FDRCRYPT and FDRCAMS encrypt your FDR, ABR and IDCAMS REPRO backups, reducing the risk of data
exposure, and protecting the data against unauthorised access by anyone that does not possess
the proper encryption keys.
- Various levels of software encryption are available, each offering varying strengths
of encryption to be offset against CPU requirements.
- Hardware encryption and hardware assists are also supported, which can significantly
reduce the CPU and elapsed time overheads usually associated with encrypting data.
The protection of your backups and the securing of the data on them is
now required by many of today’s government, industry and
corporate privacy and security laws and regulations. This includes the
European Data Protection Directive, HIPAA, Sarbanes-Oxley, and DOD
requirements, among others in Europe, the USA and other countries.
Data encryption now plays a key role in the protection of your backups -
particularly any backups that are destined to go offsite or outside of
FDRCRYPT and FDRCAMS offer various types of software encryption of varying strength.
This allows you to balance the sensitivity of the data with the additional cost in
CPU and elapsed time to encrypt that data.
- TDES Triple Data Encryption Standard, uses the DES algorithm 3 times,
with 3 different keys of 64 bits each (192 bits total) to encrypt the data.
- AES uses a 128, 192 or 256-bit encryption key to do a repetitive transformation
of the data. AES is the current standard for US government encryption.
- CIPHER also uses a substitution table, and then each byte is moved to a different
location in the data block.
All encryption algorithms are implemented entirely within FDRCRYPT and FDRCAMS and do not
depend on any other installed encryption hardware or software. This ensures that the
data can be decrypted (by FDRCRYPT or FDRCAMS) at any disaster site.
FDRCRYPT encryption is supported on all full volume, incremental, application and
data set backups created by FDR, FDRINC
In addition to the software encryption described above, FDRCRYPT and FDRCAMS support the
following hardware encryption and hardware assists:
- AES hardware encryption on IBM z9 BC/EC processors (and their successors)
- TDES on z890, z990 and z9 processors (and their successors).
- The z/9 hardware assist (CPACF), which is a standard, no-cost feature on the z/9
Utilization of these hardware instructions can significantly reduce the CPU and elapsed time
overheads usually associated with encryption.
As well as supporting all backup types created by the FDR DASD Management Family, FDRCRYPT also
includes a sub-component called FDRCAMS, a front-end to IBM’s IDCAMS, which allows the encryption
and decryption of output sequential data sets created by REPRO. The same encryption algorithms
included in FDRCRYPT are also available under FDRCAMS.
With FDRCAMS, sequential copies of your VSAM or IAM
files (or PS data sets) can be encrypted prior to shipment to other companies or government agencies.
The encrypted data set can be on tape, or on disk for delivery via email or FTP. A free, unlicensed copy
of FDRCAMS (called FDRDECRY) can then be downloaded from this website and then installed at
the receiving location to allow the encrypted IDCAMS files to be decrypted.
If you are involved in the broader subject of your company’s data security, you may also be
interested in FDRERASE, another security-related member of the FDR DASD Management Family.
FDRERASE is an EAL2+ certified product that can quickly erase many z/OS disk volumes in
parallel, allowing you to erase your data in the minimum elapsed time.
On average, the ERASE function of FDRERASE can erase approximately 1.5Tb of data
(per DASD controller) in 1 hour. Two FDRERASE jobs running against two separate DASD
controllers could erase approximately 3Tb in 1 hour.
See the FDRERASE section for more details.
For more introductory information on FDRCRYPT, see the Product Portfolio Sheet
For more technical detail on FDRCRYPT, see the Tech Detail section.
return to top
Ameren migrates 10TB of storage to new volumes without interruption with FDRPAS
A Sound Investment Citigroup tames its backup environment with dedicated mainframes