Introduction › About This Guide

About This Guide

This guide introduces you to CA Tape Encryption. By the time you have finished reading this guide, you will have an overview of the wide scope of the product and its usability will be familiar to you. It is important to us that you feel comfortable with CA Tape Encryption before you begin to use it.

Features

CA Tape Encryption is a software-based encryption appliance that provides a convenient and secure method for automating the encryption and decryption of confidential data on tape volumes in the z/OS operating environment. It includes the following features:

• Support for asymmetric cryptography using public key/private key pairs for sending tapes to business partners.
• Support for symmetric cryptography using algorithms that comply with Advanced Encryption Standard (AES), Data Encryption Standard (DES), and Triple Data Encryption Standard (TDES).
• Exploitation of IBM cryptographic hardware when performing calls to IBM's Integrated Cryptographic Service Facility (ICSF) and when encrypting and decrypting symmetric keys using the Rivest, Shamir, and Adleman (RSA) algorithm.
• Encryption and decryption of any application tape data without application or JCL changes.
• Automated and transparent encryption and decryption, including the selection of files to encrypt.
• Exploitation of ICSF to create and manage cryptographic keys and perform encryption processes.
• Support for Federal Information Processing Standards (FIPS 140-2).
• Graphical management capabilities for auditing tape encryption activity using CA Vantage GMI, available as a free component of CA Tape Encryption.
• Automated key management, including scheduling key generation and managing deactivated keys.
• Automated key management for the IBM TS1120 Encryption Key Manager (EKM) is also provided when the CA Encryption Key Manager is licensed.
• Integration with the leading tape management systems, as well as with CA Disk Backup and Restore and CA Vtape Virtual Tape System, through the following options:
  • CA Tape Encryption Option for CA Disk
  • CA Tape Encryption Option for CA Vtape
  • CA Tape Encryption Option for CA 1
  • CA Tape Encryption Option for CA TLMS
  • CA Tape Encryption Option for Third Party TMS

  Note: For more information about these options, see the chapter “Using CA Tape Encryption in Your z/OS Environment.”

  • Detailed reports of encryption and decryption activity using the z/OS System Logger, which can be viewed through batch reporting on z/OS, and a debugging facility.
• Support for up to eight independent CA Tape Encryption subsystems on the same LPAR, for failover and separate test subsystems.
• Transparent integration with CA ACF2, CA Top Secret, and IBM Security Server RACF to maintain digital certificates for use when sending tapes to business partners, and optionally to select data sets for encryption and control access to CA Tape Encryption console commands, keys, and utilities.
• Integrated data compression lets you selectively compress files before they are encrypted on tape, using standard compression methods.
• The ability to create emails to assist in configuring Library Managed IBM TS1120 or TS1130 tape libraries for encryption processing when attached to non-z/OS platforms. PARMLIB attributes in the DynamicOptions and SymmetricKey are configured that result in emails being sent to one or more email addresses.

  The email identifies the Key Label of the digital certificate to enter into the Library-Managed IBM TS1120 encryption tape library attached to non-z/OS platforms. This makes it easier to change the digital certificate used to protect tapes created by these Library-Managed encrypting tape libraries. An email is sent automatically when the current key instance is changed.

Note: After reading this guide, you can refer to the Installation Guide, Configuration Guide, Audit Guide, and Message Reference Guide for additional information about CA Tape Encryption. In addition, the CA Customer and Technical Support internet website offers procedural information, product news, and answers to questions you may encounter.

CA Integration Platform Services Requirements

CA Integration Platform Services (formerly known as CA Common Services) used with CA Tape Encryption include:

• CAIRIM
• EARL Service
• CA Health Checker Common Service
• CA LMP

If there are other CA products used at your site, some of these services may already be installed.

In general, CA Tape Encryption requires CA Integration Platform Services at Service Level 3.0 30SP05AWOM2, but CA recommends that you upgrade to CA Integration Platform Services r11 SP8 for the CA Health Checker common service.