That will work just fine Mark, if your DR site is dedicated to you and you have a running system there that is not recovered from your DR tapes themselves. If your DR is running at a Sunguard/IBM shared DR recovery site, then that will not work. In that case, you will have to have a backup of your RACF database (in un-encrypted form of course) and restore that first; re-ipl using the new RACF database (can RACF be re-activated with a new database without an IPL?); then restore the rest of your backups. DR is one of the biggest issues with any encryption product; and of course Key Management is the other major concern (don't let your digital certificates expire when you are still using them).
Russell Witt CA L2 Support Manager -----Original Message----- From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] Behalf Of Mark Jacobs Sent: Thursday, April 10, 2008 4:09 PM To: [email protected] Subject: Re: Encrypted Tapes and DR Actually we have them in production and have sucessfully tested a restore of an encrypted tape in our disaster recovery environment. We use RACF to control the public piece of the key pair and ICSF holds the private key. Our DR environment has a completely separate RACF and ICSF databases from production. The way that we have set it all up to work is to create keypairs in both the production and DR environments, import the public keys from the DR environment into the production environment and attach these keys to EKM keyring. When we encrypt tapes we use both the production and DR public keys to wrap the data encrypting key on the tape. At DR the tape drives talk to EKM which sends the DR private key to the tape drive which sucessfully unwraps the data encrypting key protected by the DR public key. Does that make sense? Mark Jacobs Time Customer Service ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
