al device support (E07 native tape transports, full disk encryption on
DS8xxx) and of course it is a chargeable product.
Best Regards,
Sam Knutson, GEICO
System z Team Leader
mailto:sknut...@geico.com
(office) 301
49546 MD RSCB2H
p 616.653.8429
f 616.653.2717
-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@bama.ua.edu] On Behalf Of
Mark Jacobs
Sent: Friday, April 06, 2012 11:20 AM
To: IBM-MAIN@bama.ua.edu
Subject: Re: End of Support for Encryption Key Manager (EKM)
I know
st Paris, Grand Rapids, MI 49546 MD RSCB2H
p 616.653.8429
f 616.653.2717
-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@bama.ua.edu] On Behalf Of
Mark Jacobs
Sent: Friday, April 06, 2012 11:20 AM
To: IBM-MAIN@bama.ua.edu
Subject: Re: End of Support for Encryption Ke
>
>I know all that, but we were floored by the statement made by IBM on the
>call yesterday. I'm trying to get it confirmed.
>
>Mark Jacobs
>>>
>> I was on a conference call with an IBM storage specialist yesterday and
>> he mentioned that end of support for EKM is April 2012.
>>
>> I've never see
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@bama.ua.edu] On
Behalf Of Mark Jacobs
Sent: Friday, April 06, 2012 10:09 AM
To: IBM-MAIN@bama.ua.edu
Subject: [IBM-MAIN] End of Support for Encryption Key Manager (EKM)
I was on a conference call with an IBM storage specialist yesterday and
he men
upport for Encryption Key Manager (EKM)
I was on a conference call with an IBM storage specialist yesterday and
he mentioned that end of support for EKM is April 2012.
I've never seen this statement from IBM, or heard anything about it
until that conference call. Can anyone confirm?
--
M
I was on a conference call with an IBM storage specialist yesterday and
he mentioned that end of support for EKM is April 2012.
I've never seen this statement from IBM, or heard anything about it
until that conference call. Can anyone confirm?
--
Mark Jacobs
Time Customer Service
Tampa, FL
--
@bama.ua.edu
Sent: Monday, March 19, 2012 5:34 PM
Subject: Re: Password Phrase Encryption Algo?
On Mon, 19 Mar 2012 16:19:37 +, Costin Enache wrote:
>Of course. The final result looks like SHA-1, but several operations could
>take place before - DES, etc. At the end it is a cryptographic ope
tentially
>encrypted, for RACF passworh phrases?
>
A one-way hash should be preferble to encryption because there
should be no possibility that the key could be stolen. A dual-key
ciphersystem with one key discarded is comparable to a one-way
hash.
From: Kirk Wo
?
From: Kirk Wolf
To: IBM-MAIN@bama.ua.edu
Sent: Monday, March 19, 2012 4:17 PM
Subject: Re: Password Phrase Encryption Algo?
Sorry if I'm being pedantic, but SHA-1 is not an encryption algorithm - it
is a cryptographic hash function.
http://en.wikipedia.org
Sorry if I'm being pedantic, but SHA-1 is not an encryption algorithm - it
is a cryptographic hash function.
http://en.wikipedia.org/wiki/Cryptographic_hash_function
On Mon, Mar 19, 2012 at 9:09 AM, Costin Enache wrote:
> Hi,
>
> Does anybody have a clue how the
> PASSPHRAS
Hi,
Does anybody have a clue how the
PASSPHRASE is encrypted in RACF? It looks very much like SHA (SHA-1 I
hope), it depends on both the username and password, but how is it
build?
Yes, I have asked in the RACF list already :)
Br,
Costin
-
Hal Merritt writes:
>IMHO, the biggest single challenge is certificate management. Certificates
>have a pretty steep learning curve. As with any encryption solution, the
>actual encryption is trivial but the key (certificate) management is a
killer.
It's exactly the same conceptual
g SSL/TLS
support in a client is often an extra cost option. You should be able to poke
around PROCOMM settings and see if you see the configuration options.
