In a recent note, gil asked: >So, how does the remote disaster recovery site decrypt the data when the >main site is crashed?
There are process's with ICSF to backup the CKDS and then at a new site to "register" the new crypto-coprocessor. However, this process involves creating a very long "passphrase" (I believe it is even broken into parts so that multiple individuals can each take part of the passphrase with them) and this passphrase must then be used at the DR site to allow the handshaking (registering?) between the crypto-coprocessor and ICSF itself. Not pretty, and you better make sure you can read the entire passphrase at the DR site. And while this is a very secure method (since the key is never clear after being registered), it is not very fast for bulk encryption. It is great of SSL type processing (hundreds/thousands of transactions a second). But if you think of hundreds or thousands of records per clock second during a backup/restore operation, not very fast. Russell ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
