IBM Encryption Facility for z/OS, V1.2 offers more flexibility for security-rich exchange of data with business partners
IBM United States Software Announcement 207-008January 16, 2007
 ENUS207008.PDF (49KB)
|
At a glance
 |
| At a glance |
 |
Designed to:
- Help secure business and customer data
- Help satisfy regulatory requirements
- Help protect data from loss and inadvertent or deliberate compromise
- Help share sensitive information across platforms with partners, vendors, and customers
- Decrypt and encrypt data to be exchanged between IBM z/OS and non-z/OS platforms
IBM's world-class software support service for IBM Encryption Facility for z/OS is available 24 hours a day, every day.
For ordering, contact:
Your IBM representative, an IBM Business Partner, or IBM Americas Call Centers at
800-IBM-CALL
(Reference: LE001).
Back to top
|
|
| Overview |
|
With the increased focus on securing sensitive customer and business data while in transit, businesses are turning to encryption solutions. The Encryption Facility for z/OS® applies the powerful encryption capabilities of the IBM mainframe to allow you to encrypt sensitive information to be shared with your partners, suppliers, and customers.
This new release of Encryption Facility for z/OS, V1.2 provides more choice and flexibility for
exchanging encrypted files with business partners and support for the OpenPGP standard, RFC 2440.
The OpenPGP standard is a widely implemented standard for encrypted files. The Encryption Facility
for z/OS support for OpenPGP format allows businesses to exchange encrypted data with a wide
selection of existing applications that support this standard on a variety of platforms. Encryption
Facility for z/OS, V1.2 continues to offer the System z™ format for encrypting files, which offers
performance characteristics above and beyond the OpenPGP format.
Back to top
|
|
| Key prerequisites |
|
Back to top
|
|
| Planned availability date |
|
March 16, 2007
Encryption Facility for z/OS, V1.2 is a new release which provides enhancements to the Encryption
Services optional feature. The DFSMSdss™ Encryption optional feature is unchanged in V1.2.
Back to top
|
|
| Description |
|
The Encryption Facility for z/OS, first introduced in 2005, is a host-based software solution designed to encrypt sensitive data before transferring it to tape for archival purposes or business partner exchange. In addition to writing encrypted data to tape, the Encryption Facility for z/OS can also be used to produce encrypted data written to disk and other removable media.
Encryption Facility for z/OS consists of two priced optional features:
- The Encryption Services feature supports encrypting and decrypting certain file formats on z/OS. This can allow you to transfer them to remote sites within your enterprise, transfer them to partners and vendors, and archive them. The Encryption Services feature supports both the System z format (originally introduced in Encryption Facility for z/OS, V1.1) and the OpenPGP format (new with Encryption Facility for z/OS, V1.2). The System z format supports hardware-accelerated compression before encryption.
- The DFSMSdss Encryption feature enables the encryption of DFSMSdss dump data sets. This feature supports hardware-accelerated compression before encryption to tape.
Also available is the IBM Encryption Facility for z/OS Client. The Encryption Facility for z/OS Client is a no-cost, separately licensed program (which is offered as is, with no warranty) and is designed to enable the exchange of encrypted data between z/OS systems that have the Encryption Facility installed and systems running on z/OS and other platforms that needed the supported functions. The Encryption Facility for z/OS Client consists of the following:
- Java™-based Client. The Java-based Client can be used on z/OS and any platform that supports Java. The Java-based Client supports both the decryption of data that was created on a z/OS system using the Encryption Facility System z format, as well as encryption of data to be sent to a z/OS system, where the file will be decrypted using the Encryption Facility System z format. Note: Data that is to be processed using the Java-based Client cannot be created using compression.
- Decryption Client for z/OS. The Decryption Client for z/OS is supported on z/OS systems only. The Decryption Client for z/OS supports decryption of data that was created on a z/OS system using the Encryption Facility System z format. Data that is to be processed using the Decryption Client for z/OS can be created using compression. The Decryption Client does not support data encryption for the return trip. This option may have performance benefits and require less media for exchange purposes but does not allow your business partner to return the data to you in an encrypted format.
You can download the Encryption Facility for z/OS Client from
With Encryption Facility for z/OS, V1.2 the Encryption Services feature has been enhanced to support the OpenPGP standard, RFC 2440. OpenPGP is a standard protocol for ensuring the integrity of data that can be exchanged between trusted partners. It defines the following requirements and suggested practices for data integrity:
- Digital signatures for partner authentication and to help ensure that a transferred message has been sent by the party claiming to have sent the message (nonrepudiation).
