IBM DS8700, Введение и руководство по планированию

Страница: 109 / 256

and even though they generate 2048 bit wrapping keys. To support export of
keys between z/OS 1.9 and other key server operating systems, key labels must
be created on the z/OS and exported to the other operating systems.
v
When using the RACF on z/OS 1.10, the RACF keystore supports 2048-bit data
keys. There is no limitation on which Tivoli Key Lifecycle Manager operating
system is used to create key labels.
v When using the ICSF on z/OS, the ICSF keystore supports 2048-bit data keys.
ICSF
Secure Key mode must be selected in a server configuration that has an
isolated key server and System z server. In this case, the isolated key server and
System z server share public keys and a public-private key pair is shared
between System z servers in a secure key mode. The procedure to do a public
key exchange is different from the procedure to do a public/private key
exchange.
The following hardware features are related to DS8000 encryption:
v IBM Full Disk Encryption hardware features
– 400 GB SSD drives
– 146 GB 15K RPM, 300 GB 15K RPM, 450 GB 10K RPM, 600 GB 10K RPM, and
900 GB 10K RPM SAS drives
– 3 TB 7.2K RPM SAS drives
– No factory intermix of IBM Full Disk Encryption drives and non-IBM Full
Disk Encryption drives
– Field MES for additional IBM Full Disk Encryption drives on a DS8000 that is
shipped from factory with all IBM Full Disk Encryption drives
v
Redundant (external) HMC
v Billable service action to discontinue box and disable encryption
v
Billable service action to perform box secure erase
The following equipment and software is related to DS8000 encryption:
v IBM System L5420 ordered to configure the subsequent software
v
SuSE operating system
v Tivoli Key Lifecycle Manager
Virtual private network
A virtual private network (VPN) is a private network that securely connects
corporate networks across the Internet to remote offices and users.
A VPN enables you to send data between two computers across a shared or public
internetwork in a manner that emulates the properties of a point-to-point private
link. A VPN provides user authentication, data encryption, and data integrity to
ensure the security of the data while in transit across private networks and the
Internet.
VPNs securely convey information across the Internet by connecting remote users,
branch offices, and business partners into an extended corporate network. Many
companies are replacing their existing telecommunications infrastructure with
VPNs, by implementing secure IP tunnels across the Internet between corporate
sites as well as to business partners and remote users.
Because security is a critical issue for companies worldwide, VPN connections
provide a secure infrastructure that require systems to work together to mitigate
Chapter 3. Data management features
87