DOCSLIB.ORG

Introducing IBM Z/OS Data Set Encryption

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Introducing IBM Z/OS Data Set Encryption Front cover Getting Started with z/OS Data Set Encryption Bill White Philippe Richard Cecilia Carranza Lewis Romoaldo Santos Eysha Shirrine Powers Isabel Arnold David Rossi Kasper Lindberg Eric Rossman Andy Coulson Jacky Doll Brad Habbershaw Thomas Liu Ryan McCarry Version 7 Redbooks Draft Document for Review January 30, 2021 7:14 pm 8410edno.fm IBM Redbooks Getting Started with z/OS Data Set Encryption December 2020 SG24-8410-01 8410edno.fm Draft Document for Review January 30, 2021 7:14 pm Note: Before using this information and the product it supports, read the information in “Notices” on page ix. Second Edition (December 2020) This edition applies to the required and optional hardware and software components needed for z/OS data set encryption. This document was created or updated on January 30, 2021. © Copyright International Business Machines Corporation 2020. All rights reserved. Note to U.S. Government Users Restricted Rights -- Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. Draft Document for Review April 28, 2021 12:46 pm 8410TOC.fm Contents Notices . ix Trademarks . .x Preface . xi Authors. xi Now you can become a published author, too! . xiii Comments welcome. xiii Stay connected to IBM Redbooks . xiv Chapter 1. Protecting data in today’s IT environment. 1 1.1 Which data . 2 1.1.1 Data at-rest . 2 1.1.2 Data in-use . 2 1.1.3 Data in-flight . 2 1.1.4 Sensitive data . 2 1.2 Why protect data . 3 1.2.1 Accidental exposure . 3 1.2.2 Insider attacks. 3 1.2.3 Data breaches. 3 1.2.4 Regulations . 3 1.3 Standards and regulations overview . 4 1.3.1 PCI Data Security Standards (PCI-DSS) . 4 1.3.2 General Data Protection Regulation (GDPR) . 4 1.3.3 California Consumer Privacy Act (CCPA). 4 1.3.4 The Sarbanes-Oxley Act of 2002 (SOX). 5 1.3.5 ISO/IEC 27001 . 5 1.3.6 Federal Information Security Modernization Act of 2014 (FISMA 2014). 5 1.3.7 Payment Card Industry (PCI) PTS HSM Security Requirements (PCI-HSM) . 5 1.3.8 German Banking Industry Committee (GBIC). 6 1.3.9 Australian Payments Network (Auspaynet). 6 1.3.10 Common Criteria. 6 1.3.11 FIPS PUB 140-3 (Security Requirements for Cryptographic Modules). 6 1.3.12 HIPAA/HITECH. 6 1.3.13 eIDAS (electronic IDentification, Authentication and trust Services). 7 1.4 How to protect data . 7 1.4.1 Defining the perimeter. 7 1.4.2 Methods to protect data . 7 1.4.3 Encryption . 7 1.4.4 Forms of encryption . 7 1.4.5 Cryptographic keys . 8 1.5 IBM Z pervasive encryption. 9 1.5.1 Encrypting above and beyond compliance requirements . 9 1.5.2 Encryption pyramid (data at rest) . 10 1.5.3 Managing the pervasive encryption environment . 11 1.6 Understanding z/OS data set encryption . 12 1.6.1 Challenges and use cases . 14 1.6.2 IBM Z cryptographic system . 15 1.7 How z/OS data set encryption works . 17 1.8 Administrator’s perspective of z/OS data set encryption. 19 © Copyright IBM Corp. 2020. iii 8410TOC.fm Draft Document for Review April 28, 2021 12:46 pm 1.8.1 Security administrator . 20 1.8.2 Storage administrator . 20 1.8.3 Cryptographic administrator . 21 1.8.4 Key manager. 21 Chapter 2. Identifying components and release levels . 23 2.1 Starting a z/OS data set encryption implementation . 24 2.2 Required and optional hardware features . 25 2.2.1 IBM Z platform: Optimized for data set encryption . 25 2.2.2 Central Processor Assist for Cryptographic Function . 26 2.2.3 Crypto Express adapters . 26 2.2.4 Trusted Key Entry workstation . 27 2.2.5 IBM Enterprise Key Management Foundation . 27 2.3 Required and optional software features . 28 2.3.1 IBM z/OS DFSMS . 28 2.3.2 IBM z/OS Integrated Cryptographic Service Facility. 29 2.3.3 IBM System Authorization Facility. 30 2.3.4 IBM Resource Access Control Facility for z/OS . 31 2.3.5 IBM Multi-Factor Authentication for z/OS . 31 2.3.6 IBM Security zSecure Suite . 31 2.3.7 IBM Security QRadar . 32 2.3.8 IBM zBNA and zCP3000. 33 2.4 Cost and performance effect. 33 Chapter 3. Planning for z/OS data set encryption . 35 3.1 Creating an implementation plan . 36 3.1.1 Distinguishing roles and responsibilities . 37 3.2 Data set administration considerations . 38 3.2.1 Supported data set types . 38 3.2.2 Data set compression . ..