- Data encryption using a randomly generated symmetric session key. The randomly generated session key is encrypted with public key or passphrase-based encryption and prefixed to the encrypted data.
- OpenPGP certificates for the exchange of key information that can provide the data integrity service.
The Encryption Facility for OpenPGP support is intended to provide you even more choice and flexibility for doing business partner data exchanges. The Encryption Facility for OpenPGP support gives you another option for doing business partner exchanges — this is in addition to the current business exchange options offered with Encryption Facility for z/OS, V1.1. This gives you the ability to leverage one or more of these options for handling business partner data exchanges that best suit your needs and that do not require your business partners to purchase new storage hardware, have a mainframe, or run z/OS. Encryption Facility for z/OS, V1.2 is supported on z/OS and z/OS.e releases V1.6, V1.7, and V1.8 running on IBM System z servers.
The Encryption Facility for OpenPGP support is designed to comply with OpenPGP standard requirements and is designed to be compatible with other products that are OpenPGP (RFC 2440)-compliant. This support allows you to exchange an encrypted, compressed, and/or digitally signed file between your internal data centers using the Encryption Facility for OpenPGP support in conjunction with your external business partners and vendors who have an installed OpenPGP (RFC 2440)-compliant client running on z/OS and other operating systems. The Encryption Facility for OpenPGP support includes the mandatory/must-do's identified in the OpenPGP standard (RFC 2440). The Encryption Facility for OpenPGP support includes, but is not limited to:
- Passphrase base encryption of session key
- Digital signatures of data
- Importing/exporting of OpenPGP certificates (V3 and V4 for importing, only export V4, unless exporting an imported V3 key)
- RSA1, ElGamal, and DSA1 key generation
- Use of partial data packets
- ASCII Armor for OpenPGP certificates
- Data encryption with a randomly generated symmetric session key using AES 1281, 192, and 256 bit keys, Triple-DES1, and Blowfish algorithms2
- Symmetric encryption of randomly generated symmetric session key using AES 1281, 192, and 256 bit keys, Triple-DES1, and Blowfish algorithms2
- Asymmetric encryption of randomly generated symmetric keys using RSA1 and ElGamal algorithms
- Compression using ZIP and ZLIB algorithms
- Digest/Hash using SHA-11, MD51, MD21, SHA-2561, SHA-384, SHA-512 algorithms
- Digital Signature using DSA with SHA11 and RSA (with all supported hashes listed above)1 algorithms
- 1
-
These functions can leverage the Integrated Cryptographic Services
Facility (ICSF) and hardware cryptography. Hardware cryptography
requires the correct environment and may require a Cryptographic module
to be installed.
- 2
- The symmetric algorithms are not fully implemented in the hardware. The symmetric algorithms listed require an update to ICSF that will be provided with general availability of Encryption Facility for z/OS, V1.2.
Encryption Facility for OpenPGP is also able to leverage X.509 standards for public key infrastructure (PKI) to extend the basis of trust for OpenPGP environments. Encryption Facility for OpenPGP also allows you to leverage the existing security facilities of z/OS to help provide a security-rich and scalable OpenPGP client. For example, with Encryption Facility for OpenPGP you can do the following:
- Use as input or output HFS/zFS files or z/OS partitioned (PDS and PDS/E) or sequential data sets
- Perform cryptographic acceleration with certain kinds of System z hardware
- Use Security Server Resource Access Control Facility (RACF®) and ICSF key repositories
To implement Encryption Facility for OpenPGP services, you must use the IBM Java Development Kit.
This Encryption Facility for z/OS, V1.2 announcement supports the previous statement of direction provided in the z/OS 1.8 announcement, dated August 8, 2006.
With the addition of the Encryption Facility for OpenPGP support in V1.2, you now have two formats to choose from for handling your encryption needs when doing business partner data exchanges or for data exchanges within your own enterprise. The Encryption Facility System z format, first introduced in the Encryption Services feature in Encryption Facility for z/OS, V1.1, continues to be provided in the Encryption Services feature in V1.2. Note that the functions and services supported by the Encryption Facility for OpenPGP format are not compatible with the functions and services of the Encryption Facility System z format. Both the Java-based Client and Decryption Client for z/OS support the System z format only.
