Hi Timothy, On Sat, 9 Sep 2017 17:43:25 +0800, Timothy Sipples <[email protected]> wrote: >"Disk" in this context means any/all storage that manifests itself as 3390 >device types. > >For DFSMS backups, including backups to virtual tape and tape, z/OS Data >Set Encrypted datasets stay encrypted. That includes DFSMSdss COPY, DUMP, >and RESTORE, and DFSMShsm backup/recover, as examples. Moreover, there's >Encryption Facility for z/OS, and of course it supports virtual tape and >tape devices. > >Do you have some other scenario(s) in mind?
z/OS Data Set Encryption is a fantastic new feature, kudos to IBM, and I don't mean to detract from its wonderfulness. That's a good point, and I understand, if a new disk dataset is encrypted, then copying it to tape will maintain encryption. Very good, especially for HSM. Mentioning 3390 makes the scope of support much clearer, thank you. But... The feature is called "Data Set Encryption", not "Disk Data Set Encryption", so there is an expectation that it would (directly) apply to tape as well. The FAQ "difference"s does not mention that this method is different (from Encryption Facility) with respect to device type/class, i.e. 3390 yes, tape no. There are many programs that write directly to device type 3490 (and 3590-1), both of which can be virtual (not using TS11x0 hardware encryption). Unknown whether they are copying data from disk, or not. I looked at 10 medium-sized customer tape databases (RMM extract, etc.), and the top 10 programs (other than HSM ADR* etc) were: 1 IEBGENER 2 DBUTLTY 3 HASJES20 4 ICE* 5 NSX* 6 DSN* 7 IDCAMS 8 SYNCSORT 9 FILEAID 10 JHS* and there are many others. Tape data has moved from off-line, to near-line, to pretty close to on-line these days. That is, it is very accessible, and I believe no less sensitive than data stored on disk. Consider a job executing a program that writes a dataset, and the DSN resolves to a disk dataset. The data could be encrypted - great! In another job, same program but a different DSN that resolves to a tape dataset. Not encrypted due to device type - not good. It would be helpful to know if there is an intent to extend this feature to the tape device class, or if customers need to differentiate between datasets written to disk (potentially encrypted) and tape (needing a different encryption technique, or change to disk and then backup to tape). Also helpful would be support for EXCP access method. Does IBM give any hints, Timothy? Thank you! Mike Baldwin Cartagena Software Limited Markham, Ontario, Canada http://www.cartagena.com http://www.teltape.com ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