IMHO, the biggest single challenge is certificate management. Certificates have
a pretty steep learning curve. As with any encryption sol
-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@bama.ua.edu] On Behalf Of
Rob Schramm
Sent: Wednesday, February 08, 2012 12:41 AM
To: IBM-MAIN@bama.ua.edu
Subject: Re: TLS, AT-TLS, Encryption Requirements
George,
You should at least get the
George,
You should at least get the freebie encryption turned on for the box. The
lack of the SERVAUTH setup can have a deleterious effect if you have a
UACC(NONE) at the wrong level and then specify TCPCONFIG TLS will stop all
other services from starting up. You can use OBEY to change the
, 2012 2:54 PM
To: IBM-MAIN@bama.ua.edu
Subject: Re: TLS, AT-TLS, Encryption Requirements
Make sure you understand the SERVAUTH EZB.INITSTACK.** requirements for
things like OMPROUTE and use DELAYSTART if you're autologging things.
We're considering whether it is worth changing up pa
have questions about certain requirements with IKE and NSS which
hold up our rollout so production experience is not to be had here yet.
I believe your emulator needs to be capable, my old Attachmate was not.
Encryption will run anywhere, but it's like what they ask you if you want
to pla
Has anyone done this?
Besides coding TTLS in the TCPCONFIG statement in the TCPIP PROFILE does
anything else, like enabling encryption cards, need to be done?
Also, is TLS downward compatible with older TN3270 emulators, like PROCOMM
Thanks Walt.
1) - We're concerned with the TIM account passwords.
2) - ITDS servers run AIX 6.1.
From: Walt Farrell
To: IBM-MAIN@bama.ua.edu
Date: 01/20/2012 09:10 AM
Subject:Re: two-way encryption format for password encryption in
IBM Tivoli Directory Servers
On Wed, 18 Jan 2012 11:14:57 -0600, Bruce Wheatley wrote:
>One of our middleware support staff has brought this possible exposure to our
>attention:
>
>By using the two-way encryption format, a
> super user in ITDS (e.g cn=ro
One of our middleware support staff has brought this possible exposure to our
attention:
By using the two-way encryption format, a
super user in ITDS (e.g cn=root) can run the
ldapsearch command or any other ldap client
Hi
RC4 encryption type supported on Kerberos z/OS ?
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
REQUIRED
CIPHERSUITE SSL__ * one statement
per cipher-suite, in order of preference *
CIPHERSUITE SSL__ * one statement
per cipher-suite, in order of preference *
2) John already mentioned how to tell CICS that you wish to use encryption.
3) Telnet
> -Original Message-
> From: IBM Mainframe Discussion List On Behalf Of Hal Merritt
>
> My auditors want me to restrict the minimum encryption strength to 128
bits. I have pounded the FM's
> but did not find anything that might help. I found where I could
specify what
On Tue, 26 Jul 2011 14:30:10 -0500, Hal Merritt wrote:
>My auditors want me to restrict the minimum encryption strength to 128 bits. I
>have pounded the FM's but did not find anything that might help. I found where
>I could specify what schemes to use, but nowhere could I find a
My auditors want me to restrict the minimum encryption strength to 128 bits. I
have pounded the FM's but did not find anything that might help. I found where
I could specify what schemes to use, but nowhere could I find a complete list
of supported/installed schemes that I could u
n List [mailto:IBM-MAIN@bama.ua.edu] On
Behalf Of
> Tom Ambros
> Sent: Monday, April 25, 2011 6:25 AM
> To: IBM-MAIN@bama.ua.edu
> Subject: [IBM-MAIN] zOS Media Manager and encryption - practical?