The following is a high-level summary to assist you in deciding which format may be best suited for your needs. For additional details on the comparison of these two formats, refer to Encryption Facility for z/OS: Planning and Customizing at
The Encryption Facility for OpenPGP format support will consume more CP than the Encryption Facility System z format support. It can be configured to leverage multiple CPs via increased parallel processing. The impact of the increased CPU utilization for the Encryption Facility for OpenPGP format support can be reduced with the introduction of zAAP processors. Since the OpenPGP format support is written in Java, all of the workload will be zAAP processor enabled and eligible. Thus for certain configurations, such as four or more online CPUs, the OpenPGP support's elapsed time for a task may compare favorably to that of the Encryption Facility System z format support.
In summary, both formats can use the same z/OS centralized key management and allow the use of public/private key pairs or passphrases to help secure the data exchange between partners. Using the Encryption Facility System z format is likely more suitable for data exchanges when System z processor activity is a key consideration. Using the Encryption Facility OpenPGP format may be better suited when operability with your business partners is a key consideration. You will want to review the business partner data exchange options with your Business Partners to determine the most suitable options.
Encryption Facility Encryption Facility
System z format OpenPGP format
Makes use of z/OS centralized key management and access authentication.
Allows the use of either public/private key pairs or passphrases to
help secure exchange between partners.
Understands z/OS data formats. Creates a standard data stream.
Supports encryption and Supports encryption of message
compression of data files. files based on OpenPGP
standard (RFC 2400). Allows
for compression of message
files using ZIP/ZLIB format.
Designed to provide improved Provides limited IBM
performance by leveraging System z hardware
IBM System z server acceleration of OpenPGP
cryptographic and compression required protocols.
capabilities.
Is Java-based thus MIPS may
be eligible for
offload to a zAAP.
Designed to work across platforms Designed to allow the exchange
via the no-charge Java-based of an encrypted, compressed,
client. The no-charge Decryption and/or digitally signed file
Client for z/OS is also available between your internal data
for z/OS business-to-business centers using the Encryption
exchanges. Services for OpenPGP format
in conjunction with your
external partners and vendors
who have an RFC
2440-compliant client running
on z/OS or other operating
systems.
Net: Use where number of System z Net: Use when OpenPGP standard
MIPS consumed is a consideration. protocol is required.
Accessibility by people with disabilities
A U.S. Section 508 Voluntary Product Accessibility Template (VPAT) containing details on the product's accessibility compliance can be requested via IBM's Web site at
Section 508 of the U.S. Rehabilitation Act
IBM Encryption Facility for z/OS, V1.2 is capable as of March 16, 2007, when used in accordance with IBM's associated documentation, of satisfying the applicable requirements of Section 508 of the Rehabilitation Act, provided that any assistive technology used with the product properly interoperates with it. A U.S. Section 508 Voluntary Product Accessibility (VPAT) can be requested via IBM's Web site at
Back to top
|
|
| Product positioning |
|
Helping to protect data from loss and inadvertent or deliberate compromise is a critical concern for businesses. To help address this issue, IBM Encryption Facility for z/OS extends the scope of IBM's mainframe encryption capabilities to support the exchange of encrypted files with business partners. Encrypted files can be shared with partners via tape or electronic transmission. Customers can leverage the robust centralized capabilities of z/OS Integrated Cryptographic Services Facility (ICSF) and mainframe cryptographic hardware to generate, maintain, and store key data. In addition, z/OS Security Server (RACF), or a comparable product, can provide security-rich access management and auditability for key management tasks. Together these elements create a powerful centralized encryption solution.
Encryption Facility complements the tape encryption solution provided by IBM's System Storage™ TS1120 tape drives. The TS1120 tape drive with encryption enabled is designed to provide a data protection solution that has the ability to offload the encryption function from the server to the tape and to provide a cost-effective encryption solution for the large volumes of data involved in data archive and backup activities. When used with z/OS, the TS1120 also takes advantage of System z's unique security and cryptographic features to provide a powerful solution for enterprise-wide encryption key storage and management.
The Encryption Facility for z/OS provides a highly flexible solution for
exchanging encrypted tapes with your business partners that do not have
an encrypting TS1120 drive. To decrypt the data, business partners have
the choice of utilizing a no-cost, Web-downloadable Java-based client,
designed to run in any environment that supports Java, or a program
supported by the OpenPGP standard, RFC 2440. With both of these options,
business partners can decrypt the data and re-encrypt it for the return
trip, helping to protect sensitive data during the exchange process.
