i5os v6r1 brms ppt

© 2008 IBM Corporation

IBM Power Systems and Business Systems

i5/OS V6R1 BRMS

COMMON

March 19, 2008

IBM Power Systems


BRMS V6R1IBM Systems Director Navigator for i5/OS Interface

BRMS and Data Encryption

Miscellaneous BRMS Enhancements

IBM Power Systems


Graphical User Interface Enhancements for BRMSBrowser support via IBM Systems Director Navigator for i5/OS

IBM Power Systems


Externalize BRMS Media Policy Media Policy access possible using both available graphical interfaces

IBM Power Systems


Externalize Media Policy DetailManage BRMS Media Policies using both available GUI’s

IBM Power Systems


BRMS Software Encryption-1Fully implemented only under BRMS – Advanced (5761BR1 – Option 2)

Use the Cryptographic Services Key Management in GUI– Create key store file Q1AKEYFILE in QUSRBRM with a unique file label

IBM Power Systems


Notes:BRMS now provides you with the ability to encrypt your data to a tape device This encryption solution is hardware independent, meaning no need for any encryption deviceTo use the encryption function, you need to have the BRMS Advanced feature (5761-BR1 Option 2) and Cryptographic Service Provider (5761-SS1 Option 35) installed on the operating system.

Note: i5/OS supports Library Managed Encryption (LME), sometimes also referred to as Transparent Encryption. With LME, the encrypting tape (LTO 4 or 3592 E05) must be in a library such as the 3584, 3577, 3576 or 3573 for encryption to be available. The library and drive work together with the required Encryption Key Manager (EKM) component that is available on the hardware to provide data encryption without any host involvement. Essentially neither i5/OS nor BRMS is aware of encryption/decryption being performend.

This is the best performing solution compared to software encryption (i5/OS and BRMS) on System i, because there is no CPU utilization consumed by this hardware solution. However, feedback from small to medium sized customers indicates the hardware encryption solution is currently cost prohibitive. Thus, V6R1 provides a software-based encryption support for backup under BRMS.

If you have the appropriate master key in the i5/OS directory structure as described in this presentation in your i5/OS partition’s keystore file Q1AKEYFILE in library QUSRBRMS, the basic i5/OS restore commands detect the encryption information on the tape media being restored. Assuming no other object incompatibility or security constraints the restore will complete successfully.

That is, V6R1 BRMS Option 2 and proper creation of the master key are required to encrypt the backup data. Either BRMS or basic i5/OS Restore commands can restore the data.

See the Security presentation for more general information on encryption and coverage of creation and management of the required master key that BRMS uses.

IBM Power Systems


BRMS Software Encryption-2BRMS enabled encryption will be supported for:

– Any tape library – Standalone tape drive– Virtual Tape– Media Duplication

What cannot be encrypted– Operating System – Save Files – Tape labels

How to Encrypt BRMS Media– Valid Keystore file Q1AKEYFILE in QUSRBRM– Media Policy : Encrypt data (*yes) and refer to key

Performance Considerations– Next Foils

IBM Power Systems


Encryption and Performance Save / Restore

Ultrium 3

36 x 70GB 15Krpm

Main Storage 40GB

IBM Power Systems


Encryption and Performance CPU Utilization

Ultrium 3

36 x 70GB 15Krpm

Main Storage 40GB

IBM Power Systems


FlashCopy SupportSupport through the Initialize (INZBRM) command

– Option (*FLASHCOPY)

Initialize command must run before FlashCopy is performed– Make BRMS aware of copy function

No BRMS activity allowed on production system/partition– As long as BRMS is in FlashCopy state

For detailed information and setup guidance– Networking Chapter of BRMS manual SC41-5345-06

IBM Power Systems


Start Virtual IP Address (VIPA) in Restricted State

IBM Power Systems


DVD/Optical Library Support

Optical and Virtual Optical– Support in all Device and Media commands

IBM Power Systems


Multiple Job Common Synchronization PointSave while Active (*YES) in the Backup Control Group Entry

– New values *SYNCLIB, *SYNC, or *NWSSYNC invoke an additional entry– Synchronization Identifier (SYNC ID)– SYNC ID can be a 8 character name

Maximum 32 Save while Active BRMS jobs can use the same SYNC ID– All jobs need to start within the ‘Start Save Wait Time’ timeframe