>
> Would it be practical to implement encryption at the Media Manager layer,
>
Would it be practical to implement encryption at the Media Manager layer,
key label and access rule definitions maintained in the SMS dataclass,
similar to the way it's done in the distributed environment by the IBM
Encryption Expert product. Basically, that product installs a shim i
> Typically encryption defeats compression. It seems that you can have one or
> the other but not both. I haven't looked, but z/os FTP may compress before
> encryption. (I think the compression occurs in the application layer and the
> encryption occurs in the transport laye
Encrypted data is usually though to be non-compressible. If you want
compression in addition to encryption you'd compress first and then
encrypt the compressed data file.
Mark Jacobs
On 04/05/11 11:20, Hal Merritt wrote:
Certificate based TLS FTP is native to the z/os platform.
Is z/OS Encryption Facility different from ICSF ? A link to the app prog
guide here :
http://publib.boulder.ibm.com/infocenter/zos/v1r10/topic/com.ibm.zos.r10
.csfb400/toc.htm
YES!
--
For IBM-MAIN subscribe / signoff / archive
Certificate based TLS FTP is native to the z/os platform. While certificates
are very secure, they do carry a pretty good learning curve. Any z/os hardware
features installed on the box are exploited by default, I think.
Typically encryption defeats compression. It seems that you can have one
2011/4/5 R.S. :
> I'm looking for some solution for file exchange between z/OS and
> Windows/Linux platform.
>
> The only requirement is to encrypt the file (PS dataset) on z/OS side and
> decrypt it on distributed side and vice versa.
>
> Nice to have:
> - hash calculation
> - compression
> - expl
Is z/OS Encryption Facility different from ICSF ? A link to the app prog
guide here :
http://publib.boulder.ibm.com/infocenter/zos/v1r10/topic/com.ibm.zos.r10.csfb400/toc.htm
N
2011/4/5 Kirk Wolf
> Thanks for the kind plug John
>
> A few comments -
>
> - With IBM Ported Tools O
free OpenSSH server available through cygwin.
- With our new "OpenSSH Accelerator for z/OS, you can exploit CPACF on
z/OS for SSH encryption. Also, with Co:Z Launcher you can disable
encryption of data connections which is even faster/cheaper and a
killer solution if the partner machines are
om: IBM Mainframe Discussion List
> [mailto:IBM-MAIN@bama.ua.edu] On Behalf Of R.S.
> Sent: Tuesday, April 05, 2011 8:31 AM
> To: IBM-MAIN@bama.ua.edu
> Subject: Encryption, compression, etc.
>
> I'm looking for some solution for file exchange between z/OS and
> Windows/Li
z/OS Encryption facility might be just the right thing for you.
It is based on OpenPGP and can utilize the Crypto coprocessor.
http://www-03.ibm.com/systems/z/os/zos/encryption_facility/
Cheers, Johannes
> -Original Message-
> From: IBM Mainframe Discussion List [mailto:IB
S key that I'd be willing to share.
The problem is going to be the key exchange with the target servers
since if the shared encryption key gets compromised your data can be
easily be decrypted.
--
Mark Jacobs
Time Customer Service
Tampa, FL
A schlemiel is a waiter who spills hot sou
z/OS Encryption Facility. Should be distributed with z/OS 1.9 and above.
I believe this is ziip enabled/
FTPS or SFTP (can never remember which is which). Both should be
available with z/OS ported tools
AT-TLS feature of z/OS Comm Server. (I believe this is zip enabled)
HTH,
I'm lookin
> -Original Message-
> From: IBM Mainframe Discussion List On Behalf Of R.S.
>
> I'm looking for some solution for file exchange between z/OS and
> Windows/Linux platform.
>
> The only requirement is to encrypt the file (PS dataset) on z/OS side
> and decrypt it on distributed side and vi
I'm looking for some solution for file exchange between z/OS and
Windows/Linux platform.
The only requirement is to encrypt the file (PS dataset) on z/OS side
and decrypt it on distributed side and vice versa.
Nice to have:
- hash calculation
- compression
- exploitation of CPACF or CryptoExp
Is this Windows or z/OS data that you are encrypting? We use library
managed encryption for our Windows data and system managed encryption
for our native and VTS data.
