On 2/17/2010 5:04 PM, Tom Longfellow wrote:
We use IBM's 3592 Tape Encryption technology for all our tape
encryption needs. Any software based tape encryption is going to cost
CPU cycles whereas offloading the encryption/decryption to the
hardware we've found to be a cost effective solution.
How did the installation of TKLM go? It has been a nightmare for us.
Over a month of effort without a valid working install yet.
And now we have to deal with getting an operational DB2 and WebSphere app
server (SSRE) system at our DR site before we can read any encrypted
data. Running SSRE takes more storage frames that our major subsystems.
The overhead in software to activate this 'hardware' feature is becoming
more trouble than it is worth.
I can't speak for Mark, but we don't have TKLM. I am not even sure
what it does. I just installed an EKM server on z/OS (did take a while
to get all the JAVA pieces worked out), and created a key through RACF.
I use SMS to control what gets encrypted (by default everything). The
only thing we are writing are backups, so they all use the same key.
Key management could get to be a problem if you needed lots of keys.
--
Richard
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
