Steve, I took a major role in such a product a couple of years back. Sadly it was cancelled a few week before the first application was due to be encrypted.
We had a five string approach to the project. They were led by separate people but we worked together a great deal of course. 1. Set up ICSF to be fit for purpose. 2. Set up TKE. 3. Set up EKMF/web for key management. 4. Devise a strategy for mass allocation and copying of data. 5. Standards, procedures and documentation. We hit a few things you may be interested in. Happy to discuss outside this forum if you wish. Lennie Dymoke-Bradshaw https://rsclweb.com ‘Dance like no one is watching. Encrypt like everyone is.’ -----Original Message----- From: IBM Mainframe Discussion List <[email protected]> On Behalf Of Steve Estle Sent: 15 November 2023 12:13 To: [email protected] Subject: Lessons Learned - Mass Extended Format DS Conversion - ZOS 2.5 All, We are in the midst of rolling out pervasive encryption in our ZOS 2.5 customer environment. To get there of course we need to move to extended format datasets (sequential, VSAM, etc) which we have minimal exposure / experience with today (We have multiple 100K's of datasets in our catalogs across 4 LPAR's. We also will be leveraging hardware compression (ZEDC) as we migrate things as well towards path to pervasive encryption (PV) of course following best practice to compress before encrypting. Have reviewed redbooks on PV, extended format, and hardware compression (experiences with hardware compression so far have been outstanding - especially in our DFDSS backup processing). What I'm looking for are any gotchas / lessons learned / real life experiences in embarking on this mass migration from basic format datasets over to extended compressed format DSN's and encryption that aren't documented in standard doc or redbooks. Or maybe you ran across or developed some tools to aid in such large scale migrations? If you have anything you'd like to share feel free to share it here or if prefer to talk offline contact me at [email protected]. Thanks in advance for sharing. Steve Estle [email protected] ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