-Original Message-
From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On
Behalf Of Michael Saraco
Sent
I would appreciate any notes.
From: Lizette Koehler
To: IBM-MAIN@bama.ua.edu
Date: 12/01/2010 09:37 AM
Subject:Re: TS3500 and encryption
Sent by:IBM Mainframe Discussion List
> I have a TS3500 that is to be setup as in library-managed and not
>
> I have a TS3500 that is to be setup as in library-managed and not
> system-
> managed for encryption. In the process I came across this statement in
> the
> EKM manual for setting up the encryption.
>
> Configure 3592 E05, E06, or EU6 tape drives for Encryption.
> a.
I have a TS3500 that is to be setup as in library-managed and not system-
managed for encryption. In the process I came across this statement in the
EKM manual for setting up the encryption.
Configure 3592 E05, E06, or EU6 tape drives for Encryption.
a. If 3592 E05, E06, or EU6 tape drives are
On Wed, Oct 13, 2010 at 4:01 PM, Paul Gilmartin wrote:
> Isn't 112 bits the key space of Triple DES with keying option 2?
Yes...but Radoslaw's question was, "Why is 112 bits bad?"
--
zMan -- "I've got a mainframe and I'm not afraid to use it"
---
On Wed, 13 Oct 2010 21:40:42 +0200, R.S. wrote:
>W dniu 2010-10-12 23:17, Thomas Kern pisze:
>> Not just use the strongest, but you have to go out of your way to reject
>> using the "low" and "medium" strength ciphers. My cyber security people
>> complain about anything that is 112 bits or less.
>
I strongly doubt if they offer remote banking solutions via TN3270 :-)))
(please read carefully: SSL for TN3270)
Regards
--
Radoslaw Skorupka
Lodz, Poland
W dniu 2010-10-13 18:04, Ward, Mike S pisze:
If this is for a remote banking or financial application for your
customers, what encryption
W dniu 2010-10-12 23:17, Thomas Kern pisze:
Not just use the strongest, but you have to go out of your way to reject
using the "low" and "medium" strength ciphers. My cyber security people
complain about anything that is 112 bits or less.
It's not so far from the strongest.
BTW, rhetorical: Did
If this is for a remote banking or financial application for your
customers, what encryption do they support? You may use a high end
encryption but your customers may not be able to support it.
-Original Message-
From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On
Behalf
s?
>
>IMHO there are no such recommendations. What vendor?
>
>The only advice could be: USE THE STRONGEST POSSIBLE CIPHER YOU ARE ABLE
>TO.
>Reason: the stronger the safer. Grumbling auditors will always point you
>in the following manner: "You are using 128-bit encryption, wh
ere are no such recommendations. What vendor?
The only advice could be: USE THE STRONGEST POSSIBLE CIPHER YOU ARE ABLE
TO.
Reason: the stronger the safer. Grumbling auditors will always point you
in the following manner: "You are using 128-bit encryption, while
there's 256-bit one av
We are using SSL for TN3270 and we are being asked to: "Follow vendor
recommendations for disabling medium strength ciphers and enforce on ciphters
(sic) of 128 bit or greater."
Can anyone point me to these recommendations?
Thanks!!
NOTICE: This electronic mail message and any files transmitt
Tom Rusnak pisze:
Is anyone aware of any callable services on z/os for Triple DES encryption
without having any cryptographic hardware installed?
I've tried the CSNBENC routine of ICSF, however, it returns with RC=12
indicating that it doesn't have the necessary hardware.
Thank
[mailto:ibm-m...@bama.ua.edu] On
>> Behalf Of Tom Rusnak
>> Sent: Tuesday, September 21, 2010 6:59 PM
>> To: IBM-MAIN@bama.ua.edu
>> Subject: Triple DES encryption
>>
>> Is anyone aware of any callable services on z/os for Triple DES encryption
>> without having any
Tom Rusnak wrote:
> Is anyone aware of any callable services on z/os for Triple DES encryption
> without having any cryptographic hardware installed?
