jump to navigation

Encrypting an SAP instance on AIX June 16, 2008

Posted by Chris Eaton in SAP.
Tags: , , ,
trackback

I have been working on an evaluation of encryption software to encrypt an SAP instance on DB2 on pseries, AIX and with HACMP. The SAP instance containing an entire companies Human Resources data and they have several hundred thousand employees.

Looking at DB2 native capabilities they are good but require application changes to SAP which is not good from a long term supportability and upgrade point of view. Also DB2 on z/OS has slightly different capabilities from P/AIX.

AIX 6.1 Encrypted File System (EFS) is a strong contender this can transparently encrypted the filesystem but it looks like there is a key management problem in HACMP, when the failover kicks in how does the failover machine obtain the encryption key – currently it looks like this is possible but required very careful configuration, a risk which do not want to accept.

IBM Database Encryption Expert has similar transparent encryption capabilities to AIX EFS but the key management is solved by using a separate administration console which can be on a seperate server or lpar and so this is the final decision.

Advertisements

Comments»

No comments yet — be the first.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: