Feedback

IBM Encryption Facility for z/OS, V1.2 offers more flexibility for security-rich exchange of data with business partners

IBM United States Software Announcement 207-008
January 16, 2007

 

 ENUS207008.PDF (49KB)

Table of contents   Document options  
TOC link At a glance TOC link Reference information
TOC link Overview TOC link Technical information
TOC link Key prerequisites TOC link Ordering information
TOC link Planned availability date TOC link Terms and conditions
TOC link Description TOC link IBM Electronic Services
TOC link Product positioning TOC link Prices
TOC link Hardware and software support services TOC link Order now
 
Printable version Printable version

 
At a glance

Designed to:

  • Help secure business and customer data
  • Help satisfy regulatory requirements
  • Help protect data from loss and inadvertent or deliberate compromise
  • Help share sensitive information across platforms with partners, vendors, and customers
  • Decrypt and encrypt data to be exchanged between IBM z/OS and non-z/OS platforms

IBM's world-class software support service for IBM Encryption Facility for z/OS is available 24 hours a day, every day.

For ordering, contact:

Your IBM representative, an IBM Business Partner, or IBM Americas Call Centers at 800-IBM-CALL (Reference: LE001).
 
Back topBack to top
 

Overview

With the increased focus on securing sensitive customer and business data while in transit, businesses are turning to encryption solutions. The Encryption Facility for z/OS® applies the powerful encryption capabilities of the IBM mainframe to allow you to encrypt sensitive information to be shared with your partners, suppliers, and customers.

This new release of Encryption Facility for z/OS, V1.2 provides more choice and flexibility for exchanging encrypted files with business partners and support for the OpenPGP standard, RFC 2440. The OpenPGP standard is a widely implemented standard for encrypted files. The Encryption Facility for z/OS support for OpenPGP format allows businesses to exchange encrypted data with a wide selection of existing applications that support this standard on a variety of platforms. Encryption Facility for z/OS, V1.2 continues to offer the System z™ format for encrypting files, which offers performance characteristics above and beyond the OpenPGP format.
 
Back topBack to top
 

Key prerequisites
Refer to the Technical information section.
 
Back topBack to top
 
Planned availability date

March 16, 2007

Encryption Facility for z/OS, V1.2 is a new release which provides enhancements to the Encryption Services optional feature. The DFSMSdss™ Encryption optional feature is unchanged in V1.2.
 
Back topBack to top
 

Description

The Encryption Facility for z/OS, first introduced in 2005, is a host-based software solution designed to encrypt sensitive data before transferring it to tape for archival purposes or business partner exchange. In addition to writing encrypted data to tape, the Encryption Facility for z/OS can also be used to produce encrypted data written to disk and other removable media.

Encryption Facility for z/OS consists of two priced optional features:

  • The Encryption Services feature supports encrypting and decrypting certain file formats on z/OS. This can allow you to transfer them to remote sites within your enterprise, transfer them to partners and vendors, and archive them. The Encryption Services feature supports both the System z format (originally introduced in Encryption Facility for z/OS, V1.1) and the OpenPGP format (new with Encryption Facility for z/OS, V1.2). The System z format supports hardware-accelerated compression before encryption.
  • The DFSMSdss Encryption feature enables the encryption of DFSMSdss dump data sets. This feature supports hardware-accelerated compression before encryption to tape.

Also available is the IBM Encryption Facility for z/OS Client. The Encryption Facility for z/OS Client is a no-cost, separately licensed program (which is offered as is, with no warranty) and is designed to enable the exchange of encrypted data between z/OS systems that have the Encryption Facility installed and systems running on z/OS and other platforms that needed the supported functions. The Encryption Facility for z/OS Client consists of the following:

  • Java™-based Client. The Java-based Client can be used on z/OS and any platform that supports Java. The Java-based Client supports both the decryption of data that was created on a z/OS system using the Encryption Facility System z format, as well as encryption of data to be sent to a z/OS system, where the file will be decrypted using the Encryption Facility System z format. Note: Data that is to be processed using the Java-based Client cannot be created using compression.
  • Decryption Client for z/OS. The Decryption Client for z/OS is supported on z/OS systems only. The Decryption Client for z/OS supports decryption of data that was created on a z/OS system using the Encryption Facility System z format. Data that is to be processed using the Decryption Client for z/OS can be created using compression. The Decryption Client does not support data encryption for the return trip. This option may have performance benefits and require less media for exchange purposes but does not allow your business partner to return the data to you in an encrypted format.

