>As to what you can do with CA:DISK or CA:VTAPE, I suggest that you contact >CA. > >IBM's tape encryption works very well but you'll need the drives to make >it work. > In general I can agree if you are only looking at the CA products and how they could encrypt the files, then one would may well need the IBM encrypting tape drives.
In general also if anyone wants to encrypt tape information, then using the software offering called IBM Encryption Facility works for tape and disk files, is integrated with ICSF and can take advantage of RACF to store the Public/Private key pairs. The product works for those like us who are still on IBM 3590E drives (going to shortly IBM 3592-J1As). Most people focus on the need for IBM encrypting tape units to secure the backup tapes which go offsite. It can be done today with IBM Encryption Facility or one of the competing ISV products. But most ignore data exchanges of sensitive data relying on Site-to-Site VPN's as their encryption rationale. A few might do TLS/SSL but it is my experience very few will encrypt the data at rest before transmission and then also send it over COM circuits TLS/SSL, having the data arrive encrypted at rest to finally initiate a final process to decrypt ( and maybe ultimately translate the data). As an aside I would recommend one Crypto Coprocessor and one Crypto Accelerator per configured CP (3 CPs means 3 CryptoCoprocessors plus 3 Crypto Accelerators). They are cheap enough these days that the savings will be signficant. But then if encryption is not being done within, my prediction is it is in your horizon. jim marshall ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
