumped volumes on one
tape. I have looked at the doc and it seems I could place the encryption
Lizette Koehler wrote:
When you run tape Encryption on a stacked tape do you encrypt all files that
are stacked on a tape or just one file on the stacked tape?
For example, I have a batch backup job that places 35 dumped volumes on one
tape. I have looked at the doc and it seems I could
Lizette Koehler wrote:
When you run tape Encryption on a stacked tape do you encrypt all files that
are stacked on a tape or just one file on the stacked tape?
For example, I have a batch backup job that places 35 dumped volumes on one
tape. I have looked at the doc and it seems I could
if the output tape is written in EEFMT2
then the data is encrypted, if not no. The tape drive returns to the
copy program unencrypted data.
Mark Jacobs
Lizette Koehler wrote:
When you run tape Encryption on a stacked tape do you encrypt all files
that are stacked on a tape or just one
run tape Encryption on a stacked tape do you encrypt all files
that are stacked on a tape or just one file on the stacked tape?
For example, I have a batch backup job that places 35 dumped volumes on
one tape. I have looked at the doc and it seems I could place the encryption
on the first file
Development
On Tue, 14 Jul 2009 12:33:04 -0400, Lizette Koehler
stars...@mindspring.com wrote:
When you run tape Encryption on a stacked tape do you encrypt all files
that are stacked on a tape or just one file on the stacked tape?
For example, I have a batch backup job that places 35 dumped
). Or, if file-1 is not
encrypted; then no-encryption even if the dataclass asks for it to be
encrypted. Of course, no such limitation exists with CA Tape Encryption ;)
And, from everything I have heard there is very little clock-time delay when
writing to one of these devices with encryption enabled
Here are the messages. I removed the comment cards. This is from the Start of
the EKM STC until it terminates.
Lizette
JVMJZBL2004N Log level has been set to: T
JVMJZBL2999T - JzosVM()
It looks to me like your JAVA_HOME directory wasn't specified correctly,
since you are getting a message that the JVM dll can't be loaded.
You seem to have JAVA_HOME set to /usr/lpp/java/J5.0. Is there really a
Java SDK installed there?
Kirk Wolf
Dovetailed Technologies
On Tue, Dec 9, 2008 at
No wait... I see something else that is wrong.
You seem to have the following lines in your STDENV config file:
LIBPATH=/lib:/usr/lib:/usr/lpp/java/J5.0/lib
LIBPATH=$LIBPATH:/usr/lib:/usr/lpp/java/J5.0/lib/security
LIBPATH=$LIBPATH=/usr/lpp/java/J5.0/lib/ext
[mailto:[EMAIL PROTECTED] On Behalf Of
Lizette Koehler
Sent: Tuesday, December 09, 2008 10:56 AM
To: IBM-MAIN@bama.ua.edu
Subject: Re: EKM, JAVA and Tape Encryption
Here are the messages. I removed the comment cards. This is from the Start of
the EKM STC until it terminates.
Lizette
I am trying
, EMEA
Via Darwin 85, 20019 Settimo Milanese(MI) ? Italy - MISET001
From:
Lizette Koehler [EMAIL PROTECTED]
To:
IBM-MAIN@bama.ua.edu
Date:
09/12/2008 17.58
Subject:
Re: EKM, JAVA and Tape Encryption
Where does com.ibm.keymanager.EKMServer live? What directory?
Lizette
In addition
Thanks everyone so much. My paths, libpaths and minor little JAVA JZOS
configuration issues are resolved.
I am not off to get my environmentals parms up to snuff and I should be good to
go.
Lizette
--
For IBM-MAIN subscribe
I am trying to setup my EMK Profile for JAVA. I keep getting errors on teh
Audit. statements. Mostly FSUM7351 not Found.
Java is mounted (J1.5), EKM paths are mounted. Not sure what is missing.
Has someone already set this up and would share their insights of how to config
JAVA for EKM?
On Mon, 8 Dec 2008 11:23:59 -0500, Lizette Koehler [EMAIL PROTECTED]
wrote:
I am trying to setup my EMK Profile for JAVA. I keep getting errors on teh
Audit. statements. Mostly FSUM7351 not Found.
Java is mounted (J1.5), EKM paths are mounted. Not sure what is missing.
As always, seeing the
I have some basice questions on setting up the Tape Encryption on our TS3500.
We have installed JAVA 1.5. I have a Data Class defined. I have an ACS
routine to limit who can specifiy the encryption on tape.
My basic Q's (and I have read the Planning Guide, the TS3500, and TS1120
Manuals
Lizette Koehler wrote:
I have some basice questions on setting up the Tape Encryption on our TS3500.
We have installed JAVA 1.5. I have a Data Class defined. I have an ACS
routine to limit who can specifiy the encryption on tape.
My basic Q's (and I have read the Planning Guide
Thanks Ted, clarification gratefully accepted!
Take care all,
Graeme.
At 09:37 PM 1/20/2007, you wrote:
As SLIKZIP's feature load has grown the release rate has dropped
from every six months to more like every 12, but that in no way
justifies the statements that Ted has made in this
As SLIKZIP's feature load has grown the release rate has dropped from every
six months to more like every 12, but that in no way justifies the statements
that Ted has made in this influential forum.
How about it Ted?
I've already appologised offline.
But, I would like to make a public
passwords as encryption keys.
2. In some sense encryption of backup tapes is philosophically incompatible
with rapid and easy data access in the event of an emergency, so many
organizations will initially opt for tape encryption only when tapes leave
the data center (e.g. for partner exchange).
3
ASE
SLiKZiP
http://www.slikzip.com/szabout.htm
I could be wrong (it happens), but I believe that SLIKZIP is 'stabilised' at
the OS/390 2.10 level.
I did a study last year to replace PKZIP with another 'work-alike'.
SLIKZIP was in the running until we found out there was no new development
On 19 Jan 2007 13:57:56 -0800, in bit.listserv.ibm-main
(Message-ID:[EMAIL PROTECTED])
[EMAIL PROTECTED] (Jeffrey Deaver) wrote:
Loss of keys means data loss! Treat the key database just
like
any other precious security resource, such as RACF (or
ACF2 or TopSecret)
databases.
If a
Whoa, now just hold on there Ted...
At 09:28 AM 1/20/2007, Ted MacNEIL [EMAIL PROTECTED] wrote:
I could be wrong (it happens), but I believe that SLIKZIP is
'stabilised' at the OS/390 2.10 level.
I did a study last year to replace PKZIP with another 'work-alike'.
SLIKZIP was in the running
In the IBM-MAIN archives (from about August or September, 2005) there
should be a list of tape encryption products posted. (Search on tape
encryption and it should be pretty easy to spot.) There were also some
follow-up posts noting CA-BrightStor and OpenTech as additional vendors
All,
I need some information about 'Tape Encryption'.
Maybe your company has used the s/w to encrypt the
data in tape in mainframe.
My company need this information...
Thanks for your help.
Regards.
Albertus SD
__
Do You Yahoo!?
Tired of spam
I appreciate your info. Thanks.
--- Russell Witt [EMAIL PROTECTED] wrote:
Date: Tue, 28 Mar 2006 19:24:54 -0600
From: Russell Witt [EMAIL PROTECTED]
Subject: RE: Tape Encryption
To: 'Albertus Dwisulami' [EMAIL PROTECTED]
Albertus,
I am responding directly since I do not want to
appear
As a follow-up to my Tape Encryption Products List posting from last
August, here's some more information.
1. Obviously the IBM software product (IBM Encryption Facility for
z/OS) is available and now well known, so that's one of two statements of
direction fulfilled. Details here:
http
In a message dated 1/23/2006 12:57:04 P.M. Central Standard Time,
[EMAIL PROTECTED] writes:
If anyone knows of any relevant products that haven't been mentioned yet
in the Tape Encryption Products List thread, by all means please chime
in.
The Jan 2006 Tech Support Mag from Naspa has
As a bit of a public service -- and since many of the customers I work with
are trying to evaluate all their options for this pressing problem -- I
thought I'd list the products I know about that support tape encryption.
I'm keenly interested to hear if I forgot any -- thanks.
Please note
Thanks, Jeffrey!
There are also more details emerging about IBM's entry, so hopefully within
the next couple or three weeks I'll have another edition posted.
- - - - -
Timothy F. Sipples
Consulting Enterprise Software Architect
IBM Americas zSeries/z9 Software
Phone: +1 312 529 1612
E-Mail:
As a bit of a public service -- and since many of the customers I work
with
are trying to evaluate all their options for this pressing problem -- I
thought I'd list the products I know about that support tape encryption.
I'm keenly interested to hear if I forgot any -- thanks.