You can download the Encryption Facility for z/OS Client from

With Encryption Facility for z/OS, V1.2 the Encryption Services feature has been enhanced to support the OpenPGP standard, RFC 2440. OpenPGP is a standard protocol for ensuring the integrity of data that can be exchanged between trusted partners. It defines the following requirements and suggested practices for data integrity:

  • Digital signatures for partner authentication and to help ensure that a transferred message has been sent by the party claiming to have sent the message (nonrepudiation).
  • Data encryption using a randomly generated symmetric session key. The randomly generated session key is encrypted with public key or passphrase-based encryption and prefixed to the encrypted data.
  • OpenPGP certificates for the exchange of key information that can provide the data integrity service.

The Encryption Facility for OpenPGP support is intended to provide you even more choice and flexibility for doing business partner data exchanges. The Encryption Facility for OpenPGP support gives you another option for doing business partner exchanges — this is in addition to the current business exchange options offered with Encryption Facility for z/OS, V1.1. This gives you the ability to leverage one or more of these options for handling business partner data exchanges that best suit your needs and that do not require your business partners to purchase new storage hardware, have a mainframe, or run z/OS. Encryption Facility for z/OS, V1.2 is supported on z/OS and z/OS.e releases V1.6, V1.7, and V1.8 running on IBM System z servers.

The Encryption Facility for OpenPGP support is designed to comply with OpenPGP standard requirements and is designed to be compatible with other products that are OpenPGP (RFC 2440)-compliant. This support allows you to exchange an encrypted, compressed, and/or digitally signed file between your internal data centers using the Encryption Facility for OpenPGP support in conjunction with your external business partners and vendors who have an installed OpenPGP (RFC 2440)-compliant client running on z/OS and other operating systems. The Encryption Facility for OpenPGP support includes the mandatory/must-do's identified in the OpenPGP standard (RFC 2440). The Encryption Facility for OpenPGP support includes, but is not limited to:

  • Passphrase base encryption of session key
  • Digital signatures of data
  • Importing/exporting of OpenPGP certificates (V3 and V4 for importing, only export V4, unless exporting an imported V3 key)
  • RSA1, ElGamal, and DSA1 key generation
  • Use of partial data packets
  • ASCII Armor for OpenPGP certificates
  • Data encryption with a randomly generated symmetric session key using AES 1281, 192, and 256 bit keys, Triple-DES1, and Blowfish algorithms2
  • Symmetric encryption of randomly generated symmetric session key using AES 1281, 192, and 256 bit keys, Triple-DES1, and Blowfish algorithms2
  • Asymmetric encryption of randomly generated symmetric keys using RSA1 and ElGamal algorithms
  • Compression using ZIP and ZLIB algorithms
  • Digest/Hash using SHA-11, MD51, MD21, SHA-2561, SHA-384, SHA-512 algorithms
  • Digital Signature using DSA with SHA11 and RSA (with all supported hashes listed above)1 algorithms
Notes
1
These functions can leverage the Integrated Cryptographic Services Facility (ICSF) and hardware cryptography. Hardware cryptography requires the correct environment and may require a Cryptographic module to be installed.

2
The symmetric algorithms are not fully implemented in the hardware. The symmetric algorithms listed require an update to ICSF that will be provided with general availability of Encryption Facility for z/OS, V1.2.

Encryption Facility for OpenPGP is also able to leverage X.509 standards for public key infrastructure (PKI) to extend the basis of trust for OpenPGP environments. Encryption Facility for OpenPGP also allows you to leverage the existing security facilities of z/OS to help provide a security-rich and scalable OpenPGP client. For example, with Encryption Facility for OpenPGP you can do the following:

  • Use as input or output HFS/zFS files or z/OS partitioned (PDS and PDS/E) or sequential data sets
  • Perform cryptographic acceleration with certain kinds of System z hardware
  • Use Security Server Resource Access Control Facility (RACF®) and ICSF key repositories

To implement Encryption Facility for OpenPGP services, you must use the IBM Java Development Kit.

This Encryption Facility for z/OS, V1.2 announcement supports the previous statement of direction provided in the z/OS 1.8 announcement, dated August 8, 2006.

With the addition of the Encryption Facility for OpenPGP support in V1.2, you now have two formats to choose from for handling your encryption needs when doing business partner data exchanges or for data exchanges within your own enterprise. The Encryption Facility System z format, first introduced in the Encryption Services feature in Encryption Facility for z/OS, V1.1, continues to be provided in the Encryption Services feature in V1.2. Note that the functions and services supported by the Encryption Facility for OpenPGP format are not compatible with the functions and services of the Encryption Facility System z format. Both the Java-based Client and Decryption Client for z/OS support the System z format only.

