Page 13
The files are encrypted in pages with the symmetrical DES or AES
encryption method. The encryption method can be selected via the
FILECRYPT system parameter and can be changed dynamically. AES is
used by default.
The FREFCRYP system parameter can be used to limit the number of
crypto passwords by only allowing new crypto passwords to be as-
signed for files of a specific ID. Only the crypto passwords of
reference files from this specific ID can be selected for files
on other IDs.
Restrictions: Files on private disks, EAM files, tape files,
job variables and
*1 files on the home pubset under the TSOS ID
*1 cannot be encrypted.
Recommendations: - Connection of two Crypto Boxes, each with two
paths (failure-safety)
- Read buffering with DAB
- Only encryption of selected files, not
complete pubsets.
Important notes:
1. If the crypto password is lost, there is no way of recon-
structing the file via decryption, even with measures em-
ployed by the privileged system administrator or by FSC. In
other words, organizational precautions must be taken for
such a case, e.g. storing the crypto password in a safe
place (key escrowing).
2. In HIPLEX configurations it must be ensured that the
standby system of an application that is to be moved and
has encrypted files, has the necessary resources available,
e.g. an S server with a Crypto Box.
3. In Symmetrix disaster protection configurations with SRDF
mirroring, the encrypted files are also available on the
mirrors, i.e. the encryption is transparent for the known
switch-over scenarios.
2.11 Increasing the size of volumes (disk resizing)
In SPACEOPT V3.0, a new function is provided for adapting the
size of public disks.
The command ADAPT-PUBSET-SPACE can be used in RAID disk subsys-
tems to adapt the size of BS2000 disks to the actual size of the
logical units (LUN) with which they are implemented. Such an ad-
aptation may, for example, be necessary after data migration with
DRV V3.0 from an ECKD disk to a D3435-FBA disk.
With this migration, the source disk and the destination disk
must be the same size. If the LUN is larger than the source disk,
unusable space is left at the end of the disk that can be made
available with the new function.
Disk size increasing can only be used for public disks with D3435
format on Symmetrix and FibreCat.
Please consult the Release Notice SYSFGM.SPACEOPT.030.E for de-
tailed information on the functional scope.