Pointy Haired Boss (Dilbert)
Sent from ProtonMail, Swiss-based encrypted email. GPG Public Key - https://api.protonmail.ch/pks/lookup?op=get&search=markjac...@protonmail.com ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Tuesday, April 2, 2019 9:30 AM, Vernooij, Kees (ITOP NM) - KLM <kees.verno...@klm.com> wrote: > PHB: poly-beta-hydroxybutyrate? > > Kees. > > > -----Original Message----- > > From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On > > Behalf Of Richards, Robert B. > > Sent: 02 April, 2019 15:18 > > To: IBM-MAIN@LISTSERV.UA.EDU > > Subject: Re: Pervasive encryption and batch temporary datasets > > In the strictest terms, yes, as long as you understand that pervasive > > encryption embodies all the pieces and parts and not just DS encryption. > > AND, with the current hardware of the z14 models and/or second generation > > LinuxONE machines. I am not sure I would use the "prereq" term though. > > Coreq might be better. :-) > > Too many people (PHB types) are misusing the term "Pervasive Encryption", > > probably intentionally. > > Bob > > -----Original Message----- > > From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On > > Behalf Of Allan Staller > > Sent: Tuesday, April 02, 2019 8:59 AM > > To: IBM-MAIN@LISTSERV.UA.EDU > > Subject: Re: Pervasive encryption and batch temporary datasets > > Let me try it this way. > > Is df/SMS encryption a pre-requisite to the z/14 "PERVASIVE ENCRYPTION"? > > Thanks for all you time and effort, > > -----Original Message----- > > From: IBM Mainframe Discussion List IBM-MAIN@LISTSERV.UA.EDU On Behalf > > Of Timothy Sipples > > Sent: Tuesday, April 2, 2019 1:06 AM > > To: IBM-MAIN@LISTSERV.UA.EDU > > Subject: Re: Pervasive encryption and batch temporary datasets > > Allan Staller wrote: > > > > > My understanding is that this was a "hardware" feature and did not > > > depend on DFSMS (except as possible an on/off switch). > > > In you post you refer to PERVASIVE ENCRYPTION (z/14?) vs pervasive > > > encryption (df/SMS). Can you comment on the prior posts requiring > > > DF/SMS extended format as a pre-requisite? > > > > I don't fully understand the question. > > Let's see how IBM explains these terms.... OK, here's how IBM defined > > Pervasive Encryption (and other terms) in October, 2017: > > "Pervasive encryption is a consumable approach to enable extensive > > encryption of data in-flight and at-rest to substantially simplify > > encryption and reduce costs associated with protecting data and achieving > > compliance mandates.... > > "The IBM z14 platform provides the hardware infrastructure, in a balanced > > system design, with the encryption capabilities that now make it possible > > to create a fortified perimeter around critical business data.... > > "The IBM Z operating environments, such as z/OS®, are designed to take > > advantage of the z14 platform imbedding the use of the z14 cryptographic > > engines within the operating environment to help create an environment > > where policies can be enforced that govern intrinsic data protection, > > helping clients build the perimeter around business data.... > > "z/OS V2.3 and z14 can help drive pervasive encryption efforts within an > > enterprise by supporting clients in their objective to meet complex > > compliance mandates by creating a fortified perimeter around core business > > data. z/OS is designed to provide new policy-based encryption options that > > take full advantage of the improvements in the z14 platform and can help > > clients protect their critical business data. These new capabilities > > include: > > • Enhanced data protection for many z/OS data sets, FS file systems, and > > Coupling Facility structures gives users the ability to encrypt data > > without needing to make changes to applications to imbed encryption APIs > > within applications > > • New z/OS policy controls make it possible to use pervasive encryption to > > help protect user data and simplify the task of compliance > > • z/OS Communications Server includes encryption-readiness technology to > > enable z/OS administrators to determine which TCP and Enterprise Extender > > traffic patterns to and from their z/OS systems meet approved encryption > > cr iteria and help simplify the task of compliance...." > > OK, so let's pick this apart again. Oversimplifying only slightly: > > Pervasive Encryption -- and I'll capitalize the second word, too -- is the > > "approach," the applied concept. In another era IBM might have called this > > concept an "Architecture." Maybe something like "Enterprise Encryption > > Architecture" (EAA). With a forward slash somewhere for good measure. :-) > > The z14 models (and second generation LinuxONE machines, I would add -- > > they featured in separate announcements) are the first (and only to date) > > hardware enablers of Pervasive Encryption. > > As with the z14 machine, z/OS Data Set Encryption is one (but only one) > > important enabler of Pervasive Encryption as applied to z/OS. Yes, you can > > implement Pervasive Encryption without z/OS; the concept applies to other > > operating systems, including Linux. > > You can pervasively