Beruflich Dokumente
Kultur Dokumente
COMMON
March 19, 2008
BRMS V6R1
IBM Systems Director Navigator for i5/OS Interface
BRMS and Data Encryption
Miscellaneous BRMS Enhancements
Notes:
BRMS now provides you with the ability to encrypt your data to a tape device
This encryption solution is hardware independent, meaning no need for any encryption device
To use the encryption function, you need to have the BRMS Advanced feature (5761-BR1 Option 2) and
Cryptographic Service Provider (5761-SS1 Option 35) installed on the operating system.
Note: i5/OS supports Library Managed Encryption (LME), sometimes also referred to as Transparent
Encryption. With LME, the encrypting tape (LTO 4 or 3592 E05) must be in a library such as the 3584, 3577,
3576 or 3573 for encryption to be available. The library and drive work together with the required Encryption
Key Manager (EKM) component that is available on the hardware to provide data encryption without any host
involvement. Essentially neither i5/OS nor BRMS is aware of encryption/decryption being performend.
This is the best performing solution compared to software encryption (i5/OS and BRMS) on System i, because
there is no CPU utilization consumed by this hardware solution. However, feedback from small to medium
sized customers indicates the hardware encryption solution is currently cost prohibitive. Thus, V6R1 provides
a software-based encryption support for backup under BRMS.
If you have the appropriate master key in the i5/OS directory structure as described in this presentation in
your i5/OS partitions keystore file Q1AKEYFILE in library QUSRBRMS, the basic i5/OS restore commands
detect the encryption information on the tape media being restored. Assuming no other object incompatibility
or security constraints the restore will complete successfully.
That is, V6R1 BRMS Option 2 and proper creation of the master key are required to encrypt the backup data.
Either BRMS or basic i5/OS Restore commands can restore the data.
See the Security presentation for more general information on encryption and coverage of creation and
management of the required master key that BRMS uses.
Save / Restore
Ultrium 3
36 x 70GB 15Krpm
Main Storage 40GB
CPU Utilization
Ultrium 3
36 x 70GB 15Krpm
Main Storage 40GB
FlashCopy Support
Support through the Initialize (INZBRM) command
Option (*FLASHCOPY)
Initialize command must run before FlashCopy is performed
Make BRMS aware of copy function
No BRMS activity allowed on production system/partition
As long as BRMS is in FlashCopy state
For detailed information and setup guidance
Networking Chapter of BRMS manual SC41-5345-06
Maximum 32 Save while Active BRMS jobs can use the same SYNC ID
All jobs need to start within the Start Save Wait Time timeframe
New command Monitor Save while Active BRM (MONSWABRM)
Manage the Multiple Job Common Synchronization Point activity
Number of Operations value needs to be correct