The following is a high-level summary to assist you in deciding which format may be best suited for your needs. For additional details on the comparison of these two formats, refer to Encryption Facility for z/OS: Planning and Customizing at

The Encryption Facility for OpenPGP format support will consume more CP than the Encryption Facility System z format support. It can be configured to leverage multiple CPs via increased parallel processing. The impact of the increased CPU utilization for the Encryption Facility for OpenPGP format support can be reduced with the introduction of zAAP processors. Since the OpenPGP format support is written in Java, all of the workload will be zAAP processor enabled and eligible. Thus for certain configurations, such as four or more online CPUs, the OpenPGP support's elapsed time for a task may compare favorably to that of the Encryption Facility System z format support.

In summary, both formats can use the same z/OS centralized key management and allow the use of public/private key pairs or passphrases to help secure the data exchange between partners. Using the Encryption Facility System z format is likely more suitable for data exchanges when System z processor activity is a key consideration. Using the Encryption Facility OpenPGP format may be better suited when operability with your business partners is a key consideration. You will want to review the business partner data exchange options with your Business Partners to determine the most suitable options.

Encryption Facility                   Encryption Facility
System z format                       OpenPGP format
 
Makes use of z/OS centralized key management and access authentication.
 
Allows the use of either public/private key pairs or passphrases to
help secure exchange between partners.
 
 
Understands z/OS data formats.        Creates a standard data stream.
 
Supports encryption and               Supports encryption of message
 compression of data files.            files based on OpenPGP
                                       standard (RFC 2400).  Allows
                                       for compression of message
                                       files using ZIP/ZLIB format.
 
Designed to provide improved          Provides limited IBM
 performance by leveraging             System z hardware
 IBM System z server                   acceleration of OpenPGP
 cryptographic and compression         required protocols.
 capabilities.
 
                                      Is Java-based thus MIPS may
                                       be eligible for
                                       offload to a zAAP.
 
Designed to work across platforms     Designed to allow the exchange
 via the no-charge Java-based          of an encrypted, compressed,
 client.  The no-charge Decryption     and/or digitally signed file
 Client for z/OS is also available     between your internal data
 for z/OS business-to-business         centers using the Encryption
 exchanges.                            Services for OpenPGP format
                                       in conjunction with your
                                       external partners and vendors
                                       who have an RFC
                                       2440-compliant client running
                                       on z/OS or other operating
                                       systems.
 
Net:  Use where number of System z    Net:  Use when OpenPGP standard
 MIPS consumed is a consideration.     protocol is required.

Accessibility by people with disabilities

A U.S. Section 508 Voluntary Product Accessibility Template (VPAT) containing details on the product's accessibility compliance can be requested via IBM's Web site at

Section 508 of the U.S. Rehabilitation Act

IBM Encryption Facility for z/OS, V1.2 is capable as of March 16, 2007, when used in accordance with IBM's associated documentation, of satisfying the applicable requirements of Section 508 of the Rehabilitation Act, provided that any assistive technology used with the product properly interoperates with it. A U.S. Section 508 Voluntary Product Accessibility (VPAT) can be requested via IBM's Web site at


 
Back topBack to top
 
Product positioning

Helping to protect data from loss and inadvertent or deliberate compromise is a critical concern for businesses. To help address this issue, IBM Encryption Facility for z/OS extends the scope of IBM's mainframe encryption capabilities to support the exchange of encrypted files with business partners. Encrypted files can be shared with partners via tape or electronic transmission. Customers can leverage the robust centralized capabilities of z/OS Integrated Cryptographic Services Facility (ICSF) and mainframe cryptographic hardware to generate, maintain, and store key data. In addition, z/OS Security Server (RACF), or a comparable product, can provide security-rich access management and auditability for key management tasks. Together these elements create a powerful centralized encryption solution.

Encryption Facility complements the tape encryption solution provided by IBM's System Storage™ TS1120 tape drives. The TS1120 tape drive with encryption enabled is designed to provide a data protection solution that has the ability to offload the encryption function from the server to the tape and to provide a cost-effective encryption solution for the large volumes of data involved in data archive and backup activities. When used with z/OS, the TS1120 also takes advantage of System z's unique security and cryptographic features to provide a powerful solution for enterprise-wide encryption key storage and management.

The Encryption Facility for z/OS provides a highly flexible solution for exchanging encrypted tapes with your business partners that do not have an encrypting TS1120 drive. To decrypt the data, business partners have the choice of utilizing a no-cost, Web-downloadable Java-based client, designed to run in any environment that supports Java, or a program supported by the OpenPGP standard, RFC 2440. With both of these options, business partners can decrypt the data and re-encrypt it for the return trip, helping to protect sensitive data during the exchange process.
 