> I've tried the CSNBENC routine of ICSF, however, it returns with RC=12
> indicating that it doesn't have the necessary ha
> -Original Message-
> From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On
> Behalf Of Tom Rusnak
> Sent: Tuesday, September 21, 2010 6:59 PM
> To: IBM-MAIN@bama.ua.edu
> Subject: Triple DES encryption
>
> Is anyone aware of any callable service
Is anyone aware of any callable services on z/os for Triple DES encryption
without having any cryptographic hardware installed?
I've tried the CSNBENC routine of ICSF, however, it returns with RC=12
indicating that it doesn't have the necessary hardware.
Thanks from the bottom s
The new protected key will perform a whole lot better than the previous
secure key. But I think you'll find the outboard is still faster and is
less impact in general. It is just a "tad" (I think it is 1%.. anyone?)
slower in performance for the tape encryption on the IBM t
Version 1.1 of the Encryption Facility uses the crypto coprocessor (secure
key) to encrypt the data if you specify ENCTDES in the input parms. It also
uses the crypto coprocessor to encrypt the data key if you specify the RSA
parm (along with the key label for a public/privae key pair). The
Phil Smith pisze:
Staller, Allan wrote:
Any Crypto Assist processors present? Makes a big difference!
I'm sure Allan knows this, but I wanted to elaborate: be careful. There are two crypto assist processors available on
System z: the Crypto Express (aka "CEX", pronounced, well, with a soft "C
,
it could make huge difference in software bills.
BTW: I would SERIOUSLY re-think if I really need encrypted tapes. If the
answer is still YES, then I would use H/W encryption built-in tape
drives. My $0.02
--
Radoslaw Skorupka
Lodz, Poland
--
BRE Bank SA
ul. Senatorska 18
00-950 War
One item is that CA Tape Encryption also has zIIP exploitation. With
encryption done at the software level (either DFDSS or CA Tape Encryption)
there is also the concern of compression. Encrypted data sent down to the
device will not compress well with IDRC. If the encryption is done in the
device
Staller, Allan wrote:
>I agree. However, the OP was reporting multiples of the un-encrypted data.
>I can readily believe this for software encryption functions.
>Of course the whole point of the crypto co-processors was to offload Z-cycles.
>From the z-cycles viewpoint outboard encr
>That's what we need: Z-cycles. The biggest, baddest motorcycles on the
>planet!!!
>--
With a bolt on z-BXCar that can hold up to 112 additional riders!
Sorry ... couldn't resist. Happy Monday!
Don Grinsell
State of Montana
-
I agree. However, the OP was reporting multiples of the un-encrypted
data.
I can readily believe this for software encryption functions.
Of course the whole point of the crypto co-processors was to offload
Z-cycles.
>From the z-cycles viewpoint outboard encryption is by far the cheapest.
I
Any Crypto Assist processors present? Makes a big difference!
Yes. We used DFDSS both with the software encryption on and off. The
performance with the encryption turned on was unacceptable and we ended
our testing shortly after we tried the product. By unacceptable I mean
that the resource
Same here. We opted for the 3592 encrypting drives, using EKM to serve
up the encryption keys, and have not looked back.
In addition, it may be new news to some, that while the current
replacement of EKM is the new TKLM, and requires DB2 backend to store
data, there will be a new "
bject: Re: H/w vs S/W Encryption?
Any Crypto Assist processors present? Makes a big difference!
Yes. We used DFDSS both with the software encryption on and off. The
performance with the encryption turned on was unacceptable and we ended
our testing shortly after we tried the product. By unaccepta
used them. The latest 1.2 level might but I don't know from my own
experience.
Mark Jacobs
From: Staller, Allan [allan.stal...@kbm1.com]
Sent: Monday, August 30, 2010 3:43 PM
To: IBM-MAIN@bama.ua.edu
Subject: Re: H/w vs S/W Encryption?