Load more

Recommended publications
  • IBM Flashsystem A9000 Product Guide (Version 12.3)
    Front cover IBM FlashSystem A9000 Product Guide (Updated for Version 12.3.2) Bert Dufrasne Stephen Solewin Francesco Anderloni Roger Eriksson Lisa Martinez Product Guide IBM FlashSystem A9000 Product Guide This IBM® Redbooks® Product Guide is an overview of the main characteristics, features, and technologies that are used in IBM FlashSystem® A9000 Models 425 and 25U, with IBM FlashSystem A9000 Software V12.3.2. IBM FlashSystem A9000 storage system uses the IBM FlashCore® technology to help realize higher capacity and improved response times over disk-based systems and other competing flash and solid-state drive (SSD)-based storage. FlashSystem A9000 offers world-class software features that are built with IBM Spectrum™ Accelerate. The extreme performance of IBM FlashCore technology with a grid architecture and comprehensive data reduction creates one powerful solution. Whether you are a service provider who requires highly efficient management or an enterprise that is implementing cloud on a budget, FlashSystem A9000 provides consistent and predictable microsecond response times and the simplicity that you need. As a cloud optimized solution, FlashSystem A9000 suits the requirements of public and private cloud providers who require features, such as inline data deduplication, multi-tenancy, and quality of service. It also uses powerful software-defined storage capabilities from IBM Spectrum Accelerate, such as Hyper-Scale technology, VMware, and storage container integration. FlashSystem A9000 is a modular system that consists of three grid controllers and a flash enclosure. An external view of the Model 425 is shown in Figure 1. Figure 1 IBM FlashSystem A9000 Model 425 © Copyright IBM Corp. 2017, 2018. All rights reserved.
    [Show full text]
  • Faster Oracle Performance with IBM Flashsystem 2 Faster Oracle Performance with IBM Flashsystem
    IBM Systems and Technology Group May 2013 Thought Leadership White Paper Faster Oracle performance with IBM FlashSystem 2 Faster Oracle performance with IBM FlashSystem Executive summary The result is a massive performance gap, felt most painfully This whitepaper discusses methods for improving Oracle® by database servers, which typically carry out far more I/O database performance using flash storage to accelerate the most transactions than other systems. Super fast processors and resource-intensive data that slows performance across the massive amounts of bandwidth are often wasted as storage board. devices take several milliseconds just to access the requested data. To this end, it discusses methods for identifying I/O performance bottlenecks, and it points out components that are the best candidates for migration to a flash storage appliance. An in-depth explanation of flash technology and possible implementations are also included. The problem of I/O wait time Often, additional processing power alone will do little or nothing to improve Oracle performance. This is because the processor, no matter how fast, finds itself constantly waiting on mechanical storage devices for its data. While every other component in the “data chain” moves in terms of computation times and the raw speed of electricity through a circuit, hard drives move mechanically, relying on physical movement around a magnetic platter to access information. In the last 20 years, processor speeds have increased at a Figure 1: Comparing processor and storage performance improvements geometric rate. At the same time, however, conventional storage access times have only improved marginally (see Figure 1). IBM Systems and Technololgy Group 3 When servers wait on storage, users wait on servers.
    [Show full text]
  • IBM DS8880: Hybrid Cloud Integration with Transparent Cloud Tiering
    Accelerate with IBM Storage: IBM DS8880: Hybrid cloud integration with Transparent Cloud Tiering Craig Gordon Consulting I/T Specialist IBM Washington Systems Center [email protected] © Copyright IBM Corporation 2018. Washington Systems Center - Storage Accelerate with IBM Storage Webinars The Free IBM Storage Technical Webinar Series Continues in 2018... Washington Systems Center – Storage experts cover a variety of technical topics. Audience: Clients who have or are considering acquiring IBM Storage solutions. Business Partners and IBMers are also welcome. To automatically receive announcements of upcoming Accelerate with IBM Storage webinars, Clients, Business Partners and IBMers are welcome to send an email request to [email protected]. Located in the Accelerate with IBM Storage Blog: https://www.ibm.com/developerworks/mydeveloperworks/blogs/accelerate/?lang=en Also, check out the WSC YouTube Channel here: https://www.youtube.com/playlist?list=PLSdmGMn4Aud-gKUBCR8K0kscCiF6E6ZYD&disable_polymer=true 2018 Webinars: January 9 – DS8880 Easy Tier January 17 – Start 2018 Fast! What's New for Spectrum Scale V5 and ESS February 8 - VersaStack - Solutions For Fast Deployments February 16 - TS7700 R4.1 Phase 2 GUI with Live Demo February 22 - DS8880 Transparent Cloud Tiering Live Demo March 1 - Spectrum Scale/ESS Application Case Study Register Here: https://ibm2.webex.com/ibm2/onstage/g.php?MTID=e25146b6c1207cb081f4392087fb6f73a March 7 - Spectrum Storage Management, Control, Insights, Foundation; what’s the difference? Register Here: https://ibm2.webex.com/ibm2/onstage/g.php?MTID=e3165dfc6c698c8fcb83132c95ae6dfe7 March 15 - IBM FlashSystem A9000/R and SVC Configuration Best Practices Register Here: https://ibm2.webex.com/ibm2/onstage/g.php?MTID=e87d423c5cccbdefbbb61850d54f70f4b © Copyright IBM Corporation 2018.
