IBM Power Systems and Business Systems

i5/OS V6R1 BRMS

COMMON
March 19, 2008

2008 IBM Corporation

IBM Power Systems

BRMS V6R1
IBM Systems Director Navigator for i5/OS Interface
BRMS and Data Encryption
Miscellaneous BRMS Enhancements

2008 IBM Corporation

IBM Power Systems

Graphical User Interface Enhancements for BRMS

Browser support via IBM Systems Director Navigator for i5/OS

2008 IBM Corporation

IBM Power Systems

Externalize BRMS Media Policy

Media Policy access possible using both available graphical interfaces

2008 IBM Corporation

IBM Power Systems

Externalize Media Policy Detail

Manage BRMS Media Policies using both available GUIs

2008 IBM Corporation

IBM Power Systems

BRMS Software Encryption-1

Fully implemented only under BRMS Advanced (5761BR1 Option 2)
Use the Cryptographic Services Key Management in GUI
Create key store file Q1AKEYFILE in QUSRBRM with a unique file label

2008 IBM Corporation

IBM Power Systems

Notes:
BRMS now provides you with the ability to encrypt your data to a tape device
This encryption solution is hardware independent, meaning no need for any encryption device
To use the encryption function, you need to have the BRMS Advanced feature (5761-BR1 Option 2) and
Cryptographic Service Provider (5761-SS1 Option 35) installed on the operating system.
Note: i5/OS supports Library Managed Encryption (LME), sometimes also referred to as Transparent
Encryption. With LME, the encrypting tape (LTO 4 or 3592 E05) must be in a library such as the 3584, 3577,
3576 or 3573 for encryption to be available. The library and drive work together with the required Encryption
Key Manager (EKM) component that is available on the hardware to provide data encryption without any host
involvement. Essentially neither i5/OS nor BRMS is aware of encryption/decryption being performend.
This is the best performing solution compared to software encryption (i5/OS and BRMS) on System i, because
there is no CPU utilization consumed by this hardware solution. However, feedback from small to medium
sized customers indicates the hardware encryption solution is currently cost prohibitive. Thus, V6R1 provides
a software-based encryption support for backup under BRMS.
If you have the appropriate master key in the i5/OS directory structure as described in this presentation in
your i5/OS partitions keystore file Q1AKEYFILE in library QUSRBRMS, the basic i5/OS restore commands
detect the encryption information on the tape media being restored. Assuming no other object incompatibility
or security constraints the restore will complete successfully.
That is, V6R1 BRMS Option 2 and proper creation of the master key are required to encrypt the backup data.
Either BRMS or basic i5/OS Restore commands can restore the data.
See the Security presentation for more general information on encryption and coverage of creation and
management of the required master key that BRMS uses.

2008 IBM Corporation

IBM Power Systems

BRMS Software Encryption-2

BRMS enabled encryption will be supported for:
Any tape library
Standalone tape drive
Virtual Tape
Media Duplication
What cannot be encrypted
Operating System
Save Files
Tape labels
How to Encrypt BRMS Media
Valid Keystore file Q1AKEYFILE in QUSRBRM
Media Policy : Encrypt data (*yes) and refer to key
Performance Considerations
Next Foils

2008 IBM Corporation

IBM Power Systems

Encryption and Performance

Save / Restore
Ultrium 3
36 x 70GB 15Krpm
Main Storage 40GB

2008 IBM Corporation

IBM Power Systems

Encryption and Performance

CPU Utilization
Ultrium 3
36 x 70GB 15Krpm
Main Storage 40GB

2008 IBM Corporation

IBM Power Systems

FlashCopy Support
Support through the Initialize (INZBRM) command
Option (*FLASHCOPY)
Initialize command must run before FlashCopy is performed
Make BRMS aware of copy function
No BRMS activity allowed on production system/partition
As long as BRMS is in FlashCopy state
For detailed information and setup guidance
Networking Chapter of BRMS manual SC41-5345-06

2008 IBM Corporation

IBM Power Systems

Start Virtual IP Address (VIPA) in Restricted State

2008 IBM Corporation

IBM Power Systems

DVD/Optical Library Support

Optical and Virtual Optical

Support in all Device and Media commands

2008 IBM Corporation

IBM Power Systems

Multiple Job Common Synchronization Point

Save while Active (*YES) in the Backup Control Group Entry
New values *SYNCLIB, *SYNC, or *NWSSYNC invoke an additional entry
Synchronization Identifier (SYNC ID)
SYNC ID can be a 8 character name