Back to top
|
|
| Hardware and software support services |
|
SmoothStart™/installation services
IBM offers a number of remote and on-site IBM SmoothStart Services, Operational Support Services,
Migration Services, and Installation Services designed to accelerate productive use of the IBM
solution. These services are provided by IBM or an IBM Business Partner at an additional charge.
For additional information, contact an IBM representative and ask for IGS Services for Encryption
Facility for z/OS.
Back to top
|
|
| Reference information |
|
- Software Announcement 206-190 (IBM z/OS V1.8 — Extending the enterprise-wide role)
- Software Announcement 206-191 (IBM z/OS.e V1.8 — Affordability for mainframe enterprise and Web-based applications)
Business Partner information
If you are a Direct Reseller - System Reseller acquiring products from IBM, you may link directly to Business Partner information for this announcement. A PartnerWorld ID and password are required (use IBM ID).
BP Attachment for Announcement Letter 207-008
Trademarks
Back to top
|
|
| Technical information |
|
Specified operating environment
Hardware requirements
The Encryption Services and the DFSMSdss™ Encryption features of the Encryption Facility for z/OS® run on the following IBM servers:
- System z9™ BC or z9 EC, or equivalent
- zSeries® z900 or z990, or equivalent
- zSeries z800 or z890, or equivalent
The cryptographic options for Encryption Facility V1.2 and higher have the following requirements:
-
For the PASSWORD option, use one of the following:
- CPACF only
- CCF
-
For the Clear-TDES and Clear-AES128 (no ENCTDES), use one of the following:
- CPACF only, or CPACF with PCIXCC / CEX2C
- CCF, or CCF with PCICC
-
For 2048-bit keys, use one of the following:
- CEX2C
- PCIXCC
- PCICC with PCI Crypto 2048 bit Enablement Feature 0867
-
For RSA keys generated through RACF® using ICSF or directly through ICSF, use one of the
following:
- CEX2C
- PCIXCC
- PCICC
- For 1024-bit ME keys generated through RACF BSAFE and imported into ICSF, a CCF is required.
Note: Performance for secure key (ENCTDES option) is slower than clear key (Clear-TDES or Clear-AES128). IBM recommends the use of clear key for encrypting large volumes of data.
OpenPGP support and hardware cryptography: For AES or TDES symmetric encryption use one of the following:
- CPACF only
- CPACF with PCIXCC/CEX2C
- CCF
- CCF with PCICC
For signatures or session key encryption using 2048-bit keys or 2048-bit RSA key generation, use one of the following:
- CEX2C
- PCIXCC
- PCICC with PCI Crypto 2048 bit Enablement Feature 0867
For signatures or session key encryption using RSA 1024-bit ME keys generated through RACF BSAFE, imported into ICSF, and prepared for OpenPGP use, a CCF is required.
For signatures or session key encryption using RSA keys generated through RACF using ICSF or directly through ICSF and prepared for OpenPGP use, use one of the following:
- CEX2C
- PCIXCC
- PCICC
Software requirements
The Encryption Services feature of the Encryption Facility for z/OS requires the following for the System z™ format:
- z/OS (5694-A01) or z/OS.e (5655-G52) V1.6 or higher
- PTF for z/OS DFSMS APAR OA09868 and QSAM APAR OA13571
- z/OS Cryptographic Services — Integrated Cryptographic Services Facility (ICSF) Web deliverable (FMID HCR7720) or later
The Encryption Services feature of the Encryption Facility for z/OS requires the following for the OpenPGP format:
- z/OS (5694-A01) or z/OS.e (5655-G52) V1.6 or higher
- Integrated Cryptographic Services Facility (ICSF) Web deliverable (FMID HCR7720) or later
- IBM 31-bit SDK for z/OS, Java™ 2 Technology Edition, Version 5, product 5655-N98 at Service Refresh level SDK5 SR4 or later
- PTF for z/OS ICSF APAR OA19177
The optional RACF PTF for APAR OA13030 is required to:
- Use the RACF RACDCERT command to allow the storage of RSA public keys in the ICSF PKDS
- Specify the PKDS labels to be used when storing public or private keys in the PKDS
- List the PKDS labels of existing certificates
The DFSMSdss Encryption feature of the Encryption Facility for z/OS requires the following:
- z/OS (5694-A01) or z/OS.e (5655-G52) V1.6 or higher
- z/OS Cryptographic Services — Integrated Cryptographic Services Facility (ICSF) Web deliverable (FMID HCR7720) or later
- Either the DFSMShsm™/DFSMSdss combination priced feature or the DFSMSdss priced feature of z/OS or z/OS.e V1.6 or higher
- PTF for z/OS DFSMS APARs OA13300, OA13453, and OA13687
The Encryption Facility for z/OS Client requires the following:
-
Java-based Client:
-
To run on z/OS, one of the following is required:
- IBM SDK for z/OS, Java 2 Technology Edition, 5655-I56, at PTF UQ90449 or higher (SDK1.4.2)
- IBM Developer Kit for OS/390®, Java 2 Technology Edition, 5655-D35, at PTF UQ88094 or higher (SDK1.3.1)
-
To run on other platforms, one of the following is required:
- Sun SDK 5.0.
