Pervasive Encryption: Middleware Experiences
LisaDodaro 120000QTNQ Visits (8211)
V2R3 Data Set Encryption and IBM MQ
Author: Lisa Dodaro
This topic discusses our experience with IBM MQ V8, V9 and V90x with Pervasive Encryption while testing z/OS V2R3 and IBM z14 hardware.
To test in our environment, we defined an SMS data class with the Extended Attribute enabled as well as a Data Set Key Label to encrypt our new BSDS and archive logs. The new bootstrap data set (BSDS) was created and we used Access Method Services REPRO command to copy the current BSDS into the new BSDS.
We also setup some of our QMGR archive logs to exploit COMPACTION using zEDC hardware along with Data Set Encryption by defining a separate SMS data class to also specify COMPRESSION = ZR
To encrypt our MQ coupling facility (CF) structure data we updated our CFRM policy to specify ENCRYPT(YES) for some our administration and application structures. Once the CFRM policy was updated and activated we rebuilt these structures to pick up the changes.
Please reference the following MQ documentation in IBM Knowledge center, particularly the section: z/OS Data Set Encryption
V2R2 & V2R3 Data Set Encryption and IBM IMS
Author: Bob Fantom
We tested IMS exploitation of Z Pervasive Encryption on z/OS V2R2 and z/OS V2R3 systems using an IMS V14 6-way datasharing IMSplex.
No IMS product APARs or PTF's were needed to support Z Pervasive Encryption.
zPET tested with the following IMS data sets encrypted:
Note: The extended addressability attribute is not supported for IMS data sets. We encountered the following error and set extended addressability attribute to N in data class to disable extended addressability:
zPET tested with following IMS CF structures with CF structure data encryption enabled:
For additional details of Z Pervasive Encryption and IMS support of Z Pervasive Encryption, please reference Data Set Encryption for IBM® z/OS® V2.2 Frequently Asked Questions: http
V2R2 & V2R3 Data Set Encryption and CICS
Author: Dan Roth
This topic discusses our experience with IBM CICS TS 5.3, z/OS V2R2 & V2R3, along with z14 hard
To test in our environment, we defined several SMS data classes to accommodate a varied set of database files using either encryption or encryption and compression:
We implemented CF structure data encryption on structures for RLSCACHE and CICS servers (temp storage, named counters, CF data tables) via the ENCRYPT(YES) CFRM policy para
We implemented encryption on CICS system log and VSAM forward recovery data sets
We chose to also encrypt our CICS system datasets, even if all of these may not contain sensitive data in a production environment: DFHBRNSF, DFHDPFMB, DFHGCD, DFHINTRA, DFHLCD, DFHLRQ, DFHPIDIR, DFHTEMP, FILE
For CICS Data Set Encryption: http