PHB: poly-beta-hydroxybutyrate? Kees.
> -----Original Message----- > From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On > Behalf Of Richards, Robert B. > Sent: 02 April, 2019 15:18 > To: IBM-MAIN@LISTSERV.UA.EDU > Subject: Re: Pervasive encryption and batch temporary datasets > > In the strictest terms, yes, as long as you understand that pervasive > encryption embodies all the pieces and parts and not just DS encryption. > AND, with the current hardware of the z14 models and/or second generation > LinuxONE machines. I am not sure I would use the "prereq" term though. > Coreq might be better. :-) > > Too many people (PHB types) are misusing the term "Pervasive Encryption", > probably intentionally. > > Bob > > -----Original Message----- > From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On > Behalf Of Allan Staller > Sent: Tuesday, April 02, 2019 8:59 AM > To: IBM-MAIN@LISTSERV.UA.EDU > Subject: Re: Pervasive encryption and batch temporary datasets > > Let me try it this way. > > Is df/SMS encryption a pre-requisite to the z/14 "PERVASIVE ENCRYPTION"? > > Thanks for all you time and effort, > > > > -----Original Message----- > From: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> On Behalf > Of Timothy Sipples > Sent: Tuesday, April 2, 2019 1:06 AM > To: IBM-MAIN@LISTSERV.UA.EDU > Subject: Re: Pervasive encryption and batch temporary datasets > > Allan Staller wrote: > >My understanding is that this was a "hardware" feature and did not > >depend on DFSMS (except as possible an on/off switch). > >In you post you refer to PERVASIVE ENCRYPTION (z/14?) vs pervasive > >encryption (df/SMS). Can you comment on the prior posts requiring > >DF/SMS extended format as a pre-requisite? > > I don't fully understand the question. > > Let's see how IBM explains these terms.... OK, here's how IBM defined > Pervasive Encryption (and other terms) in October, 2017: > > "Pervasive encryption is a consumable approach to enable extensive > encryption of data in-flight and at-rest to substantially simplify > encryption and reduce costs associated with protecting data and achieving > compliance mandates.... > > "The IBM z14 platform provides the hardware infrastructure, in a balanced > system design, with the encryption capabilities that now make it possible > to create a fortified perimeter around critical business data.... > > "The IBM Z operating environments, such as z/OS®, are designed to take > advantage of the z14 platform imbedding the use of the z14 cryptographic > engines within the operating environment to help create an environment > where policies can be enforced that govern intrinsic data protection, > helping clients build the perimeter around business data.... > > "z/OS V2.3 and z14 can help drive pervasive encryption efforts within an > enterprise by supporting clients in their objective to meet complex > compliance mandates by creating a fortified perimeter around core business > data. z/OS is designed to provide new policy-based encryption options that > take full advantage of the improvements in the z14 platform and can help > clients protect their critical business data. These new capabilities > include: > > • Enhanced data protection for many z/OS data sets, FS file systems, and > Coupling Facility structures gives users the ability to encrypt data > without needing to make changes to applications to imbed encryption APIs > within applications > > • New z/OS policy controls make it possible to use pervasive encryption to > help protect user data and simplify the task of compliance > > • z/OS Communications Server includes encryption-readiness technology to > enable z/OS administrators to determine which TCP and Enterprise Extender > traffic patterns to and from their z/OS systems meet approved encryption > cr iteria and help simplify the task of compliance...." > > OK, so let's pick this apart again. Oversimplifying only slightly: > > Pervasive Encryption -- and I'll capitalize the second word, too -- is the > "approach," the applied concept. In another era IBM might have called this > concept an "Architecture." Maybe something like "Enterprise Encryption > Architecture" (EAA). With a forward slash somewhere for good measure. :-) > > The z14 models (and second generation LinuxONE machines, I would add -- > they featured in separate announcements) are the first (and only to date) > hardware enablers of Pervasive Encryption. > > As with the z14 machine, z/OS Data Set Encryption is one (but only one) > important enabler of Pervasive Encryption as applied to z/OS. Yes, you can > implement Pervasive Encryption without z/OS; the concept applies to other > operating systems, including Linux. > > You *can* pervasively encrypt (adverb, lowercase) data on machines prior > to the z14, and for that matter without z/OS Data Set Encryption. > Encryption, and the ability of application programmers to use it, even > pervasively, has been an evolving fixture of IBM Z (and prior) platforms > since the 1970s. > And if you had/have a particularly energetic and dedicated