- An IBM JVM at SDK1.4.2.
- A JVM with a JCE cryptographic provider installed that supports all the required algorithms. Refer to the Encryption Facility Client documentation for details on the algorithms, modes, and padding schemes needed.
For the PTF requirements for iSeries™ or other platforms, refer to the README file for the Java-based Client at the following Web site
For information about Java on z/OS, visit
-
To run on z/OS, one of the following is required:
-
Decryption Client for z/OS:
- z/OS (5694-A01) or z/OS.e (5655-G52) V1.4 or higher. (Note: The Decryption Client for z/OS runs only on z/OS and is supported with both Encryption Facility for z/OS, V1.1 and V1.2.)
- PTF for z/OS DFSMS APAR OA09868.
- z/OS Cryptographic Services — Integrated Cryptographic Services Facility with z990 Cryptographic Support Web deliverable (FMID HCR770A) or later. Some hardware features require the z990 and z890 Enhancements to Cryptographic Support Web deliverable (FMID HCR770B) or later.
Planning information
Direct customer support
Direct customer support is provided by IBM Operational Support Services — SoftwareXcel Enterprise Edition or SoftwareXcel Basic Edition. These fee services can enhance your productivity by providing voice and electronic access into the IBM support organization. IBM Operational Support Services — SoftwareXcel Enterprise Edition or SoftwareXcel Basic Edition will help answer questions pertaining to usage, how-to, and suspected software defects for eligible products.
Installation and technical support is provided by IBM Global Services. For more information on services, call 1-888-426-4343.
To obtain information on customer eligibility and registration procedures, contact the appropriate support center.
Security, auditability, and control
The customer is responsible for evaluation, selection, and implementation of security features,
administrative procedures, and appropriate controls in application systems and communication
facilities.
Back to top
|
|
| Ordering information |
|
Ordering z/OS through the Internet
ShopzSeries provides an easy way to plan and order your z/OS ServerPac or CBPDO. It will analyze your current installation, determine the correct product migration, and present your new configuration based on z/OS. Additional products can also be added to your order (including determination of whether all product requisites are satisfied). ShopzSeries is available in the U.S., Canada, and several countries in Europe. In countries where ShopzSeries is not available yet, contact your IBM representative (or IBM Business Partner) to handle your order via the traditional IBM ordering process. For more details and availability, visit the ShopzSeries Web site at
New licensees
Orders for new licenses can be placed now. Registered customers can access IBMLink™ for ordering information and charges. The IBM Encryption Facility for z/OS, V1.2 (5655-P97) consists of the following orderable features:
- IBM Encryption Facility for z/OS, V1.2 Encryption Services
- IBM Encryption Facility for z/OS, V1.2 DSFMSdss Encryption
Both features will become available on March 16, 2007.
Shipment will not occur before the availability date.
The IBM Encryption Facility for z/OS, V1.2 product is shipped only via Customized Offerings (CBPDO, ServerPac, SystemPac®, and ProductPac®).
Basic license
To order a basic license, specify the IBM Encryption Facility for z/OS program number (5655-P97) and feature number 9001 for asset registration.
Parallel Sysplex® License Charge (PSLC) basic license: To order a basic license, specify the program number and quantity of MSU.
