I’m not sure but I can try to find out from our storage guys. On Mon, May 9, 2022 at 12:18 PM Pommier, Rex <[email protected]> wrote:
> Mike, > > Does the 8950 HMC based encryption require an ISKLM license? We are > currently replicating from an 8910 to an 8884 and the 8884 is falling off > support at the end of the year so we'll be replacing it with another 8910 > most likely. I'm wondering if I'll still need ISKLM for disk if we move > our encryption key serving to the HMCs. > > Thanks, > > Rex > > -----Original Message----- > From: IBM Mainframe Discussion List <[email protected]> On Behalf > Of Michael Babcock > Sent: Monday, May 9, 2022 12:10 PM > To: [email protected] > Subject: [EXTERNAL] Re: How do you Prove that you no longer need a working > SKLM server or started task. > > We had DS8886 boxes and used a AP1 appliance with SKLM installed. These > are no longer offered by IBM. We just upgraded to DS8950s and it has the > option to do key management within the HMCs on the DS8950s. We went this > route. > > On Mon, May 9, 2022 at 11:37 AM Tom Longfellow < > [email protected]> wrote: > > > We have been doing hardware based tape and disk encryption for a very > > long time. So long in fact that I think we have 'upgraded' ourselves > > out of the SKLM (or EKM) business. > > > > The standalone servers were installed way back in our early years of > > DS8000 technology (before they started offering the standalone feature > code > > for a dedicated box to handle keys). In the meantime we have gone > through > > a few upgrades and we are currently at the DS8884 technology. I > cannot > > find any config info in the DS8884 on 'how to access' an external SKLM > > server. I think we have gone internal somehow. > > > > The SKLM address spaces under z/OS were setup in our days of 3592 > > tapes with encryption labels on the tapes themselves. 3592 is another > > technology no longer present in our current data center. A TS7760 grid > with encrypted > > virtual tape disk cache handled the encryption requirement. Our SKLM > > setup had two lpars, each backing the other in a primary/secondary > > relationship across an internal hipersockets link. > > > > My gut reaction is to just turn them off and lets the chips fall where > > they may, but that is not the 'professional' way to handle it. > > > > Does anyone know how to prove the negative: That I do not need these > > servers. > > > > ---------------------------------------------------------------------- > > For IBM-MAIN subscribe / signoff / archive access instructions, send > > email to [email protected] with the message: INFO IBM-MAIN > > > -- > Michael Babcock > OneMain Financial > z/OS Systems Programmer, Lead > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, send email > to [email protected] with the message: INFO IBM-MAIN > > ---------------------------------------------------------------------- > The information contained in this message is confidential, protected from > disclosure and may be legally privileged. If the reader of this message is > not the intended recipient or an employee or agent responsible for > delivering this message to the intended recipient, you are hereby notified > that any disclosure, distribution, copying, or any action taken or action > omitted in reliance on it, is strictly prohibited and may be unlawful. If > you have received this communication in error, please notify us immediately > by replying to this message and destroy the material in its entirety, > whether in electronic or hard copy format. Thank you. > > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > -- Michael Babcock OneMain Financial z/OS Systems Programmer, Lead ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
