1. IBM states that in a Crypto Express card is highly recommended in a production environment. We are investigating DSN encryption for a handful of datasets, for data-at-rest encryption. My understanding is that without the card, the CKDS key dataset contains keys in the clear, and that the card would store the keys protected like Fort Knox. Isn't RACF adequate to protect the key dataset? If not, then what have I been paying for all these years?
2. Are there any 3rd party solutions to this problem? ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