If there is more than one program copy in a Parallel Sysplex, the charge for all copies is associated to one license by specifying the applicable PSLC license options and quantity represented by the sum of the Service Units in Millions (MSUs) in your Parallel Sysplex. For all other program copies, specify the System Usage Registration No-Charge (SYSUSGREG NC) Identifier on the licenses.
Entitlement License option/
identifier Description Pricing metric
S01243R Encryption Facility Basic MLC, PSLC below 3 MSU
for z/OS V1.2 Basic MLC, PSLC AD
Encryption SYSUSGREG NC, PSLC AD
Services
Note: "Encryption Facil Encrypt Ser" is the short name used in the ordering system.
Entitlement License option/
identifier Description Pricing metric
S01256T Encryption Facility Basic MLC, PSLC below 3 MSU
for z/OS V1.2 Basic MLC, PSLC AD
DFSMSdss SYSUSGREG NC, PSLC AD
Encryption
Note: "Encryption Facil DSS Encrypt" is the short name used in the ordering system.
Workload License Charge (WLC) basic license: If there is more than one program copy in a Parallel Sysplex, the charge for all copies is associated to one license by specifying the applicable WLC license options and quantity represented by the sum of the Service Units in Millions (MSUs) in your Parallel Sysplex. For all other program copies, specify the Workload Registration Variable WLC Identifier on the licenses.
Entitlement License option/
identifier Description Pricing metric
S01243R Encryption Facility Basic MLC, Variable WLC
for z/OS V1.2 Workload Registration,
Encryption Variable WLC
Services
Note: "Encryption Facil Encrypt Ser" is the short name used in the ordering system.
Entitlement License option/
identifier Description Pricing metric
S01256T Encryption Facility Basic MLC, Variable WLC
for z/OS V1.2 Workload Registration,
DFSMSdss Variable WLC
Encryption
Note: "Encryption Facil DSS Encrypt" is the short name used in the ordering system.
Entry Workload License Charge (EWLC) basic license: To order a basic license, specify the program number and the quantity of MSUs.
Entitlement License option/
identifier Description Pricing metric
S01243R Encryption Facility Basic MLC, Entry WLC
for z/OS V1.2
Encryption Services
Note: "Encryption Facil Encrypt Ser" is the short name used in the ordering system.
Entitlement License option/
identifier Description Pricing metric
S01256T Encryption Facility Basic MLC, Entry WLC
for z/OS V1.2
DFSMSdss Encryption
Note: "Encryption Facil DSS Encrypt" is the short name used in the ordering system.
Growth Opportunity License Charge (GOLC): To order a basic license, specify the program number and the correct level.
Specify the GOLC monthly license option.
Entitlement License option/
identifier Description Pricing metric
S01243R Encryption Facility Basic MLC, GOLC
for z/OS V1.2
Encryption Services
Note: "Encryption Facil Encrypt Ser" is the short name used in the ordering system.
Entitlement License option/
identifier Description Pricing metric
S01256T Encryption Facility Basic MLC, GOLC
for z/OS V1.2
DFSMSdss Encryption
Note: "Encryption Facil DSS Encrypt" is the short name used in the ordering system.
zSeries Entry License Charge (zELC): To order zELC software, specify the program number and z800 model.
Specify the zELC monthly license option.
Entitlement License option/
identifier Description Pricing metric
S01243R Encryption Facility Basic MLC, zELC
for z/OS V1.2
Encryption Services
Note: "Encryption Facil Encrypt Ser" is the short name used in the ordering system.
Entitlement License option/
identifier Description Pricing metric
S01256T Encryption Facility Basic MLC, zELC
for z/OS V1.2
DFSMSdss Encryption
Note: "Encryption Facil DSS Encrypt" is the short name used in the ordering system.
Basic machine-readable material
Orderable
supply ID Language Distribution medium Description
S0123M5 US English Refer to Media Encryption Facility
type note Encryption Services
Note: "Encryption Facil Encrypt Ser" is the short name used in the ordering system.
Note: The media type is chosen during customized offering ordering.
Orderable
supply ID Language Distribution medium Description
S01256V US English Refer to Media Encryption Facility
type note DFSMSdss Encyption
Note: "Encryption Facil DSS Encrypt" is the short name used in the ordering system.
Note: The media type is chosen during customized offering ordering.
Customization options
Select the appropriate feature numbers to customize your order to specify the delivery options desired. These features can be specified on the initial or MES orders.
