Register

Forgot Password

Site FAQ

Home > IT Answers > AS/400 > BRMS Encrypted Restore

dmkuster

20 pts.

BRMS Encrypted Restore

AS/400, BRMS, Encryption, iSeries

Has anyone performed a single library restore from a BRMS encrypted tape on one server to another? Here's my dilemna...I can encrypt fine and restore partition to partition on the same iSeries server. However when I try to restore from a partition on another iSeries server I'm unable to restore. My key on both servers is the same. Any help/suggestions is greatly appreciated.

Software/Hardware used:
iSeries BRMS Encryption

ASKED: December 3, 2010 7:02 PM

UPDATED: December 9, 2010 1:26 PM

RELATED QUESTIONS

Answer Wiki:

I believe your problem would be cause because of different serial numbers of the machines. Even thought you set up your keys the same way on both servers, when the key is built, it uses the serial number. Your key is stored in a a KeyStore area. This is what is used to decrypt. They would be different on each machine. For anyone needing additional information IBM, while working with me, had me create the following data area with the following values: CRTDTAARA DTAARA(QTEMP/QTADECRYPT) TYPE(*CHAR) LEN(62) CHGDTAARA DTAARA(QTEMP/QTADECRYPT (1 10)) VALUE('TAPMLB01') CHGDTAARA DTAARA(QTEMP/QTADECRYPT (11 10)) VALUE('Q1AKEYFILE') CHGDTAARA DTAARA(QTEMP/QTADECRYPT (21 10)) VALUE('QUSRBRM') CHGDTAARA DTAARA(QTEMP/QTADECRYPT (31 32)) VALUE('KEYRECORD') As shown in this example the library is QTEMP but you can also create these in QUSRSYS permanently. When you perform a restore from one server to another with different serial numbers BRMS trys to create this data area. Also you must have media monitor turned off to do the restore. Lastly, of course, you need to have the Q1AKEYFILE and Key Stores setup the same as the source partition. All of these will allow for a successful restore.

For anyone needing additional information IBM, while working with me, had me create the following data area with the following values:
CRTDTAARA DTAARA(QTEMP/QTADECRYPT) TYPE(*CHAR) LEN(62)
CHGDTAARA DTAARA(QTEMP/QTADECRYPT (1 10)) VALUE('TAPMLB01')
CHGDTAARA DTAARA(QTEMP/QTADECRYPT (11 10)) VALUE('Q1AKEYFILE')
CHGDTAARA DTAARA(QTEMP/QTADECRYPT (21 10)) VALUE('QUSRBRM')
CHGDTAARA DTAARA(QTEMP/QTADECRYPT (31 32)) VALUE('KEYRECORD')

As shown in this example the library is QTEMP but you can also create these in QUSRSYS permanently.  When you perform a restore from one server to another with different serial numbers BRMS trys to create this data area.  Also you must have media monitor turned off to do the restore.  Lastly, of course, you need to have the Q1AKEYFILE and Key Stores setup the same as the source partition. All of these will allow for a successful restore.

Last Wiki Answer Submitted: December 9, 2010 1:26 pm by CharlieBrowne

32,855 pts.

All Answer Wiki Contributors: CharlieBrowne

32,855 pts.

To see all answers submitted to the Answer Wiki: View Answer History.

RSS - Discussions Help

Discuss This Question:

_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

POSTED: Dec 9, 2010 11:32 AM (GMT)

Hi everyone,

I think the previous answer might need a little more clarification.
What I think you might need is to export the primary master key from the system you are doing the back up and import it to the system you are making the restore.

The following document might be useful to you (this document mostly from point 7 to 11)

HTH,

Luís

saturno

4,570 pts.

Ask a Question

Browse IT Answers by Topic

>>VIEW ALL TAGS

Community Blog | About Us | Contact Us | FAQ | Terms of Use | DMCA Policy

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organization's IT projects - with its network of technology-specific Web sites, events and magazines.
All Rights Reserved, Copyright 1999-2013, TechTarget | Read our Privacy Policy
Questions and Answers Index 1 | Questions and Answers Index 2 | IT Topics Index 1 | IT Topics Index 2 | Blogs Index | Blogs Tags