FDRCRYPT & FDRCAMS Introduction
Data Encryption for FDR, ABR and IDCAMS Backups
FDRCRYPT and FDRCAMS encrypt your FDR, ABR and IDCAMS REPRO backups, reducing the risk of data exposure, and protecting the data against unauthorised access by anyone that does not possess the proper encryption keys.
FDRCRYPT and FDRCAMS offer various types of software encryption of varying strength. This allows you to balance the sensitivity of the data with the additional cost in CPU and elapsed time to encrypt that data.
All encryption algorithms are implemented entirely within FDRCRYPT and FDRCAMS and do not depend on any other installed encryption hardware or software. This ensures that the data can be decrypted (by FDRCRYPT or FDRCAMS) at any disaster site.
FDRCRYPT encryption is supported on all full volume, incremental, application and data set backups created by FDR, FDRINC and FDRAPPL.
In addition to the software encryption described above, FDRCRYPT and FDRCAMS support the following hardware encryption and hardware assists:
Utilization of these hardware instructions can significantly reduce the CPU and elapsed time overheads usually associated with encryption.
As well as supporting all backup types created by the FDR DASD Management Family, FDRCRYPT also includes a sub-component called FDRCAMS, a front-end to IBM’s IDCAMS, which allows the encryption and decryption of output sequential data sets created by REPRO. The same encryption algorithms included in FDRCRYPT are also available under FDRCAMS.
With FDRCAMS, sequential copies of your VSAM or IAM files (or PS data sets) can be encrypted prior to shipment to other companies or government agencies. The encrypted data set can be on tape, or on disk for delivery via email or FTP. A free, unlicensed copy of FDRCAMS (called FDRDECRY) can then be downloaded from this website and then installed at the receiving location to allow the encrypted IDCAMS files to be decrypted.
If you are involved in the broader subject of your company’s data security, you may also be interested in FDRERASE, another security-related member of the FDR DASD Management Family.
FDRERASE is an EAL2+ certified product that can quickly erase many z/OS disk volumes in parallel, allowing you to erase your data in the minimum elapsed time.
On average, the ERASE function of FDRERASE can erase approximately 1.5Tb of data (per DASD controller) in 1 hour. Two FDRERASE jobs running against two separate DASD controllers could erase approximately 3Tb in 1 hour.
See the FDRERASE section for more details.
For more introductory information on FDRCRYPT, see the Product Portfolio Sheet
For more technical detail on FDRCRYPT, see the Tech Detail section.
return to top