A few more to add
Timothy Sipples wrote:
On Thu, 4 Aug 2005 11:15:23 -0400, Bruce Black [EMAIL PROTECTED] wrote:
IBM intends to deliver a software-based file encryption solution for z/OS
that leverages the existing z/OS key management capabilities provided
within the Integrated Cryptographic Services Facility
On Sun, 7 Aug 2005 14:10:56 -0500, Ed Gould [EMAIL PROTECTED] wrote:
On Aug 7, 2005, at 2:01 PM, Timothy Sipples wrote:
Timothy,
Thanks.
There was at one time an FDP that encrypted any sequential file . I
don't know if its been withdrawn or not. IIRC it was cheap $100 ()
Ed
Ed,
Is
On Aug 8, 2005, at 8:57 AM, Mark Zelden wrote:
On Sun, 7 Aug 2005 14:10:56 -0500, Ed Gould [EMAIL PROTECTED]
wrote:
On Aug 7, 2005, at 2:01 PM, Timothy Sipples wrote:
Timothy,
Thanks.
There was at one time an FDP that encrypted any sequential file . I
don't know if its been withdrawn or
On Thu, 4 Aug 2005 11:15:23 -0400, Bruce Black [EMAIL PROTECTED] wrote:
IBM intends to deliver a software-based file encryption solution for z/OS
that leverages the existing z/OS key management capabilities provided
within the Integrated Cryptographic Services Facility (ICSF) in 2005. More
As a bit of a public service -- and since many of the customers I work with
are trying to evaluate all their options for this pressing problem -- I
thought I'd list the products I know about that support tape encryption.
I'm keenly interested to hear if I forgot any -- thanks.
Please note
On Aug 7, 2005, at 2:01 PM, Timothy Sipples wrote:
Timothy,
Thanks.
There was at one time an FDP that encrypted any sequential file . I
don't know if its been withdrawn or not. IIRC it was cheap $100 ()
Ed
--
For
Timothy, I just scanned the z/OS 1.7 announcement letter 205-167 (on the
IBM announcements site) and I can't find the reference you mention. I
searched for all references to crypt. Can you point me to the right
place?
Here it is:
IBM intends to deliver a software-based file encryption
IBM intends to deliver a software-based file encryption solution for z/OS
that leverages the existing z/OS key management capabilities provided
within the Integrated Cryptographic Services Facility (ICSF) in 2005. More
information will be provided at a later date.
It doesn't say tape so I
In [EMAIL PROTECTED], on 08/02/2005
at 09:32 PM, Joel C. Ewing [EMAIL PROTECTED] said:
Has anyone else out there looked at the overhead of encrypting all
tapes, which seems to be the approach some are advocating?
I wouldn't be that concerned about the overhead. However, have you
looked at
is that good encryption of the
data, which destroys apparent patterns in the data, will make tape
hardware compression perform poorly. It seems at present that if one
wants to do tape encryption under MVS, you are also pretty much also
forced to also do data compression (first) to avoid tripling
compression perform poorly. It seems at present that if one
wants to do tape encryption under MVS, you are also pretty much also
forced to also do data compression (first) to avoid tripling the amount
of physical tape required. You incur not only the CP overhead of of the
encryption
patterns in the data,
will make tape hardware compression perform poorly. It seems at
present that if one wants to do tape encryption under MVS, you are
also pretty much also forced to also do data compression (first) to
avoid tripling the amount of physical tape required. You incur not
only
compression and encryption could be done at this
level?
There are indeed some hardware-based products available now, though not from
IBM to my knowledge.
In the z/OS 1.7 announcement letter there's an IBM statement of direction
concerning software tape encryption (crypto hardware assisted, of course
in the data, will make tape
hardware compression perform poorly. It seems at present that if one
wants to do tape encryption under MVS, you are also pretty much also
forced to also do data compression (first) to avoid tripling the amount
of physical tape required. You incur not only the CP
Take a look at
http://www-03.ibm.com/support/techdocs/atsmastr.nsf/WebIndex/TD101250
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search
On Wed, 1 Jun 2005 10:51:16 -0500, Ernest Nachtigall wrote:
Take a look at
http://www-03.ibm.com/support/techdocs/atsmastr.nsf/WebIndex/TD101250
If you write your encrypt/decrypt routines to be callable as E15 and E35
sort exits you could handle any dataset that the site's sort product can
66 matches
Mail list logo