Encrypting BPE trace data sets

BPE trace records do not usually contain sensitive data. However, since IMS Version 11, the IMS Connect recorder trace (TYPE=RCTR) can use the BPE trace facility, and the recorder trace might contain sensitive data (messages). Thus you may want to encrypt BPE trace data sets if they can be used for the IMS Connect recorder trace.

Use either RACF rules or a DATACLAS with a key label specified to encrypt BPE trace data sets. The BPE EXTTRACE statement in the BPE configuration PROCLIB member does not support the DSKEYLBL parameter.

If you use RACF rules, define a rule that associates the BPE trace data set names with the key label. Once RACF has been updated, newly-created BPE trace data sets will be encrypted.

If you use a DATACLAS with a key label specified, perform the following steps:

1. Update your BPE configuration PROCLIB member. Add or change the DATACLAS parameter of the EXTTRACE statement to the data class that has the key label you want.
2. Issue the following command:

   F jobname,UPD TRTAB NAME(*) OPTION(REREAD)

   This will re-read the BPE configuration PROCLIB member and update the data class associated with the BPE trace data sets. If BPE external trace is currently active, the current data set is closed and a new one is opened by using the updated EXTTRACE parameters. If BPE external trace is not active, then the new EXTTRACE parameters will be used the next time BPE external trace is used.