Configuring CA Tape Encryption › How Configuration and Customization Work
How Configuration and Customization Work
The system programmer should work closely with the security administrator to determine appropriate parameter attributes and settings for controlling the behavior of CA Tape Encryption for your site. Configuration and customization of CA Tape Encryption involves the following:
- Customize the CA Encryption Subsystem (BES) to identify the symmetric keys and encryption algorithms to use and to specify how often to regenerate them. The BES task must also be configured to identify the key rings that will contain digital certificates to use when performing encryption for business-to-business (B2B) tapes. For information about customizing parmlib attributes, see the chapter, “Defining System Options in Parmlib.”
- Tape data sets are selected for encryption processing through the use of DFSMS Automatic Class Selection (ACS) routines and one or more data classes or through the use of the CA@BES class and security protection profiles defined to your security system. The ACS routines on your system must be updated to identify the data sets that you want encrypted by assigning them to a data class associated with encryption processing. For information about selecting tape files for encryption and defining security resource profiles, see the Administration Guide.
- Additional customization is required to create B2B tapes to send to business partners, based on Public Key Algorithm processing. Digital certificates must be created through an external security system such as CA ACF2, CA Top Secret, or IBM Security Server RACF. For information about using digital certificates, see the Administration Guide and also refer to your security system documentation about creating digital certificates.
Note: After reading this guide, you can refer to the Installation Guide, Administration Guide, Audit Guide, and Message Reference Guide for additional information about CA Tape Encryption. In addition, the CA Customer and Technical Support internet website offers procedural information, product news, and answers to questions you may encounter.
