You can use tape device encryption or host-based encryption to
encrypt a tape volume, but not both methods. Because DFSMSdss avoids
performing double encryption of tape data, you must determine which
type of encryption, if any, is to be used for your tape volumes. In
general, DFSMSdss prevents you from combining both types of encryption
to perform double encryption of tape volumes.
Table 1 shows how DFSMSdss processes potential double
encryption requests, specified through the DFSMSdss DUMP command.
Table 1. DFSMSdss processing of dump encryption requestsDump encryption request |
DFSMSdss action |
---|
Your DUMP command specifies host-based encryption
(through the RSA or KEYPASSWORD keywords), and all of the available
tape drives are encryption-capable tape drives. Your request might
also specify host-based compression (through the HWCOMPRESS keyword). |
- DFSMSdss issues informational message ADR518I to indicate that
tape device encryption was used instead of host-based encryption
- DFSMSdss ignores the compression request, if any.
|
Your DUMP command specifies host-based encryption
and one or more of the available tape drives are not encryption enabled.
Your request might also specify host-based compression. |
- DFSMSdss issues error message ADR519E to indicate that one or
more of the available tape drives cannot perform encryption. To avoid
performing double encryption of data, DFSMSdss uses only encryption-capable
tape drives. DFSMSdss issues error message ADR324E to list the unused
output devices.
- DFSMSdss ignores the compression request, if any.
- DFSMSdss continues processing the DUMP request as long as there
are usable tape drives. On completion, DFSMSdss ends the task with
return code 8.
|
Your DUMP command does not specify host-based
encryption and all of the available tape drives are encryption-capable
tape drives. Your request might also specify host-based compression. |
- Encryption-capable tape drives perform encryption
- DFSMSdss performs host-based compression, if requested.
|
Your DUMP command does not specify host-based
encryption and one or more of the available tape drives are not encryption
enabled. Your request might also specify host-based compression. |
- DUMP requests for encryption-capable tape drives are encrypted
by the tape drives
- DUMP requests for non-encrypting tape drives are processed without
encryption of any type
- DFSMSdss performs host-based compression, if requested.
|
For tapes that require host-based encryption, ensure that your
dump-requesting jobs use only tape drives that are not encryption
capable. To do so, check the data classes of the output ddnames to
ensure that the jobs do not specify a data class that requests encryption
from the encryption-capable tape drives.