Re: z/OS Data Set Encryption Now Generally Available

2017-09-12 Thread Greg Boyd
Pervasive Encryption is for Extended Format data sets, so it is limited to disk data sets. (You could use the Encryption Facility for tape data sets.) When you allocate the data set it will be flagged as a 'Pervasive Encrypted' data set. (I'm not sure what terminology IBM is using for such a

Re: z/OS Data Set Encryption Now Generally Available

2017-09-11 Thread Timothy Sipples
Mike Baldwin wrote: >It would be helpful to know if there is an intent to extend this feature to the >tape device class,or if customers need to differentiate between datasets written >to disk (potentially encrypted) and tape (needing a different encryption technique, >or change to disk and then

Re: z/OS Data Set Encryption Now Generally Available

2017-09-11 Thread Steve Smith
There has been at least one SHARE presentation on this. The one I know about was session 20612 at San Jose 2017. It covers the basics, and should answer a lot of questions. sas -- For IBM-MAIN subscribe / signoff / archive

Re: z/OS Data Set Encryption Now Generally Available

2017-09-11 Thread Dan Little
There is a key for the dataset and it is stored in ICSF. Nothing magically gets encrypted although some articles and promos seem to imply if buy a z14 everything will magically be encrypted which is not true. There is key management to plan. There is the decision on how datasets get assigned a

Re: z/OS Data Set Encryption Now Generally Available

2017-09-11 Thread Edward Gould
> On Sep 11, 2017, at 10:27 AM, Mike Baldwin wrote: > > z/OS Data Set Encryption is a fantastic new feature, kudos to IBM, and I don't > mean to detract from its wonderfulness. > > That's a good point, and I understand, if a new disk dataset is encrypted, > then copying it

Re: z/OS Data Set Encryption Now Generally Available

2017-09-11 Thread Mike Baldwin
Hi Timothy, On Sat, 9 Sep 2017 17:43:25 +0800, Timothy Sipples wrote: >"Disk" in this context means any/all storage that manifests itself as 3390 >device types. > >For DFSMS backups, including backups to virtual tape and tape, z/OS Data >Set Encrypted datasets stay encrypted.

Re: z/OS Data Set Encryption Now Generally Available

2017-09-09 Thread Timothy Sipples
Mike Baldwin wrote: >The FAQ says "residing on disk", so datasets residing on tape (e.g. TS7700 >would not be supported. (Even if accessed using BSAM/QSAM, and of course >EXCP). Is that correct, and do we expect it's a permanent restriction? "Disk" in this context means any/all storage that

Re: z/OS Data Set Encryption Now Generally Available

2017-09-08 Thread Mike Baldwin
Hi Timothy, Thanks for this. >BSAM, QSAM, and VSAM extended format data sets are all supported. The FAQ says "residing on disk", so datasets residing on tape (e.g. TS7700) would not be supported. (Even if accessed using BSAM/QSAM, and of course EXCP). Is that correct, and do we expect it's a

z/OS Data Set Encryption Now Generally Available

2017-08-08 Thread Timothy Sipples
z/OS Data Set Encryption is a critical new security feature to help you better protect sensitive data. It's a key ingredient in an overall, stepped up enterprise privacy and data protection strategy. And, importantly, z/OS Data Set Encryption does not require any application changes, so you can