Back topBack to top
 

Hardware and software support services

SmoothStart™/installation services

IBM offers a number of remote and on-site IBM SmoothStart Services, Operational Support Services, Migration Services, and Installation Services designed to accelerate productive use of the IBM solution. These services are provided by IBM or an IBM Business Partner at an additional charge. For additional information, contact an IBM representative and ask for IGS Services for Encryption Facility for z/OS.
 
Back topBack to top
 

Reference information
  • Software Announcement 206-190 (IBM z/OS V1.8 — Extending the enterprise-wide role)
  • Software Announcement 206-191 (IBM z/OS.e V1.8 — Affordability for mainframe enterprise and Web-based applications)

Business Partner information

If you are a Direct Reseller - System Reseller acquiring products from IBM, you may link directly to Business Partner information for this announcement. A PartnerWorld ID and password are required (use IBM ID).

BP Attachment for Announcement Letter 207-008

Trademarks

 
System z, DFSMSdss, System Storage, and SmoothStart are trademarks of International Business Machines Corporation in the United States or other countries or both.
 
z/OS, RACF, and Lotus are registered trademarks of International Business Machines Corporation in the United States or other countries or both.
 
Java is a trademark of Sun Microsystems, Inc.
 
Other company, product, and service names may be trademarks or service marks of others.

 
Back topBack to top
 
Technical information

Specified operating environment

Hardware requirements

The Encryption Services and the DFSMSdss™ Encryption features of the Encryption Facility for z/OS® run on the following IBM servers:

  • System z9™ BC or z9 EC, or equivalent
  • zSeries® z900 or z990, or equivalent
  • zSeries z800 or z890, or equivalent

The cryptographic options for Encryption Facility V1.2 and higher have the following requirements:

  • For the PASSWORD option, use one of the following:
    • CPACF only
    • CCF
  • For the Clear-TDES and Clear-AES128 (no ENCTDES), use one of the following:
    • CPACF only, or CPACF with PCIXCC / CEX2C
    • CCF, or CCF with PCICC
  • For 2048-bit keys, use one of the following:
    • CEX2C
    • PCIXCC
    • PCICC with PCI Crypto 2048 bit Enablement Feature 0867
  • For RSA keys generated through RACF® using ICSF or directly through ICSF, use one of the following:
    • CEX2C
    • PCIXCC
    • PCICC
  • For 1024-bit ME keys generated through RACF BSAFE and imported into ICSF, a CCF is required.

Note: Performance for secure key (ENCTDES option) is slower than clear key (Clear-TDES or Clear-AES128). IBM recommends the use of clear key for encrypting large volumes of data.

OpenPGP support and hardware cryptography: For AES or TDES symmetric encryption use one of the following:

  • CPACF only
  • CPACF with PCIXCC/CEX2C
  • CCF
  • CCF with PCICC

For signatures or session key encryption using 2048-bit keys or 2048-bit RSA key generation, use one of the following:

  • CEX2C
  • PCIXCC
  • PCICC with PCI Crypto 2048 bit Enablement Feature 0867

For signatures or session key encryption using RSA 1024-bit ME keys generated through RACF BSAFE, imported into ICSF, and prepared for OpenPGP use, a CCF is required.

For signatures or session key encryption using RSA keys generated through RACF using ICSF or directly through ICSF and prepared for OpenPGP use, use one of the following:

  • CEX2C
  • PCIXCC
  • PCICC

Software requirements

The Encryption Services feature of the Encryption Facility for z/OS requires the following for the System z™ format:

  • z/OS (5694-A01) or z/OS.e (5655-G52) V1.6 or higher
  • PTF for z/OS DFSMS APAR OA09868 and QSAM APAR OA13571
  • z/OS Cryptographic Services — Integrated Cryptographic Services Facility (ICSF) Web deliverable (FMID HCR7720) or later

The Encryption Services feature of the Encryption Facility for z/OS requires the following for the OpenPGP format:

  • z/OS (5694-A01) or z/OS.e (5655-G52) V1.6 or higher
  • Integrated Cryptographic Services Facility (ICSF) Web deliverable (FMID HCR7720) or later
  • IBM 31-bit SDK for z/OS, Java™ 2 Technology Edition, Version 5, product 5655-N98 at Service Refresh level SDK5 SR4 or later
  • PTF for z/OS ICSF APAR OA19177

The optional RACF PTF for APAR OA13030 is required to:

  • Use the RACF RACDCERT command to allow the storage of RSA public keys in the ICSF PKDS
  • Specify the PKDS labels to be used when storing public or private keys in the PKDS
  • List the PKDS labels of existing certificates

The DFSMSdss Encryption feature of the Encryption Facility for z/OS requires the following:

