System requirements
IBM® InfoSphere™ Guardium Data Encryption for DB2® and IMS™ Databases has the following mandatory installation and operation requirements:
The Integrated Cryptographic Service Facility (ICSF), an element of z/OS®, must be active and the ICSF version must support the cryptographic device on the specific platform. ICSF runs on processors that support the Integrated Cryptographic Coprocessor Feature.
Before use of the hardware encryption can occur, the hardware modules must be loaded with at least host DES Master Keys.
ICSF is required to be active for the I/O requests to be passed to the hardware cryptographic modules.
Note: InfoSphere Guardium Data Encryption for DB2 and IMS Databases requires: z/OS V1.10 (5694-A01) or later.
InfoSphere Guardium Data Encryption for DB2 and IMS Databases has the following requirements:
InfoSphere Guardium Data Encryption for DB2 and IMS Databases is supported on any processor capable of operating DB2 V8 or higher and IMS V10 or higher.
To support the z10™ processor encryption technology, Crypto Express3 with CP Assist for Cryptographic Function (CPACF protected key) hardware is required and must be installed.
Crypto Express:
— On the z9® EC and the z10, the Crypto Express2 feature (feature code 0863) is required.
— On the z9 BC, the Crypto Express2 feature (feature code 0863) or the Crypto Express2-1P (feature code 0870) is required.
— At least one of the cryptographic engines must be configured as a coprocessor to provide secure key capability.
— Installation of either Crypto Express2 feature requires that the CP Assist for Cryptographic Functions (CPACF) DES/TDES Enablement feature (feature code 3863) is installed.On z890 and z990 systems, either a PCIXCC (feature code 0868) or a Crypto Express2 (feature code 0863) provides secure key support. Installation of either of these features requires that the CP Assist for Cryptographic Functions (CPACF) DES/TDES Enablement feature (feature code 3863) is installed.
The Cryptographic Coprocessor Feature (CCF) provides secure key support on z800, z900, and earlier machines (G3, G4, G5, G6, Multiprise 2000, and Multiprise 3000). The CCF hardware modules:
— Must be enabled with configuration data, a feature that is ordered separately.
— Require a processor power-on-reset (POR) to complete data loading into the cryptographic modules.
Because this hardware does not support the clear key APIs, the use of clear keys by InfoSphere Guardium Data Encryption for DB2 and IMS Databases is not supported on the CCF-based machines.
— The PCICC feature (feature code 0861) is an optional secure key device on the z800 and z900 systems.Additional hardware requirements for clear key data encryption include:
— A z890 or z990 or later server.
— z10 CP Assist for Cryptographic Functions (CPACF) DES/TDES Enablement (feature code 3863).A secure key device for initializing and using the CKDS.
— On a z890/z990 system, a PCIXCC or the CEX2 is required.
— On a z9 BC system, either a CEX2 or a CEX2-1P is required with at least one engine configured as a coprocessor.
— On a z9 EC or a z10 system, a CEX2 is required with at least one engine configured as a coprocessor.
For further configuration information, consult the following publications:
zEnterprise System Processor Resource/Systems Manager Planning Guide
System z10 System Processor Resource/Systems Manager Planning Guide
System z10 Support Element Operations Guide