New command Monitor Save while Active BRM (MONSWABRM)– Manage the Multiple Job Common Synchronization Point activity

– Number of Operations value needs to be correct

IBM Power Systems


Logical/Physical file dependency handling by BRMS

STRRCYBRM OPTION (*ALLUSR) or STRRCYBRM OPTION(*CTLGRP)– BRMS will use a predefined value “Q1ARSTID” for the parameter DFRID– Using this parameter value BRMS will automatically handle data

dependencies– All objects in a set of libraries will be restored, even when the libraries with

dependent objects are restored before the libraries with the objects they depend on

IBM Power Systems


Other important BRMS EnhancementsView and print backup statistics report

– New command PRTRPTBRM– Convenient to monitor backup activities

Save specific objects across many libraries generically– Select from list of libraries by generic (LIB: ABC* + DEF* + ….) name

File or object level backup for guest operating systems – Linux and Windows objects can be individually saved / restored

Save and Restore private authorities at an object level– Through Control Group Entries– Supported also on IFS lists and SAVxxxBRM / RSTxxxBRM commands

Omit *SYSDTA on the SAVSYSBRM command– Shortens backup window. LIC & Library QSYS omitted.

Many other enhancements– Explore BRMS manual SC41-5345-06 and look for change indicators

IBM Power Systems


Trademarks and Disclaimers8 IBM Corporation 1994-2007. All rights reserved.References in this document to IBM products or services do not imply that IBM intends to make them available in every country.Trademarks of International Business Machines Corporation in the United States, other countries, or both can be found on the World Wide Web at http://www.ibm.com/legal/copytrade.shtml.

Adobe, Acrobat, PostScript and all Adobe-based trademarks are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States, other countries, or both.

Intel, Intel logo, Intel Inside, Intel Inside logo, Intel Centrino, Intel Centrino logo, Celeron, Intel Xeon, Intel SpeedStep, Itanium, and Pentium are trademarks or registeredtrademarks of Intel Corporation or its subsidiaries in the United States and other countries.

Linux is a registered trademark of Linus Torvalds in the United States, other countries, or both.Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in the United States, other countries, or both.IT Infrastructure Library is a registered trademark of the Central Computer and Telecommunications Agency which is now part of the Office of Government Commerce.ITIL is a registered trademark, and a registered community trademark of the Office of Government Commerce, and is registered in the U.S. Patent and Trademark Office.UNIX is a registered trademark of The Open Group in the United States and other countries.Cell Broadband Engine and Cell/B.E. are trademarks of Sony Computer Entertainment, Inc., in the United States, other countries, or both and are used under license

therefrom.Java and all Java-based trademarks are trademarks of Sun Microsystems, Inc. in the United States, other countries, or both.Other company, product, or service names may be trademarks or service marks of others.

Information is provided "AS IS" without warranty of any kind.

The customer examples described are presented as illustrations of how those customers have used IBM products and the results they may have achieved. Actual environmental costs and performance characteristics may vary by customer.

Information concerning non-IBM products was obtained from a supplier of these products, published announcement material, or other publicly available sources and does not constitute an endorsement of such products by IBM. Sources for non-IBM list prices and performance numbers are taken from publicly available information, including vendor announcements and vendor worldwide homepages. IBM has not tested these products and cannot confirm the accuracy of performance, capability, or any other claims related to non-IBM products. Questions on the capability of non-IBM products should be addressed to the supplier of those products.

All statements regarding IBM future direction and intent are subject to change or withdrawal without notice, and represent goals and objectives only.

Some information addresses anticipated future capabilities. Such information is not intended as a definitive statement of a commitment to specific levels of performance, function or delivery schedules with respect to any future products. Such commitments are only made in IBM product announcements. The information is presented here to communicate IBM's current investment and development activities as a good faith effort to help with our customers' future planning.

Performance is based on measurements and projections using standard IBM benchmarks in a controlled environment. The actual throughput or performance that any user will experience will vary depending upon considerations such as the amount of multiprogramming in the user's job stream, the I/O configuration, the storage configuration, and the workload processed. Therefore, no assurance can be given that an individual user will achieve throughput or performance improvements equivalent to the ratios stated here.

Prices are suggested U.S. list prices and are subject to change without notice. Contact your IBM representative or Business Partner for the most current pricing in your geography.

http://www.ibm.com/legal/copytrade.shtml

i5os v6r1 brms ppt

Documents