Maximum 32 Save while Active BRMS jobs can use the same SYNC ID
All jobs need to start within the Start Save Wait Time timeframe
New command Monitor Save while Active BRM (MONSWABRM)
Manage the Multiple Job Common Synchronization Point activity
Number of Operations value needs to be correct

2008 IBM Corporation

IBM Power Systems

Logical/Physical file dependency handling by BRMS

STRRCYBRM OPTION (*ALLUSR) or STRRCYBRM OPTION(*CTLGRP)
BRMS will use a predefined value Q1ARSTID for the parameter DFRID
Using this parameter value BRMS will automatically handle data
dependencies
All objects in a set of libraries will be restored, even when the libraries with
dependent objects are restored before the libraries with the objects they
depend on

2008 IBM Corporation

IBM Power Systems

Other important BRMS Enhancements

View and print backup statistics report
New command PRTRPTBRM
Convenient to monitor backup activities
Save specific objects across many libraries generically
Select from list of libraries by generic (LIB: ABC* + DEF* + .) name
File or object level backup for guest operating systems
Linux and Windows objects can be individually saved / restored
Save and Restore private authorities at an object level
Through Control Group Entries
Supported also on IFS lists and SAVxxxBRM / RSTxxxBRM commands
Omit *SYSDTA on the SAVSYSBRM command
Shortens backup window. LIC & Library QSYS omitted.
Many other enhancements
Explore BRMS manual SC41-5345-06 and look for change indicators
2008 IBM Corporation

IBM Power Systems

Trademarks and Disclaimers

8 IBM Corporation 1994-2007. All rights reserved.
References in this document to IBM products or services do not imply that IBM intends to make them available in every country.
Trademarks of International Business Machines Corporation in the United States, other countries, or both can be found on the World Wide Web at
http://www.ibm.com/legal/copytrade.shtml.
Adobe, Acrobat, PostScript and all Adobe-based trademarks are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States, other
countries, or both.
Intel, Intel logo, Intel Inside, Intel Inside logo, Intel Centrino, Intel Centrino logo, Celeron, Intel Xeon, Intel SpeedStep, Itanium, and Pentium are trademarks or registered
trademarks of Intel Corporation or its subsidiaries in the United States and other countries.
Linux is a registered trademark of Linus Torvalds in the United States, other countries, or both.
Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in the United States, other countries, or both.
IT Infrastructure Library is a registered trademark of the Central Computer and Telecommunications Agency which is now part of the Office of Government Commerce.
ITIL is a registered trademark, and a registered community trademark of the Office of Government Commerce, and is registered in the U.S. Patent and Trademark Office.
UNIX is a registered trademark of The Open Group in the United States and other countries.
Cell Broadband Engine and Cell/B.E. are trademarks of Sony Computer Entertainment, Inc., in the United States, other countries, or both and are used under license
therefrom.
Java and all Java-based trademarks are trademarks of Sun Microsystems, Inc. in the United States, other countries, or both.
Other company, product, or service names may be trademarks or service marks of others.
Information is provided "AS IS" without warranty of any kind.
The customer examples described are presented as illustrations of how those customers have used IBM products and the results they may have achieved. Actual
environmental costs and performance characteristics may vary by customer.
Information concerning non-IBM products was obtained from a supplier of these products, published announcement material, or other publicly available sources and does
not constitute an endorsement of such products by IBM. Sources for non-IBM list prices and performance numbers are taken from publicly available information,
including vendor announcements and vendor worldwide homepages. IBM has not tested these products and cannot confirm the accuracy of performance, capability, or
any other claims related to non-IBM products. Questions on the capability of non-IBM products should be addressed to the supplier of those products.
All statements regarding IBM future direction and intent are subject to change or withdrawal without notice, and represent goals and objectives only.
Some information addresses anticipated future capabilities. Such information is not intended as a definitive statement of a commitment to specific levels of performance,
function or delivery schedules with respect to any future products. Such commitments are only made in IBM product announcements. The information is presented here
to communicate IBM's current investment and development activities as a good faith effort to help with our customers' future planning.
Performance is based on measurements and projections using standard IBM benchmarks in a controlled environment. The actual throughput or performance that any
user will experience will vary depending upon considerations such as the amount of multiprogramming in the user's job stream, the I/O configuration, the storage
configuration, and the workload processed. Therefore, no assurance can be given that an individual user will achieve throughput or performance improvements
equivalent to the ratios stated here.
Prices are suggested U.S. list prices and are subject to change without notice. Contact your IBM representative or Business Partner for the most current pricing in your
geography.

2008 IBM Corporation