DFSMSdfp AMS |
AMS commands, CREATE VOLUMEENTRY, ALTER VOLUMEENTRY,
DCOLLECT, and LISTCAT are changed to support the new EEFMT2 recording
technology for encryption. One new subparameter, EEFMT2, for the
parameter RECORDING, has been added for CREATE VOLUMEENTRY and ALTER
VOLUMEENTRY. AMS allows the use of the new EEFMT2 recording technology,
as well as the printing and displaying of information about the recording
technology. |
DFSMSdfp Device Services |
Device Services manages the IBM System Storage
Tape System devices. |
DFSMSdfp ISMF |
The ISMF Data Class Application and Mountable
Tape Volume Application panels have been enhanced to allow the specification
of a new value (EE2 for EEFMT2) in the Recording Technology Format
field. A new panel (DGTDCDC8) will be displayed to allow the specification
of key labels and encoding mechanisms. |
DFSMSdfp NaviQuest |
NaviQuest sample jobs and CLISTs have been updated
to support tape encryption in the data class. |
DFSMSdfp OAM |
OAM tape library support allows the use of the
new EEFMT2 recording technology and IBM System Storage family of tape
media in the IBM 3494 and 3584 Automated Tape library and in the manual
tape library. OAM object tape support allows the use of encryption-capable
TS1120 tape drives and media for object-related activity. |
DFSMSdfp OCE/IFGOJES3 |
OCE/IFGOJES3 allows the use of the new EEFMT2
recording technology. |
DFSMSdfp SMS |
SMS allows the use of the new EEFMT2 recording
technology. You can specify a data class to require data encryption
(EEFMT2) with media types MEDIA5 through MEDIA10. You can also use
a data class to specify two new key labels and two new corresponding
key encoding mechanisms. Specification of the key labels is optional
and is only valid with DISP=NEW and file sequence number 1. Otherwise,
it is ignored. |
DFSMSdss |
DFSMSdss ensures that encrypted data dumped
to an encryption-capable TS1120 tape drive will not be doubly encrypted,
unless the user makes specific arrangements for double-encryption.
DFSMSdss
Stand Alone Restore will not read a dump data set that resides on
an encrypted tape.
|
DFSMShsm |
DFSMShsm allows the use of encryption-capable
TS1120 tape drives and media for all DFSMShsm tape related functions:
- LIST command
- The LIST TTOC SELECT parameters have been extended to take new
values EEFMT2 (or EE2), ENCRYPTION (or ENCRYPTED), and NOENCRYPTION
(or NOTENCRYPTED).
- Tape hardware encryption for DFSMShsm Dump
- The DFSMShsm Dump function can now use tape hardware encryption
to encrypt dump output. If DUMPCLASS specifies host based encryption
(and possibly host based compaction before encryption, known as HWCOMP),
but the associated data class specifies tape hardware encryption,
DFSMSdss will ignore the request for host based encryption and honor
instead the request for tape hardware encryption. The volume's associated
DVL record will show whether tape hardware encryption or host based
encryption was done.
The LIST DUMPVOL(vol) output includes a new
value of THW for the ENC heading indicating the data is Tape Hardware
Encrypted.
For z/OS V1R8 and above, LIST COPYPOOL shows a value
of THW for a Tape Hardware Encrypted tape.
|
DFSMSrmm |
DFSMSrmm records the Key Labels and their encoding
mechanism in the Volume record. |
DFSORT |
DFSORT works without change with the IBM System
Storage Tape System devices. |
EREP |
EREP provides unique device type information
for encryption-capable TS1120 tape drives when formatting LOGREC records. |
z/OS Multiple Virtual Storage (MVS) Allocation |
MVS Allocation allows specification of the key
labels. It also allows the use of the new EEFMT2 recording technology
when using the Dynamic Allocation Text Unit DALINCHG. |
z/OS Multiple Virtual Storage (MVS) IOS |
MVS IOS has been updated to support Key Management:
- In-band Key Management
- If in-band key management is being used, the existing IOS PARMLIB
member IECIOSxx will be updated specifying the TCP/IP related information
needed to direct the ESCON/FICON proxy to the appropriate Encryption
Key Manager. In this case, encryption key management (in-band) is
defined for the system through the IOS PARMLIB member.
- IOS Proxy Sockets Initialization
- You can optionally specify the DNS name or IP address
of an Encryption Key Manager (EKM) that will provide the key management
functions for the system. The EKM can be designated with a new keyword
in the IECIOSxx SYS1.PARMLIB member or as a keyword on the SETIOS
operator command.
- IECIOSXX Parmlib and SETIOS Commands
- You can use the EKM subcommand in parmlib or in the
SETIOS console command to specify the host name of the Encryption
Key Manager (primary and secondary).
|
z/OS Multiple Virtual Storage (MVS) Scheduler/SJF |
MVS Scheduler/SJF validates the JCL DD keywords
KEYLABL1, KEYLABL2, KEYENCD1, and KEYENCD2, if used. |