Activate IFS Encryption (ACTIFSENC)

The Activate IFS Encryption (ACTIFSENC) command will activate an *INACTIVE entry in the IFS Encryption Registry.



                   Activate IFS Encryption (ACTIFSENC)                  

                                                                            Type choices, press Enter.  

                                                

IFS identifier . . . . . . . . BANK_DATA       ____________

Save directory(s). . . . . . .  *YES          *YES, *NO                                                    

Screen Example:  ACTIFSENC Command with Sample Values

It is strongly recommended to submit this command to batch.

NOTE: If Powertech Antivirus is installed on the system on which an IFS encryption entry is being activated, a scan will be performed as part of the activation step. Ensure the profile running the activation has an entry in the system directory.

The following users can utilize this command:

  • QSECOFR user profile (unless excluded in the Key Officer settings)
  • A user profile with *SECADM authority (unless excluded in the Key Officer settings)
  • A Key Officer who has a *YES specified for the "Maintain IFS Enc. Registry" authority setting

This command requires that you have *CHANGE authority to the CRVL003 Validation List (*VLDL) object which contains the IFS Encryption Registry.

IMPORTANT: Before using the ACTIFSENC command to encrypt production data, do the following steps:
  1. Make sure you have *ALL authority to the directories and files to encrypt.
  2. Within a test environment, you should have tested ACTIFSENC, and tested your applications thoroughly with encrypted files.
  3. No applications or users should be currently using the directory(s) and files to encrypt.
  4. The ACTIFSENC command will perform a mass encryption of the files in the directory(s) to encrypt. You should allocate enough downtime for the ACTIFSENC to execute. Execution times will vary depending on the processor speed of your system, the number of files in the directory(s), and other activity running on the system at the time. In order to estimate the execution time for ACTIFSENC, you should run the ACTIFSENC command over some test files first.
  5. Check (and double check) the IFS entry settings using the DSPIFSENC command. Especially make sure the source and target directories are correct and that the include sub directories parameter is correct.

The ACTIFSENC command performs the following primary steps:

  1. Optional: Creates a backup of the IFS directory and subdirectories if INCSUBDIR is *YES (containing the files to encrypt) into a Save file named BACKUPxxxxx, where xxxxx is a sequential number from 1 to 99999. This backup file will be placed in the CRYPTO library.
  2. Performs a mass encryption of the current files in the directory, as well as its subdirectories if INCSUBDIR is *YES.
  3. Journaling will be started over the directory and if include subdirectories (INCSUBDIR) is *YES then the subdirectories will be journaled as well.
  4. The status of the IFS entry will be changed to *ACTIVE.

How to get there

From the IFS Encryption Menu, choose option 10. Or, prompt (F4) the command of CRYPTO/ACTIFSENC.

Options

IFS identifier (IFSID)

Enter the IFS identifier to activate.

Save IFS directory(s) and files (SAVDTA)

Indicate if directory(s) (containing the files to encrypt) should be saved (backed up) into a Save File before the activation process begins. It is highly recommended to save the directory(s) and files for error recovery purposes.

The possible values are:

*YES
Save the directory(s) and files into a Save File before activation begins.
NOTE: The created Save File will be named BACKUPxxxxx, where xxxxx is a sequential number from 1 to 99999.

Before using this option, ensure that enough disk space is available for a saved copy of the directory(s) and files.

*NO
Do not save the directory(s) and files before the activation process begins.

 

Related Topics