application > development team, well managed and supervised, you can pervasively encrypt > data. Nobody I've encountered actually did this (pervasively encrypt all > data), which is why Pervasive Encryption is quite important and > revolutionary. You can also use z/OS Data Set Encryption, even > pervasively, on IBM z196/z114 and newer machines. There will be processing > overhead and possible service level implications pre-z14, but you can, and > you probably should, at least to some degree. (Make forward progress, > always.) However, in IBM's view, Pervasive Encryption -- the > "architectural level set," as it were -- requires IBM z14 (or second > generation LinuxONE machines), and it requires adopting multiple z/OS > features if you have z/OS, including but not limited to z/OS Data Set > Encryption. > > Does all that make sense now? > > Or, if you want the short official version, here's what IBM wrote in its > z/OS Data Set Encryption FAQ: > > "What is the difference between data set encryption in z/OS V2.2 and > pervasive encryption in the July 2017 IBM Z announcements? > "Data set encryption, which is one aspect of pervasive encryption, is > available in z/OS V2.2 when the requisite service is applied." > > Too simple. I would have added "which is one aspect of Pervasive > Encryption as applied to z/OS," but that would have required 4 more words. > :-) > > Yes, lots of people ask questions such as, "We're implementing Pervasive > Encryption on z/OS. Does it support zFS?" I know what the questioner > *means*: z/OS Data Set Encryption here, not Pervasive Encryption. The > pronoun "it" in this example actually, in reality, refers to z/OS Data Set > Encryption. Sometimes it helps to be precise, but as long as I understand > the question, I'm fine. I won't quibble. > > -------------------------------------------------------------------------- > ------------------------------ > Timothy Sipples > IT Architect Executive, Industry Solutions, IBM Z & LinuxONE > -------------------------------------------------------------------------- > ------------------------------ > > E-Mail: sipp...@sg.ibm.com > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, send email > to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > ::DISCLAIMER:: > -------------------------------------------------------------------------- > -------------------------------------------------------------------------- > -------------------------------------------------------------------------- > -------------------------------------------------------- > The contents of this e-mail and any attachment(s) are confidential and > intended for the named recipient(s) only. E-mail transmission is not > guaranteed to be secure or error-free as information could be intercepted, > corrupted, lost, destroyed, arrive late or incomplete, or may contain > viruses in transmission. The e mail and its contents (with or without > referred errors) shall therefore not attach any liability on the > originator or HCL or its affiliates. Views or opinions, if any, presented > in this email are solely those of the author and may not necessarily > reflect the views or opinions of HCL or its affiliates. Any form of > reproduction, dissemination, copying, disclosure, modification, > distribution and / or publication of this message without the prior > written consent of authorized representative of HCL is strictly > prohibited. If you have received this email in error please delete it and > notify the sender immediately. Before opening any email and/or > attachments, please check them for viruses and other defects. > -------------------------------------------------------------------------- > -------------------------------------------------------------------------- > -------------------------------------------------------------------------- > -------------------------------------------------------- > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN ******************************************************** For information, services and offers, please visit our web site: http://www.klm.com. This e-mail and any attachment may contain confidential and privileged material intended for the addressee only. If you are not the addressee, you are notified that no part of the e-mail or any attachment may be disclosed, copied or distributed, and that any other action related to this e-mail or attachment is strictly prohibited, and may be unlawful. If you have received this e-mail by error, please notify the sender immediately by return e-mail, and delete this message. Koninklijke Luchtvaart Maatschappij NV (KLM), its subsidiaries and/or its employees shall not be liable for the incorrect or incomplete transmission of this e-mail or any attachments, nor responsible for any delay in receipt. Koninklijke Luchtvaart Maatschappij N.V. (also known as KLM Royal Dutch Airlines) is registered in Amstelveen, The Netherlands, with registered number 33014286 ******************************************************** ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
