Using CA Tape Encryption in Your z/OS Environment › How CA Tape Encryption for CA Vtape Works
How CA Tape Encryption for CA Vtape Works
For sites using CA Tape Encryption Option for CA Vtape, you can encrypt backstored and recycled volumes as they are being created by the appropriate CA Vtape utility. You must apply maintenance to CA Vtape to support the integration with CA Tape Encryption Option for CA Vtape. Consider the following points:
- Data encryption for CA Vtape is activated at the VTGROUP level. Two CA Vtape GROUP parameters, when defined, tell CA Vtape to invoke output data encryption and which DFSMS data class to use.
- The BrightStorEncryption parameter identifies whether encryption is to be activated for backstored and recycled volumes for the primary, duplex, or both physical tape outputs.
- The BrightStorEncryptionDC parameter defines the DFSMS data class to use.
- The description field in the data class specified in the BrightStorEncyptionDC parameter must be updated to include the BES=(key_name) parameter to identify which key and encryption algorithm to use when encrypting CA Vtape backstored and recycled tapes.
- The need to decrypt a CA Vtape backstored or recycled tape is automatically detected during open input processing and the appropriate decryption routine is activated.
- CA Vtape automatically limits the blocksize for backstored and recycled volumes to a maximum of 64 KB when BrightStorEncryption is set to activate encryption.
Note: For more information about the integration between CA Vtape and CA Tape Encryption Option for CA Vtape, see the CA Vtape Virtual Tape System User Guide.
- The Display BACKSTORE command displays an “E” (Encrypted) for backstored and recycled volumes that are being created in encrypted format.
Note: To create B2B tapes you must license CA Tape Encryption Option for CA-1, CA Tape Encryption Option for CA TLMS, or the CA Tape Encryption Option for Third Party TMS.