  • z/OS (5694-A01) or z/OS.e (5655-G52) V1.6 or higher
  • z/OS Cryptographic Services — Integrated Cryptographic Services Facility (ICSF) Web deliverable (FMID HCR7720) or later
  • Either the DFSMShsm™/DFSMSdss combination priced feature or the DFSMSdss priced feature of z/OS or z/OS.e V1.6 or higher
  • PTF for z/OS DFSMS APARs OA13300, OA13453, and OA13687

The Encryption Facility for z/OS Client requires the following:

  • Java-based Client:
    • To run on z/OS, one of the following is required:
      • IBM SDK for z/OS, Java 2 Technology Edition, 5655-I56, at PTF UQ90449 or higher (SDK1.4.2)
      • IBM Developer Kit for OS/390®, Java 2 Technology Edition, 5655-D35, at PTF UQ88094 or higher (SDK1.3.1)
    • To run on other platforms, one of the following is required:
      • Sun SDK 5.0.
      • An IBM JVM at SDK1.4.2.
      • A JVM with a JCE cryptographic provider installed that supports all the required algorithms. Refer to the Encryption Facility Client documentation for details on the algorithms, modes, and padding schemes needed.

    For the PTF requirements for iSeries™ or other platforms, refer to the README file for the Java-based Client at the following Web site

    For information about Java on z/OS, visit

  • Decryption Client for z/OS:
    • z/OS (5694-A01) or z/OS.e (5655-G52) V1.4 or higher. (Note: The Decryption Client for z/OS runs only on z/OS and is supported with both Encryption Facility for z/OS, V1.1 and V1.2.)
    • PTF for z/OS DFSMS APAR OA09868.
    • z/OS Cryptographic Services — Integrated Cryptographic Services Facility with z990 Cryptographic Support Web deliverable (FMID HCR770A) or later. Some hardware features require the z990 and z890 Enhancements to Cryptographic Support Web deliverable (FMID HCR770B) or later.

Planning information

Direct customer support

Direct customer support is provided by IBM Operational Support Services — SoftwareXcel Enterprise Edition or SoftwareXcel Basic Edition. These fee services can enhance your productivity by providing voice and electronic access into the IBM support organization. IBM Operational Support Services — SoftwareXcel Enterprise Edition or SoftwareXcel Basic Edition will help answer questions pertaining to usage, how-to, and suspected software defects for eligible products.

Installation and technical support is provided by IBM Global Services. For more information on services, call 1-888-426-4343.

To obtain information on customer eligibility and registration procedures, contact the appropriate support center.

Security, auditability, and control

The customer is responsible for evaluation, selection, and implementation of security features, administrative procedures, and appropriate controls in application systems and communication facilities.
 
Back topBack to top
 

Ordering information

Ordering z/OS through the Internet

ShopzSeries provides an easy way to plan and order your z/OS ServerPac or CBPDO. It will analyze your current installation, determine the correct product migration, and present your new configuration based on z/OS. Additional products can also be added to your order (including determination of whether all product requisites are satisfied). ShopzSeries is available in the U.S., Canada, and several countries in Europe. In countries where ShopzSeries is not available yet, contact your IBM representative (or IBM Business Partner) to handle your order via the traditional IBM ordering process. For more details and availability, visit the ShopzSeries Web site at

New licensees

Orders for new licenses can be placed now. Registered customers can access IBMLink™ for ordering information and charges. The IBM Encryption Facility for z/OS, V1.2 (5655-P97) consists of the following orderable features:

  • IBM Encryption Facility for z/OS, V1.2 Encryption Services
  • IBM Encryption Facility for z/OS, V1.2 DSFMSdss Encryption

Both features will become available on March 16, 2007.

Shipment will not occur before the availability date.

The IBM Encryption Facility for z/OS, V1.2 product is shipped only via Customized Offerings (CBPDO, ServerPac, SystemPac®, and ProductPac®).

Basic license

To order a basic license, specify the IBM Encryption Facility for z/OS program number (5655-P97) and feature number 9001 for asset registration.

Parallel Sysplex® License Charge (PSLC) basic license: To order a basic license, specify the program number and quantity of MSU.

If there is more than one program copy in a Parallel Sysplex, the charge for all copies is associated to one license by specifying the applicable PSLC license options and quantity represented by the sum of the Service Units in Millions (MSUs) in your Parallel Sysplex. For all other program copies, specify the System Usage Registration No-Charge (SYSUSGREG NC) Identifier on the licenses.

Entitlement                           License option/
identifier     Description            Pricing metric
 
S01243R        Encryption Facility    Basic MLC, PSLC below 3 MSU
                for z/OS V1.2         Basic MLC, PSLC AD
                Encryption            SYSUSGREG NC, PSLC AD
                Services

Note: "Encryption Facil Encrypt Ser" is the short name used in the ordering system.