Any Crypto Assis
-cost
feature (feature code 3863).
(Note that with Protected Key on z10/zEnterprise and latest ICSF, you get (most
of) the best of both worlds, but I don't believe this is relevant to the topic
at hand.)
So you want to make sure CPACF is enabled (visible in the HMC) and that your
encryption pro
David,
Adding software encryption to any process will add significant CPU time.
Encryption is a CPU intensive process. Some software will be faster than
others, but it will always add significant CPU time.
>>> "O'Brien, David W. (NIH/CIT) [C]" 8/30/2010 3:22 PM
On 08/30/10 15:22, O'Brien, David W. (NIH/CIT) [C] wrote:
Mark,
Had you been using DFDSS before and IBM EF added to your response times?
That would be a concern.
Thank You,
Dave O'Brien
NIH Contractor
Yes. We used DFDSS both with the software encryption on and off. The
p
a.edu
Subject: Re: H/w vs S/W Encryption?
On 08/30/10 15:04, O'Brien, David W. (NIH/CIT) [C] wrote:
> Management has asked for feedback from the this group.
>
> We are considering hardware encryption using STK 9840D drives vs Software
> encryption using most probably IBM Encrypti
bject: Re: H/w vs S/W Encryption?
On 08/30/10 15:04, O'Brien, David W. (NIH/CIT) [C] wrote:
> Management has asked for feedback from the this group.
>
> We are considering hardware encryption using STK 9840D drives vs Software
> encryption using most probably IBM Encryption Facil
On 08/30/10 15:04, O'Brien, David W. (NIH/CIT) [C] wrote:
Management has asked for feedback from the this group.
We are considering hardware encryption using STK 9840D drives vs Software
encryption using most probably IBM Encryption Facility or CA Tape Encrypt.
Can anyone with exper
Management has asked for feedback from the this group.
We are considering hardware encryption using STK 9840D drives vs Software
encryption using most probably IBM Encryption Facility or CA Tape Encrypt.
Can anyone with experience using any of the above products comment on that
experience
W dniu 2010-08-12 21:30, O'Brien, David W. (NIH/CIT) [C] pisze:
Is anyone using the IBM Data Encryption Facility?
Obviously yes.
Does it support encryption of FDR volume dumps or did you also need to obtain
the FDR Encryption offering?
AFAIK no. There is an option (paid feature) fo
Several releases ago (circa z/OS 1.7) IBM offered DF/DSS "direct"
encryption (in turn used by DFHSM). Works great for HSM dumps. NO
FUNCTIONALITY is available for DFHSM backups. Check the fine manual for
details.
The potential drawback is using software for the encryption, drives up
t
Is anyone using the IBM Data Encryption Facility?
Does it support encryption of FDR volume dumps or did you also need to obtain
the FDR Encryption offering?
Anyone using the hardware encryption offered by Oracle/Sun/STK?
If I can avail myself of your research/experience in this matter it would
Another option would be the CA Tape Encryption product. Your email address
indicates CSC in Australia; which indicates you might already have a license
for the product and not even know it.
Russell Witt
CA 1 L2 Support Manager
-Original Message-
From: IBM Mainframe Discussion List
We don't seem to have much to go on when evaluating the
cost/benefit/scalability of hardware vs software based solutions. All I was
able to find was this quote:
"While low-volume traffic could be protected with software-based encryption,
the demand for fast hardware-accelerated encry
Hal Merritt wrote:
>>>>
Actually, you might find that the crypto card is a less expensive option. I am
told that software encryption/decryption is very costly in terms of CPU which
is why IBM offered the 'specialty engine' (crypto card).
Not sure where so many get
actor into your cost estimates.
Hope that helps.
Greg
On Thu, 29 Jul 2010 12:11:58 +1100, Meganen Naidoo
wrote:
>Hi everyone,
>One of our smaller clients, running on a Z9-BC, encryption requirements is
>for encryption of data at rest, encryption of tape data, support the
>OpenP
Hal and RS, I thought you might be interested to know that many of our
customers use the software based encryption and compression capabilities of
SecureZIP to significantly reduce the size of their encrypted files in storage.
