We have been doing hardware based tape and disk encryption for a very long time. So long in fact that I think we have 'upgraded' ourselves out of the SKLM (or EKM) business.
The standalone servers were installed way back in our early years of DS8000 technology (before they started offering the standalone feature code for a dedicated box to handle keys). In the meantime we have gone through a few upgrades and we are currently at the DS8884 technology. I cannot find any config info in the DS8884 on 'how to access' an external SKLM server. I think we have gone internal somehow. The SKLM address spaces under z/OS were setup in our days of 3592 tapes with encryption labels on the tapes themselves. 3592 is another technology no longer present in our current data center. A TS7760 grid with encrypted virtual tape disk cache handled the encryption requirement. Our SKLM setup had two lpars, each backing the other in a primary/secondary relationship across an internal hipersockets link. My gut reaction is to just turn them off and lets the chips fall where they may, but that is not the 'professional' way to handle it. Does anyone know how to prove the negative: That I do not need these servers. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