encrypt (adverb, lowercase) data on machines prior > > to the z14, and for that matter without z/OS Data Set Encryption. > > Encryption, and the ability of application programmers to use it, even > > pervasively, has been an evolving fixture of IBM Z (and prior) platforms > > since the 1970s. > > And if you had/have a particularly energetic and dedicated application > > development team, well managed and supervised, you can pervasively encrypt > > data. Nobody I've encountered actually did this (pervasively encrypt all > > data), which is why Pervasive Encryption is quite important and > > revolutionary. You can also use z/OS Data Set Encryption, even > > pervasively, on IBM z196/z114 and newer machines. There will be processing > > overhead and possible service level implications pre-z14, but you can, and > > you probably should, at least to some degree. (Make forward progress, > > always.) However, in IBM's view, Pervasive Encryption -- the > > "architectural level set," as it were -- requires IBM z14 (or second > > generation LinuxONE machines), and it requires adopting multiple z/OS > > features if you have z/OS, including but not limited to z/OS Data Set > > Encryption. > > Does all that make sense now? > > Or, if you want the short official version, here's what IBM wrote in its > > z/OS Data Set Encryption FAQ: > > "What is the difference between data set encryption in z/OS V2.2 and > > pervasive encryption in the July 2017 IBM Z announcements? > > "Data set encryption, which is one aspect of pervasive encryption, is > > available in z/OS V2.2 when the requisite service is applied." > > Too simple. I would have added "which is one aspect of Pervasive > > Encryption as applied to z/OS," but that would have required 4 more words. > > :-) > > Yes, lots of people ask questions such as, "We're implementing Pervasive > > Encryption on z/OS. Does it support zFS?" I know what the questioner > > means: z/OS Data Set Encryption here, not Pervasive Encryption. The > > pronoun "it" in this example actually, in reality, refers to z/OS Data Set > > Encryption. Sometimes it helps to be precise, but as long as I understand > > the question, I'm fine. I won't quibble. > > > > Timothy Sipples > > IT Architect Executive, Industry Solutions, IBM Z & LinuxONE > > > > ----------------------------------------------------------------------------- > > > > E-Mail: sipp...@sg.ibm.com > > > > For IBM-MAIN subscribe / signoff / archive access instructions, send email > > to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > > ::DISCLAIMER:: > > > > ------------------------------------------------------------------------------------------------------------------------------------------------------ > > > > The contents of this e-mail and any attachment(s) are confidential and > > intended for the named recipient(s) only. E-mail transmission is not > > guaranteed to be secure or error-free as information could be intercepted, > > corrupted, lost, destroyed, arrive late or incomplete, or may contain > > viruses in transmission. The e mail and its contents (with or without > > referred errors) shall therefore not attach any liability on the > > originator or HCL or its affiliates. Views or opinions, if any, presented > > in this email are solely those of the author and may not necessarily > > reflect the views or opinions of HCL or its affiliates. Any form of > > reproduction, dissemination, copying, disclosure, modification, > > distribution and / or publication of this message without the prior > > written consent of authorized representative of HCL is strictly > > prohibited. If you have received this email in error please delete it and > > notify the sender immediately. Before opening any email and/or > > attachments, please check them for viruses and other defects. > > > > ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ > > > > For IBM-MAIN subscribe / signoff / archive access instructions, > > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > > > > For IBM-MAIN subscribe / signoff / archive access instructions, > > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > > For information, services and offers, please visit our web site: > http://www.klm.com. This e-mail and any attachment may contain confidential > and privileged material intended for the addressee only. If you are not the > addressee, you are notified that no part of the e-mail or any attachment may > be disclosed, copied or distributed, and that any other action related to > this e-mail or attachment is strictly prohibited, and may be unlawful. If you > have received this e-mail by error, please notify the sender immediately by > return e-mail, and delete this message. > > Koninklijke Luchtvaart Maatschappij NV (KLM), its subsidiaries and/or its > employees shall not be liable for the incorrect or incomplete transmission of > this e-mail or any attachments, nor responsible for any delay in receipt. > Koninklijke Luchtvaart Maatschappij N.V. (also known as KLM Royal Dutch > Airlines) is registered in Amstelveen, The Netherlands, with registered > number 33014286 > > -- > > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