Entitlement                           License option/
identifier     Description            Pricing metric
 
S01256T        Encryption Facility    Basic MLC, PSLC below 3 MSU
                for z/OS V1.2         Basic MLC, PSLC AD
                DFSMSdss              SYSUSGREG NC, PSLC AD
                Encryption

Note: "Encryption Facil DSS Encrypt" is the short name used in the ordering system.

Workload License Charge (WLC) basic license: If there is more than one program copy in a Parallel Sysplex, the charge for all copies is associated to one license by specifying the applicable WLC license options and quantity represented by the sum of the Service Units in Millions (MSUs) in your Parallel Sysplex. For all other program copies, specify the Workload Registration Variable WLC Identifier on the licenses.

Entitlement                           License option/
identifier     Description            Pricing metric
 
S01243R        Encryption Facility    Basic MLC, Variable WLC
                for z/OS V1.2         Workload Registration,
                Encryption             Variable WLC
                Services

Note: "Encryption Facil Encrypt Ser" is the short name used in the ordering system.

Entitlement                         License option/
identifier    Description           Pricing metric
 
S01256T       Encryption Facility   Basic MLC, Variable WLC
               for z/OS V1.2        Workload Registration,
               DFSMSdss              Variable WLC
               Encryption

Note: "Encryption Facil DSS Encrypt" is the short name used in the ordering system.

Entry Workload License Charge (EWLC) basic license: To order a basic license, specify the program number and the quantity of MSUs.

Entitlement                           License option/
identifier     Description            Pricing metric
 
S01243R        Encryption Facility    Basic MLC, Entry WLC
                for z/OS V1.2
                Encryption Services

Note: "Encryption Facil Encrypt Ser" is the short name used in the ordering system.

Entitlement                            License option/
identifier     Description             Pricing metric
 
S01256T        Encryption Facility     Basic MLC, Entry WLC
                for z/OS V1.2
                DFSMSdss Encryption

Note: "Encryption Facil DSS Encrypt" is the short name used in the ordering system.

Growth Opportunity License Charge (GOLC): To order a basic license, specify the program number and the correct level.

Specify the GOLC monthly license option.

Entitlement                            License option/
identifier     Description             Pricing metric
 
S01243R        Encryption Facility     Basic MLC, GOLC
                for z/OS V1.2
                Encryption Services

Note: "Encryption Facil Encrypt Ser" is the short name used in the ordering system.

Entitlement                            License option/
identifier     Description             Pricing metric
 
S01256T        Encryption Facility     Basic MLC, GOLC
                for z/OS V1.2
                DFSMSdss Encryption

Note: "Encryption Facil DSS Encrypt" is the short name used in the ordering system.

zSeries Entry License Charge (zELC): To order zELC software, specify the program number and z800 model.

Specify the zELC monthly license option.

Entitlement                            License option/
identifier     Description             Pricing metric
 
S01243R        Encryption Facility     Basic MLC, zELC
                for z/OS V1.2
                Encryption Services

Note: "Encryption Facil Encrypt Ser" is the short name used in the ordering system.

Entitlement                            License option/
identifier     Description             Pricing metric
 
S01256T        Encryption Facility     Basic MLC, zELC
                for z/OS V1.2
                DFSMSdss Encryption

Note: "Encryption Facil DSS Encrypt" is the short name used in the ordering system.

Basic machine-readable material

Orderable
supply ID   Language     Distribution medium   Description
 
S0123M5     US English   Refer to Media        Encryption Facility
                          type note             Encryption Services

Note: "Encryption Facil Encrypt Ser" is the short name used in the ordering system.

Note: The media type is chosen during customized offering ordering.

Orderable
supply ID   Language     Distribution medium   Description
 
S01256V     US English   Refer to Media        Encryption Facility
                          type note             DFSMSdss Encyption

Note: "Encryption Facil DSS Encrypt" is the short name used in the ordering system.

Note: The media type is chosen during customized offering ordering.

Customization options

Select the appropriate feature numbers to customize your order to specify the delivery options desired. These features can be specified on the initial or MES orders.

Example: If publications are not desired for the initial order, specify feature number 3470 to ship media only. For future updates, specify feature number 3480 to ship media updates only. If, in the future, publication updates are required, order an MES to remove feature number 3480; then, the publications will ship with the next release of the program.

