Post by Timothy Sipples
"Disk" in this context means any/all storage that manifests itself as 3390
For DFSMS backups, including backups to virtual tape and tape, z/OS Data
Set Encrypted datasets stay encrypted. That includes DFSMSdss COPY, DUMP,
and RESTORE, and DFSMShsm backup/recover, as examples. Moreover, there's
Encryption Facility for z/OS, and of course it supports virtual tape and
Do you have some other scenario(s) in mind?
z/OS Data Set Encryption is a fantastic new feature, kudos to IBM, and I don't
mean to detract from its wonderfulness.
That's a good point, and I understand, if a new disk dataset is encrypted,
then copying it to tape will maintain encryption. Very good, especially for HSM.
Mentioning 3390 makes the scope of support much clearer, thank you.
The feature is called "Data Set Encryption", not "Disk Data Set Encryption",
so there is an expectation that it would (directly) apply to tape as well.
The FAQ "difference"s does not mention that this method is different
(from Encryption Facility) with respect to device type/class, i.e. 3390 yes, tape no.
There are many programs that write directly to device type 3490 (and 3590-1),
both of which can be virtual (not using TS11x0 hardware encryption).
Unknown whether they are copying data from disk, or not.
I looked at 10 medium-sized customer tape databases (RMM extract, etc.), and the
top 10 programs (other than HSM ADR* etc) were:
and there are many others.
Tape data has moved from off-line, to near-line, to pretty close to on-line these days.
That is, it is very accessible, and I believe no less sensitive than data stored on disk.
Consider a job executing a program that writes a dataset, and the DSN resolves to a disk dataset.
The data could be encrypted - great!
In another job, same program but a different DSN that resolves to a tape dataset.
Not encrypted due to device type - not good.
It would be helpful to know if there is an intent to extend this feature to the tape device class,
or if customers need to differentiate between datasets written to disk (potentially
encrypted) and tape (needing a different encryption technique, or change to disk and
then backup to tape).
Also helpful would be support for EXCP access method.
Does IBM give any hints, Timothy?
Cartagena Software Limited
Markham, Ontario, Canada
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@listserv.ua.edu with the message: INFO IBM-MAIN