Example: If publications are not desired for the initial order, specify feature number 3470 to ship media only. For future updates, specify feature number 3480 to ship media updates only. If, in the future, publication updates are required, order an MES to remove feature number 3480; then, the publications will ship with the next release of the program.
Initial shipments
Feature Description
3444 Serial Number Only
(suppresses shipment of media and documentation)
3470 Ship Media Only
(suppresses initial shipment of documentation)
3471 Ship Documentation Only
(suppresses initial shipment of media)
Update shipments
Feature Description
3480 Ship Media Updates Only
(suppresses update shipment of documentation)
3481 Ship Documentation Only
(suppresses update shipment of media)
3482 Suppress Updates
(suppresses update shipment of media and
documentation)
Expedite shipments
Feature Description
3445 Local IBM Office Expedite
(for IBM use only)
3446 Customer Expedite Process Charge
($30 charge for each product)
Unlicensed documentation
The following publications are supplied automatically with the basic machine-readable material:
Publication
Title number
IBM Encryption Facility for z/OS: GA76-0419
Licensed Program
Specifications
IBM Program Directory for Encryption GI10-0771
Facility for z/OS
The following publications are available in softcopy at
Publication
Title number
IBM Encryption Facility for z/OS: SA23-2230
Using Encryption Facility for
OpenPGP
IBM Encryption Facility for z/OS: SA23-2229
Planning and Customizing
IBM Encryption Facility for z/OS: GA76-0419
Licensed Program
Specifications
IBM Program Directory for Encryption GI10-0771
Facility for z/OS
Refer to the IBM Publications Center Web site for more information about publication ordering
Subsequent updates (technical newsletters or revisions between releases) to the publications shipped with the product will be distributed to the user of record for as long as a license for this software remains in effect. A separate publication order or subscription is not needed.
Customized offerings
Product deliverables are shipped only via Customized Offerings (for example, CBPDO, ServerPac, SystemPac).
CBPDO and ServerPac are offered for electronic delivery, where ShopzSeries product ordering is available. For more details on electronic delivery, refer to the ShopzSeries help information at
Media type for this software product is chosen during the customized offerings ordering process. Based on your customer environment, it is recommended that the highest possible density tape media is selected. Currently offered media types are:
- CBPDOs — 3480, 3480 Compressed, 3590*
- ServerPacs — 3480, 3480 Compressed, 3490E, 3590*
- SystemPacs — 3480, 3480 Compressed, 3490E, 3590*
- *
- 3590 is highest density media, which will ship the fewest number of media.
Once a product becomes generally available, it will be included in the next ServerPac and SystemPac monthly update.
Production of software product orders will begin on the planned general availability date.
- CBPDO shipments will begin one week after general availability.
- ServerPac shipments will begin two weeks after inclusion in ServerPac.
- SystemPac shipments will begin four weeks after inclusion in SystemPac due to additional customization and data input verification.
Back to top
|
|
| Terms and conditions |
|
Agreement: IBM Customer Agreement
Variable charges apply: No
Indexed Monthly License Charge (IMLC) applies: No
Location license applies: No
Use limitation applies: No
Educational allowance available: Yes, a 15% education allowance applies to qualified education institution customers.
Volume orders: Not applicable
Warranty applies: Yes
Licensed program materials availability
- Restricted Materials of IBM: Some
- Nonrestricted Source Materials: Some
- Object Code Only (OCO): Some
Program services
- Support Center applies: Yes
- Available until discontinued: 12 months' written notice
IBM Operational Support Services — SupportLine:
Yes
Back to top
|
|
| IBM Electronic Services |
|
IBM has transformed its delivery of hardware and software support services to put you on the road to higher system availability. Electronic Services is a Web-enabled solution that offers an exclusive, no-additional-charge enhancement to the service and support available for IBM servers. These services provide the opportunity for greater system availability with faster problem resolution and preemptive monitoring. Electronic Services comprises two separate, but complementary, elements: Electronic Services news page and Electronic Services Agent.
The Electronic Services news page is a single Internet entry point that replaces the multiple entry points traditionally used to access IBM Internet services and support. The news page enables you to gain easier access to IBM resources for assistance in resolving technical problems.