Initial shipments

Feature      Description
 
3444         Serial Number Only
              (suppresses shipment of media and documentation)
 
3470         Ship Media Only
              (suppresses initial shipment of documentation)
 
3471         Ship Documentation Only
              (suppresses initial shipment of media)

Update shipments

Feature      Description
 
3480         Ship Media Updates Only
              (suppresses update shipment of documentation)
 
3481         Ship Documentation Only
              (suppresses update shipment of media)
 
3482         Suppress Updates
              (suppresses update shipment of media and
              documentation)

Expedite shipments

Feature      Description
 
3445         Local IBM Office Expedite
              (for IBM use only)
 
3446         Customer Expedite Process Charge
              ($30 charge for each product)

Unlicensed documentation

The following publications are supplied automatically with the basic machine-readable material:

                                         Publication
Title                                    number
 
IBM Encryption Facility for z/OS:        GA76-0419
 Licensed Program
 Specifications
 
IBM Program Directory for Encryption     GI10-0771
 Facility for z/OS

The following publications are available in softcopy at

                                          Publication
Title                                     number
 
IBM Encryption Facility for z/OS:         SA23-2230
 Using Encryption Facility for
 OpenPGP
 
IBM Encryption Facility for z/OS:         SA23-2229
 Planning and Customizing
 
IBM Encryption Facility for z/OS:         GA76-0419
 Licensed Program
 Specifications
 
IBM Program Directory for Encryption      GI10-0771
 Facility for z/OS

Refer to the IBM Publications Center Web site for more information about publication ordering

Subsequent updates (technical newsletters or revisions between releases) to the publications shipped with the product will be distributed to the user of record for as long as a license for this software remains in effect. A separate publication order or subscription is not needed.

Customized offerings

Product deliverables are shipped only via Customized Offerings (for example, CBPDO, ServerPac, SystemPac).

CBPDO and ServerPac are offered for electronic delivery, where ShopzSeries product ordering is available. For more details on electronic delivery, refer to the ShopzSeries help information at

Media type for this software product is chosen during the customized offerings ordering process. Based on your customer environment, it is recommended that the highest possible density tape media is selected. Currently offered media types are:

  • CBPDOs — 3480, 3480 Compressed, 3590*
  • ServerPacs — 3480, 3480 Compressed, 3490E, 3590*
  • SystemPacs — 3480, 3480 Compressed, 3490E, 3590*
*
3590 is highest density media, which will ship the fewest number of media.

Once a product becomes generally available, it will be included in the next ServerPac and SystemPac monthly update.

Production of software product orders will begin on the planned general availability date.

  • CBPDO shipments will begin one week after general availability.
  • ServerPac shipments will begin two weeks after inclusion in ServerPac.
  • SystemPac shipments will begin four weeks after inclusion in SystemPac due to additional customization and data input verification.

 
Back topBack to top
 
Terms and conditions

Agreement: IBM Customer Agreement

Variable charges apply: No

Indexed Monthly License Charge (IMLC) applies: No

Location license applies: No

Use limitation applies: No

Educational allowance available: Yes, a 15% education allowance applies to qualified education institution customers.

Volume orders: Not applicable

Warranty applies: Yes

Licensed program materials availability

  • Restricted Materials of IBM: Some
  • Nonrestricted Source Materials: Some
  • Object Code Only (OCO): Some

Program services

  • Support Center applies: Yes
  • Available until discontinued: 12 months' written notice

IBM Operational Support Services — SupportLine: Yes
 
Back topBack to top
 

IBM Electronic Services

IBM has transformed its delivery of hardware and software support services to put you on the road to higher system availability. Electronic Services is a Web-enabled solution that offers an exclusive, no-additional-charge enhancement to the service and support available for IBM servers. These services provide the opportunity for greater system availability with faster problem resolution and preemptive monitoring. Electronic Services comprises two separate, but complementary, elements: Electronic Services news page and Electronic Services Agent.

The Electronic Services news page is a single Internet entry point that replaces the multiple entry points traditionally used to access IBM Internet services and support. The news page enables you to gain easier access to IBM resources for assistance in resolving technical problems.

The Electronic Service Agent™ is no-additional-charge software that resides on your server. It monitors events and transmits system inventory information to IBM on a periodic, client-defined timetable. The Electronic Service Agent automatically reports hardware problems to IBM. Early knowledge about potential problems enables IBM to deliver proactive service that may result in higher system availability and performance. In addition, information collected through the Service Agent is made available to IBM service support representatives when they help answer your questions or diagnose problems.

To learn how Electronic Services can work for you, visit


 
Back topBack to top
 
Prices

Entitlement                          License option/
identifier    Description            Pricing metric
 
S01243R       Encryption Facility    Basic MLC, GOLC
               for z/OS V1.2
               Encryption Services

Note: "Encryption Facil Encrypt Ser" is the short name used in the ordering system.

