InfoSphere Guardium Data Encryption for DB2 and IMS Databases

Features
System requirements

Sensitive and private data protection for DB2 and IMS systems

IBM® InfoSphere® Guardium® Data Encryption for IBM DB2® and IBM IMS™ Databases provides encryption for DB2 for IBM z/OS® and IMS data systems. It uses IBM System z® cryptographic hardware to protect sensitive data at the DB2 row level and IMS segment level.

InfoSphere Guardium Data Encryption for DB2 and IMS Databases provides:

Advanced data encrypting and decrypting—for data security and privacy, and low overhead.
Interactive System Productivity Facility (ISPF) front-end and exit drivers—for optimizing efficiency, encryption and compression capability.

Advanced data encrypting and decrypting

Provides DB2 edit routines and IMS exit routines using the z/OS Integrated Cryptographic Service Facility to protect sensitive data on storage media.
Uses the Triple Data Encryption Standard, ANSI Data Encryption Algorithm and Advanced Encryption Standard algorithms.
Enables you to safely use storage area networks while complying with international privacy and security regulations.
Provides encryption routines that are transparent to applications accessing the databases, requiring no application changes.
Offers the capability to specify encryption keys.

Interactive System Productivity Facility (ISPF) front-end and exit drivers

Provides an ISPF front end that allows you to create and customize encryption, external compression and exit drivers.
Provides exit drivers to permit compression and encryption at the same exit point to avoid affecting existing compression capability.
Allows faster implementation through standard DB2 and IMS exit routines used during database reload.

InfoSphere Guardium Data Encryption for DB2 and IMS Databases resources

White paper: Information protection solutions with IBM System z (946KB)
Read how an IBM solution protects business-critical information stored on mainframe computers.

White paper: Information Governance: Audit and Protection on the IBM System z Platform (325KB)
Discover why IBM System z is an important platform to include in an information protection program.

Data sheet: IBM InfoSphere Guardium (914KB)
Learn how to manage your entire database security and compliance lifecycle with InfoSphere Guardium.

IBM Software

See what smarter software can do for you

InfoSphere Guardium Data Encryption for DB2 and IMS Databases

Sensitive and private data protection for DB2 and IMS systems

IBM Software Subscription and Support is included in the product price for the first year.

Not available to purchase online. Other ways to purchase or learn more.

Contact IBM

Request a quote
e-mail IBM
Or call us at: 01475 898688
Priority code: 109HF03W

More Less

System requirements

IBM® InfoSphere™ Guardium Data Encryption for DB2® and IMS™ Databases has the following mandatory installation and operation requirements:

The Integrated Cryptographic Service Facility (ICSF), an element of z/OS®, must be active and the ICSF version must support the cryptographic device on the specific platform. ICSF runs on processors that support the Integrated Cryptographic Coprocessor Feature.
Before use of the hardware encryption can occur, the hardware modules must be loaded with at least host DES Master Keys.
ICSF is required to be active for the I/O requests to be passed to the hardware cryptographic modules.

Note: InfoSphere Guardium Data Encryption for DB2 and IMS Databases requires: z/OS V1.10 (5694-A01) or later.

InfoSphere Guardium Data Encryption for DB2 and IMS Databases has the following requirements:

InfoSphere Guardium Data Encryption for DB2 and IMS Databases is supported on any processor capable of operating DB2 V8 or higher and IMS V10 or higher.
To support the z10™ processor encryption technology, Crypto Express3 with CP Assist for Cryptographic Function (CPACF protected key) hardware is required and must be installed.
Crypto Express:

— On the z9® EC and the z10, the Crypto Express2 feature (feature code 0863) is required.

— On the z9 BC, the Crypto Express2 feature (feature code 0863) or the Crypto Express2-1P (feature code 0870) is required.

— At least one of the cryptographic engines must be configured as a coprocessor to provide secure key capability.

— Installation of either Crypto Express2 feature requires that the CP Assist for Cryptographic Functions (CPACF) DES/TDES Enablement feature (feature code 3863) is installed.
On z890 and z990 systems, either a PCIXCC (feature code 0868) or a Crypto Express2 (feature code 0863) provides secure key support. Installation of either of these features requires that the CP Assist for Cryptographic Functions (CPACF) DES/TDES Enablement feature (feature code 3863) is installed.
The Cryptographic Coprocessor Feature (CCF) provides secure key support on z800, z900, and earlier machines (G3, G4, G5, G6, Multiprise 2000, and Multiprise 3000). The CCF hardware modules:

— Must be enabled with configuration data, a feature that is ordered separately.

— Require a processor power-on-reset (POR) to complete data loading into the cryptographic modules.
Because this hardware does not support the clear key APIs, the use of clear keys by InfoSphere Guardium Data Encryption for DB2 and IMS Databases is not supported on the CCF-based machines.

— The PCICC feature (feature code 0861) is an optional secure key device on the z800 and z900 systems.
Additional hardware requirements for clear key data encryption include:

— A z890 or z990 or later server.

— z10 CP Assist for Cryptographic Functions (CPACF) DES/TDES Enablement (feature code 3863).
A secure key device for initializing and using the CKDS.

— On a z890/z990 system, a PCIXCC or the CEX2 is required.

— On a z9 BC system, either a CEX2 or a CEX2-1P is required with at least one engine configured as a coprocessor.

— On a z9 EC or a z10 system, a CEX2 is required with at least one engine configured as a coprocessor.