The Electronic Service Agent™ is no-additional-charge software that resides on your server. It monitors events and transmits system inventory information to IBM on a periodic, client-defined timetable. The Electronic Service Agent automatically reports hardware problems to IBM. Early knowledge about potential problems enables IBM to deliver proactive service that may result in higher system availability and performance. In addition, information collected through the Service Agent is made available to IBM service support representatives when they help answer your questions or diagnose problems.
To learn how Electronic Services can work for you, visit
Back to top
|
|
| Prices |
|
Entitlement License option/
identifier Description Pricing metric
S01243R Encryption Facility Basic MLC, GOLC
for z/OS V1.2
Encryption Services
Note: "Encryption Facil Encrypt Ser" is the short name used in the ordering system.
Entitlement License option/
identifier Description Pricing metric
S01256T Encryption Facility Basic MLC, GOLC
for z/OS V1.2
DFSMSdss Encryption
Note: "Encryption Facil DSS Encrypt" is the short name used in the ordering system.
Entitlement License option/
identifier Description Pricing metric
S01243R Encryption Basic MLC, zELC
Facility for
z/OS V1.2
Encryption
Services
Note: "Encryption Facil Encrypt Ser" is the short name used in the ordering system.
z800 models 110 0E1 0X2 0A1 0B1 0C1 001 0A2 002 003 004
Entitlement License option/
identifier Description Pricing metric
S01256T Encryption Basic MLC, zELC
Facility for
z/OS V1.2
DFSMSdss
Encryption
Note: "Encryption Facil DSS Encrypt" is the short name used in the ordering system.
z800 models 110 0E1 0X2 0A1 0B1 0C1 001 0A2 002 003 004
Entitlement License option/
identifier Description Pricing metric
S01243R Encryption Basic MLC, PSLC below 3 MSU
Facility for Basic MLC, PSLC AD
z/OS V1.2 SYSUSGREG NC, PSLC AD
Encryption
Services
Note: "Encryption Facil Encrypt Ser" is the short name used in the ordering system.
Entitlement License option/
identifier Description Pricing metric
S01256T Encryption Basic MLC, PSLC below 3 MSU
Facility for Basic MLC, PSLC AD
z/OS V1.1 SYSUSGREG NC, PSLC AD
DFSMSdss
Encryption
Note: "Encryption Facil DSS Encrypt" is the short name used in the ordering system.
Entitlement License option/
identifier Description Pricing metric
S01243R Encryption Basic MLC, Variable WLC
Facility for Workload Registration,
z/OS V1.2 Variable WLC
Encryption
Services
Note: "Encryption Facil Encrypt Ser" is the short name used in the ordering system.
Entitlement License option/
identifier Description Pricing metric
S01256T Encryption Basic MLC, Variable WLC
Facility for Workload Registration,
z/OS V1.2 Variable WLC
DFSMSdss
Encryption
Note: "Encryption Facil DSS Encrypt" is the short name used in the ordering system.
IBM Encryption Facility for z/OS, V1.2 is eligible for sub-capacity WLC and EWLC pricing according to the terms in the Attachment for IBM System z9 and eServer zSeries Workload License Charges (Z125-6516) and the Attachment for IBM eServer zSeries 890 and 800 Software License Charges (Z125-6587).
Entitlement License option/
identifier Description Pricing metric
S01243R Encryption Basic MLC, Entry WLC
Facility for
z/OS V1.2
Encryption
Services
Note: "Encryption Facil Encrypt Ser" is the short name used in the ordering system.
Entitlement License option/
identifier Description Pricing metric
S01256T Encryption Basic MLC, Entry WLC
Facility for
z/OS V1.2
DFSMSdss
Encryption
Note:
"Encryption Facil DSS Encrypt" is the short name used in the ordering system.
Back to top
|
|
| Order now |
|
To order, contact the Americas Call Centers, your local IBM representative, or your IBM Business Partner.
To identify your local IBM representative or IBM Business Partner, call 800-IBM-4YOU (426-4968).
Phone: 800-IBM-CALL (426-2255)
Fax: 800-2IBM-FAX (242-6329)
Internet: callserv@ca.ibm.com
Mail: IBM Americas Call Centers
Dept. Teleweb Customer Support, 9th floor
105 Moatfield Drive
North York, Ontario
Canada M3B 3R1
Reference: LE001
The Americas Call Centers, our national direct marketing organization, can add your name to the mailing list for catalogs of IBM products.
Note: Shipments will begin after the planned availability date.
Trademarks
Back to top
Printable version