Entitlement                          License option/
identifier    Description            Pricing metric
 
S01256T       Encryption Facility    Basic MLC, GOLC
               for z/OS V1.2
               DFSMSdss Encryption

Note: "Encryption Facil DSS Encrypt" is the short name used in the ordering system.

Entitlement                     License option/
identifier     Description      Pricing metric
 
S01243R        Encryption       Basic MLC, zELC
                Facility for
                z/OS V1.2
                Encryption
                Services

Note: "Encryption Facil Encrypt Ser" is the short name used in the ordering system.

z800
models
 
110
0E1
0X2
0A1
0B1
0C1
001
0A2
002
003
004

Entitlement                     License option/
identifier     Description      Pricing metric
 
S01256T        Encryption       Basic MLC, zELC
                Facility for
                z/OS V1.2
                DFSMSdss
                Encryption

Note: "Encryption Facil DSS Encrypt" is the short name used in the ordering system.

z800
models
 
110
0E1
0X2
0A1
0B1
0C1
001
0A2
002
003
004

Entitlement                     License option/
identifier     Description      Pricing metric
 
S01243R        Encryption       Basic MLC, PSLC below 3 MSU
                Facility for    Basic MLC, PSLC AD
                z/OS V1.2       SYSUSGREG NC, PSLC AD
                Encryption
                Services

Note: "Encryption Facil Encrypt Ser" is the short name used in the ordering system.

Entitlement                     License option/
identifier     Description      Pricing metric
 
S01256T        Encryption       Basic MLC, PSLC below 3 MSU
                Facility for    Basic MLC, PSLC AD
                z/OS V1.1       SYSUSGREG NC, PSLC AD
                DFSMSdss
                Encryption

Note: "Encryption Facil DSS Encrypt" is the short name used in the ordering system.

Entitlement                     License option/
identifier     Description      Pricing metric
 
S01243R        Encryption       Basic MLC, Variable WLC
                Facility for    Workload Registration,
                z/OS V1.2        Variable WLC
                Encryption
                Services

Note: "Encryption Facil Encrypt Ser" is the short name used in the ordering system.

Entitlement                    License option/
identifier     Description     Pricing metric
 
S01256T        Encryption      Basic MLC, Variable WLC
                Facility for   Workload Registration,
                z/OS V1.2       Variable WLC
                DFSMSdss
                Encryption

Note: "Encryption Facil DSS Encrypt" is the short name used in the ordering system.

IBM Encryption Facility for z/OS, V1.2 is eligible for sub-capacity WLC and EWLC pricing according to the terms in the Attachment for IBM System z9 and eServer zSeries Workload License Charges (Z125-6516) and the Attachment for IBM eServer zSeries 890 and 800 Software License Charges (Z125-6587).

Entitlement                     License option/
identifier     Description      Pricing metric
 
S01243R        Encryption       Basic MLC, Entry WLC
                Facility for
                z/OS V1.2
                Encryption
                Services

Note: "Encryption Facil Encrypt Ser" is the short name used in the ordering system.

Entitlement                     License option/
identifier     Description      Pricing metric
 
S01256T        Encryption       Basic MLC, Entry WLC
                Facility for
                z/OS V1.2
                DFSMSdss
                Encryption

Note: "Encryption Facil DSS Encrypt" is the short name used in the ordering system.
 
Back topBack to top
 

Order now

To order, contact the Americas Call Centers, your local IBM representative, or your IBM Business Partner.

To identify your local IBM representative or IBM Business Partner, call 800-IBM-4YOU (426-4968).

 Phone:      800-IBM-CALL (426-2255)
 Fax:        800-2IBM-FAX (242-6329)
 Internet:   callserv@ca.ibm.com
 Mail:       IBM Americas Call Centers
             Dept. Teleweb Customer Support, 9th floor
             105 Moatfield Drive
             North York, Ontario
             Canada M3B 3R1
 
 Reference:  LE001

The Americas Call Centers, our national direct marketing organization, can add your name to the mailing list for catalogs of IBM products.

Note: Shipments will begin after the planned availability date.

Trademarks

 
DFSMSdss, System z9, System z, DFSMShsm, iSeries, IBMLink, and Electronic Service Agent are trademarks of International Business Machines Corporation in the United States or other countries or both.
 
z/OS, zSeries, RACF, OS/390, eServer, ProductPac, SystemPac, and Parallel Sysplex are registered trademarks of International Business Machines Corporation in the United States or other countries or both.
 
Java is a trademark of Sun Microsystems, Inc.
 
Other company, product, and service names may be trademarks or service marks of others.

Back to topBack to top
 

 
Printable version Printable version