Offline IMS/DB2 Encryption

The FLAM Offline IMS/DB2 Encryption Solution is based on the FLAM subsystem and the FKME-ICSF and allows compressing and encrypting offline files (logs, unloads, …) of IMS and DB2 on the host computer. With this, the same key can be applied as that used by the IMS/DB2 encryption Tool (EDITPROC) for encrypting the tablespaces (online files). By the simple integration the protection of the online data can be extended with FLAM to offline data. But one can also just protect backups, logs, dumps, or other external data, or simply just benefit from the runtime savings.

 

Benefits

  • Transparent compression and encryption of data in compliance with various security standards
  • Unloads, logs dumps, traces, and the like can be secured cryptographically with minimal effort the same way as tablespaces are.
  • Shorter runtimes (unload), less disk space, better security with minimal resource consumption
  • No extra effort for key management
 

 

The solution

  • Files are compressed and encrypted by the FLAM® subsystem when written and decrypted and decompressed when read.
  • During reading, just the records requested are returned by our access method and only a small segment of the offline file is decrypted and decompressed.
  • Compression helps cutting the amount of file-I/O which improves speed primarily with the unload process.
  • The FLAM® subsystem can use via ICSF the same key as the IBM encryption tool is using for the table spaces. But it is also possible to protect each file with a different key whereby this key may be a passphrase or a clear, protected, or secure key of the ICSF.
  • Integration is absolutely transparent to the applications (tools) and is done in the DD statement for a file.
 

Our added value

  • A simple started task in the background and inserting the SUBSYS directive into the DD statement compresses and encrypts critical data.
  • Using CPACF and ICSF for encryption minimizes CPU usage and simplifies key management.
  • Extremely efficient compression algorithms that are faster than file I/O cut runtimes.
  • Integration of compression and encryption as a subsystem into z/OS is only possible with FLAM®.

Resolved Issues

0000665: Add function to map condition code in a message to FLUCUP
May 8, 2023
0000295: Element interface for original data
Apr 15, 2023
0000592: Support of round trip conversion and identity conversion as error handling for invalid characters
Apr 15, 2023
0000824: Extend table support for IMS/DB2 unload formats (more than one table format per file)
Apr 15, 2023
0000867: Add column encryption, tokenisation, anonymisation to table support
Apr 15, 2023
0001028: Support 64->31 bit interoperability for 64 bit java application using 31 bit FLAM MVS byte interface
Oct 28, 2022
0000783: Add match of regular expression to string converter
May 4, 2022
0000962: Limit the maximal internal block size to prevent memory exhausting through expansion at decompression
Mar 9, 2022
0000998: Support RACF keyrings for SSH keys
Jan 6, 2022
0001022: Check if XML before decoding in read.xml() to improve performance
Jan 6, 2022