In order to achieve this benefit, there is a need for the file to
Hal Merritt pisze:
Actually, you might find that the crypto card is a less expensive option. I am told that software encryption/decryption is very costly in terms of CPU which is why IBM offered the 'specialty engine' (crypto card).
That's absolutely untrue! Crypto cards are
Actually, you might find that the crypto card is a less expensive option. I am
told that software encryption/decryption is very costly in terms of CPU which
is why IBM offered the 'specialty engine' (crypto card).
Not sure where so many get the bizarre idea that encryption is chea
Meganen Naidoo pisze:
Hi everyone,
One of our smaller clients, running on a Z9-BC, encryption requirements is
for encryption of data at rest, encryption of tape data, support the
OpenPGP format and usage of digital certificates.
IBM's Encryption Facility for z/OS V1.2 has all of the req
Hi everyone,
One of our smaller clients, running on a Z9-BC, encryption requirements is
for encryption of data at rest, encryption of tape data, support the
OpenPGP format and usage of digital certificates.
IBM's Encryption Facility for z/OS V1.2 has all of the required
functionality
On 6/16/2010 4:37 PM, Lucy Arnold wrote:
TKLM is not free. The zbox folks were just told that is what we're using.
We didn't get a vote.
Thanks, that confirms what I thought.
--
Richard
--
For IBM-MAIN subscribe / signoff
TKLM is not free. The zbox folks were just told that is what we're using.
We didn't get a vote.
Lucy Arnold
Storage Manager
U.C. Davis Medical Center
916-734-5498
--
For IBM-MAIN subscribe / signoff / archive access instructi
We are running IN-Band - No DB2 on the Zbox is being used.
Lucy Arnold
Storage Manager
U.C. Davis Medical Center
916-734-5498
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu
4:48 PM
To: IBM-MAIN@bama.ua.edu
Subject: Re: [IBM-MAIN] Is anybody using TKLM, TS-1120 drives for
encryption?
Just out of curiosity, are there any other solutions out there?
We are looking at EKM soultion but are not really happy with it or TKLM.
-Original Message-
From: IBM Main
On 6/16/2010 1:37 PM, Mark Jacobs wrote:
Even though IBM says that Tivoli Key Lifecycle Manager (TKLM) is IBM’s
strategic new platform for storage and delivery of encryption keys to
encrypting storage end-point devices. EKM is still available and will work.
Trust me though, its a PITA to get
We heard that TKLM uses DB2. Is that true?
-Original Message-
From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of
Lucy Arnold
Sent: Wednesday, June 16, 2010 3:50 PM
To: IBM-MAIN@bama.ua.edu
Subject: Re: Is anybody using TKLM, TS-1120 drives for encryption
CA has it's own tape encryption software. I believe it does other than CA
products.
Lucy Arnold
Storage Manager
U.C. Davis Medical Center
916-734-5498
--
For IBM-MAIN subscribe / signoff / archive access instructions,
All,
We are using TKLM and so far it is a PITA to get working too. We are
having issues with the OMVS RACF definition at the moment.
Lucy Arnold
Storage Manager
U.C. Davis Medical Center
916-734-5498
--
For IBM-MAIN subscrib
2:32 PM
To: IBM-MAIN@bama.ua.edu
Subject: Re: Is anybody using TKLM, TS-1120 drives for encryption?
Lucy,
If you go the way of ekm and run into questions, I think I have most of the
answers.
I implemented EKM at my shop and am well versed in its usage. It is basic but
it works well.
Lizette
3592) drives and TKLM - are these the only pieces we need
>> to start encryption? Do we need an EKM STC ? If we do, where the heck
>> do you get it from? The IBM Encryption Key Manager component for Java
>> says EKM should no longer be downloaded fro new tape encryption
&g
1 - 100 of 476 matches
Mail list logo