× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. November 2023

Re: basic data encryption for storage

I believe the "system level" you are talking about is disk level
encryption. Which is basically useful if someone gets your drives and
tries to read the bit images directly from the disk without the benefit of
any OS, etc.
So I do not think that save/restore has anything to do with that. Unless
you configured the remote system to have disk level encryption the data at
rest will be unencrypted. Looks great for passing audits, hey my data at
rest is encrypted. But basically looks unencrypted via DSPPFM, etc. The
data is also encrypted, when using disk level encryption, while passing
through the wires between your system and your SAN storage. Since that's
normally fibre channel on special switches it's not like there's a plethora
of users using wireshark to see that data in motion. IBM clearly states:
<snip>
Disk encryption protects data from a number of different threats:
Protects data transmission to and from the disk drive (important in a SAN
environment).
Protects data transmission in the cross site mirroring environment (only
when the data being mirrored is on an encrypted independent disk pool).
Protects data in the case of theft of the disk drive.
</snip>
https://www.ibm.com/docs/en/i/7.5?topic=management-disk-encryption
So, except for the case of a theft of a disk drive, I'm guessing that the
only use of system level encryption in a shop using internal disk is
justifying more processor power for your system. Well, that, and that
audit checkbox that says my data at rest is encrypted.


On Mon, Nov 13, 2023 at 10:00 AM Mark Villa <iseries.4.me@xxxxxxxxx> wrote:

Hi,
I assume if I save data from one IBM i and restore it to another there is
no issue with reading the restored data.

Are there any options to turn on that encrypts storage by system serial
number or something similar?

I imagine there being two levels of encryptoin,
1) system level - being transparent unless the data is move to another
system
2) application level - where DSPPFM would show only encrypted data, forcing
me to read it with the app / feature / SQL function it was written with.

And do you have any IBM or redbook link on this topic?


--
Thank You,
Mark Villa
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.



As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.