Administration Guide › Managing Exception and Exclusion Files › Creating or Updating an Exception File › Specifying Special Processing Options › Security Algorithm and Key

Security Algorithm and Key

Specify a Security Algorithm Name and Security Key to enable CA VM:Backup to perform the following functions:

• Encrypt the specified data as it is backed up to tape during a backup job
• Restore data from an encrypted backup during a restore job

The exception file that is used to restore data must specify the same security algorithm and security key that was used to encrypt the backup. The exception file is the only place where the security algorithm is recorded. If the security key is changed after the backup has run, you must record the original key so that the data can be decrypted and restored.

Note: Exception files that a previous version of CA VM:Backup created can show "?" in the Security Algorithm Name field. The "?" indicates that the algorithm name was not specified, but an encryption key was specified. Either the DES or the RC2 algorithm was assumed, depending on the country where CA VM:Backup was used. If the exception file is being updated, enter the appropriate encryption algorithm name over the "?".

Enter one of the security algorithm names that the following table lists, according to the cryptographic algorithm you prefer. The supported Security Algorithms are RC2, single and triple DES (Data Encryptions Standard), and AES (Advanced Encryption Standard).The AES, DES3, and DES Security Algorithms and Security Keys use the standards of the National Institute of Standards and Technology. The Federal Information Processing Standards Publications (FIPS PUBS) define these standards.

If you specify a Security Algorithm Name, specify a Security Key. If you leave either field blank, CA VM:Backup does not encrypt data during a backup job or cannot decrypt data during a restore job. Type the security key in the Security Key field, according to the Security Algorithm Name you specify.

The security key length depends on which algorithm you have selected. To determine the length of the security key for the security algorithm, refer to the following table:

The DES3 and DES encryption algorithms require that each byte of the security key be of odd parity. Refer to the following matrix for a list of odd parity byte values that DES3 and DES security keys can use:

Example: Create an Exception File

In this example, you create an exception file named EXCEPT2. This file tells CA VM:Backup to back up the following data:

• Only files with the filetype EXEC from the minidisk MARY 0192
• All minidisks belonging to account number 67890, in physical format
• All other minidisks included in the job, according to the job processing options specified in the job template file

Follow these steps:

1. On the Manage Exception/Exclusion Files screen, enter xception/except2 on the command line. CA VM:Backup displays the Work with Exception File EXCEPT2 screen.
2. Type a descriptive comment, then press PF5 (Insert) to add a blank data entry field.
3. Type userid in the Record Type field and mary 192 in the Value field. Type cmslist in the Command column to create an Include List. The following illustration shows a Work with Exception File EXCEPT2 screen with these entries filled in.

   WXCEABC1              Work with Exception File EXCEPT2                VM:Backup
   --------------------------------------------------------------------------------
    Descriptive Comment: Example session exception file
   

    Commands: OPtions, CMslist, CKdlist, FBalist, SFslist, DELlist
   

               Record                        Options
    Command    Type       Value              Modified  Include/Exclude List
    cmslist    userid__   mary 192_________    No      No list is defined.
    
    
    
    
   

   --------------------------------------------------------------------------------
   PF: 1  Help     2  ...      3  End       4  Return    5  Insert    6  Delete
   PF: 7  Backward 8  Forward  9  File     10  ...      11  Print    12  Cursor
   

   ===>
   

4. Press ENTER. CA VM:Backup displays the In/Exclude CMS Files for USERID MARY 0192 screen.
5. To create the Include List, accept the default by leaving the X in the Include field. Type * in the Filename field and exec in the Filetype field. These values specify that CA VM:Backup is to process only the EXEC files on the minidisk MARY 0192. The filled-in In/Exclude CMS Files for USERID MARY 0192 screen is illustrated here:

   IECMABC1      In/Exclude CMS Files for USERID MARY     0192           VM:Backup
   --------------------------------------------------------------------------------
   

     You can delete all existing entries displayed below by entering
     DELete ALL on the command line.
   

      X Include or _ Exclude     Filename   Filetype
                                 *_______   exec____
                                 ________   ________
                                 ________   ________
                                 ________   ________
                                 ________   ________
                                 ________   ________
                                 ________   ________
                                 ________   ________
                                 ________   ________
                                 ________   ________
    
   

   --------------------------------------------------------------------------------
   PF: 1  Help     2  ...      3  End       4  Return    5  Insert    6  Delete
   PF: 7  Backward 8  Forward  9  File     10  ...      11  Print    12  Cursor
   Top of list
   ===>
   

6. Press PF9 (File) to save the Include List. CA VM:Backup displays the Work with Exception File EXCEPT2 screen again.
7. Move the cursor below the entry for MARY 0192 and press PF5 (Insert). A blank data entry line appears.
8. Type account in the Record Type field and 67890 in the Value field. Type options in the Command column. The OPTIONS command lets you define job processing options for this account. The following Work with Exception File EXCEPT2 screen shows these values filled in.

   WXCEABC1              Work with Exception File EXCEPT2                VM:Backup
   --------------------------------------------------------------------------------
   

    Descriptive Comment: example exception file
   

    Commands: OPtions, CMslist, CKdlist, FBalist, SFslist, DELlist
   

               Record                        Options
    Command    Type       Value              Modified  Include/Exclude List
    *          USERID     MARY     0192        No      Include of CMS files
    options    account_   67890____________    No      No list is defined.
    
   

   --------------------------------------------------------------------------------
   PF: 1  Help     2  ...      3  End       4  Return    5  Insert    6  Delete
   PF: 7  Backward 8  Forward  9  File     10  ...      11  Print    12  Cursor
   

   ===>
   

   If user ID MARY is part of account group 67890, MARY's EXEC files will still be the only files that are backed up because the USERID record type precedes ACCOUNT in the list. If MARY was listed under ACCOUNT 67890, the account processing options would take precedence. In this case, MARY's 192 minidisk would be backed up physically with all others in the account.

9. Press ENTER. CA VM:Backup displays the Specify Options for ACCOUNT 67890 screen.
10. Type x next to Physical in the Backup Type field. This choice indicates that CA VM:Backup is to physically back up all minidisks that are owned by account group 67890. The filled-in Specify Options for ACCOUNT 67890 screen follows.

    SOPTABC1           Specify Options for ACCOUNT 67890                  VM:Backup
    --------------------------------------------------------------------------------
    

         (Clear an option's fields to use the setting in the job template)
    

      Backup Options:
        Catalog Detail:             _ File/Track/Block  _ Domain
        Report Detail:              _ File              _ Domain
        Incremental Detail:         _ File/Track/Block  _ Domain
        Backup Type:                _ Logical  _ CMS  _ CMSALLOC  x Physical
        CMS switch to Physical?     _ Yes  _ No    Attempts  _
        Number of Tries for Consistent View of a File Space  _
        Change Detection:      CMS: _ Date _ Hash
                          Physical: _ Hash _ None
        Additional Options (Y/N):   _ Pack _ Quiesce
      Restore Options:              Format:  _ only if files to restore
                                             _ even if no files to restore
      Security Algorithm Name:      ______
      Security Key:                 ________  ________  ________  ________
                                    ________  ________  ________  ________
    --------------------------------------------------------------------------------
    PF: 1  Help     2  ...      3  End       4  Return    5  ...       6  ...
    PF: 7  ...      8  ...      9  File     10  ...      11  Print    12  Cursor
    

    ===>
    

11. Press PF9 (File) to save the processing options. CA VM:Backup returns you to the Work with Exception File EXCEPT2 screen. Press PF9 (File) to save the EXCEPT2 exception file.