Hello all,
We are looking at setting up z/OS file level encryption. We have 2 Data
Centers, both running z15s, with 2 CryptoCards each, one running z/OS v2.1,
with IMS v13 and the other running z/OS v2.3 with only VSAM. I am not an
Encryption expert, but my question is, what the steps necessary to implement
z/OS file level encryption.
The steps I think we need to take:
- Set the encryption keys, same key for each CryptoCard and same encryption
keys for both z15s
- Setup ICSF
- Setup the CKDS and AES key datasets
- Some ACF2 work
- Setup/Update STGADMIN and CSFSERV classes
- Setup KeyLabels for each type of dataset to be encrypted
- Authorize dataset to use the various KEYLABELs as needed
- Update dataset allocation to add the KEYLABEL, could be done using DATACLAS,
IDCAMS
- Re-allocate IMS databases with KEYLABEL
We are also looking at turning on file level encryption for all datasets,
including IMS on z/OS. Good or bad idea? Also, are they any other options?
Thanks for all the advice and help in advance.
Jerry Edgington
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