    [Show full text]
  • IBM Power® Systems for SAS® Empowers Advanced Analytics Harry Seifert, Laurent Montaron, IBM Corporation
    Paper 4695-2020 IBM Power® Systems for SAS® Empowers Advanced Analytics Harry Seifert, Laurent Montaron, IBM Corporation ABSTRACT For over 40+ years of partnership between IBM and SAS®, clients have been benefiting from the added value brought by IBM’s infrastructure platforms to deploy SAS analytics, and now SAS Viya’s evolution of modern analytics. IBM Power® Systems and IBM Storage empower SAS environments with infrastructure that does not make tradeoffs among performance, cost, and reliability. The unified solution stack, comprising server, storage, and services, reduces the compute time, controls costs, and maximizes resilience of SAS environment with ultra-high bandwidth and highest availability. INTRODUCTION We will explore how to deploy SAS on IBM Power Systems platforms and unleash the full potential of the infrastructure, to reduce deployment risk, maximize flexibility and accelerate insights. We will start by reviewing IBM and SAS’s technology relationship and the current state of SAS products on IBM Power Systems. Then we will look at some of the infrastructure options to deploy SAS 9.4 on IBM Power Systems and IBM Storage, while maximizing resiliency & throughput by leveraging best practices. Next, we will look at SAS Viya, which introduces changes to the underlying infrastructure requirements while remaining able to be deployed alongside a traditional SAS 9.4 operation. We’ll explore the various deployment modes available. Finally, we’ll look at tuning practices and reference materials available for a deeper dive in deploying SAS on IBM platforms. SAS: 40 YEARS OF PARTNERSHIP WITH IBM IBM and SAS have been partners since the founding of SAS.
    [Show full text]
  • Best Practices for IBM DS8000 and IBM Z/OS Hyperswap with IBM Copy Services Manager
    Front cover Best Practices for IBM DS8000 and IBM z/OS HyperSwap with IBM Copy Services Manager Thomas Luther Alexander Warmuth Marcelo Takakura Redbooks IBM Redbooks Best Practices for IBM DS8000 and IBM z/OS HyperSwap with IBM Copy Services Manager May 2019 SG24-8431-00 Note: Before using this information and the product it supports, read the information in “Notices” on page vii. First Edition (May 2019) This edition applies to IBM Copy Services Manager (CSM) V6.2.3 with IBM DS8000 Version 8.5. © Copyright International Business Machines Corporation 2019. All rights reserved. Note to U.S. Government Users Restricted Rights -- Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. Contents Notices . vii Trademarks . viii Preface . ix Authors. ix Now you can become a published author, too! . .x Comments welcome. .x Stay connected to IBM Redbooks . .x Part 1. Introduction and planning . 1 Chapter 1. Introduction. 3 1.1 IBM Copy Services Manager overview . 4 1.2 CSM licenses . 5 1.2.1 CSM licenses for z/OS platforms . 5 1.2.2 CSM licenses for distributed server platforms. 6 1.3 z/OS HyperSwap overview . 7 1.3.1 z/OS HyperSwap: Not so basic anymore . 8 1.3.2 CSM sessions that support HyperSwap . 9 1.3.3 z/OS HyperSwap functions . 9 1.3.4 HyperSwap sequence. 11 1.3.5 Planned and unplanned HyperSwap . 12 1.4 CSM and HyperSwap communication flow . 13 1.5 GDPS Metro solutions. 14 1.6 IBM Resiliency Orchestration and CSM . 15 Chapter 2. IBM Copy Services Manager and IBM z/OS HyperSwap implementation topologies .
    [Show full text]
  • IBM Flashsystem A9000 • Product Overview
    IBM FlashSystem A9000 Version 12.2 Product Overview IBM GC27-8583-07 Note Before using this document and the product it supports, read the information in “Notices” on page 119. Edition notice Publication number: GC27-8583-07. This publication applies to IBM FlashSystem A9000 version 12.2 and to all subsequent releases and modifications until otherwise indicated in a newer publication. © Copyright IBM Corporation 2016, 2018. US Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. Contents Figures ................................... vii Tables .................................... ix About this document .............................. xi Intended audience ................................. xi Document conventions................................ xi Related information and publications ........................... xi IBM Publications Center ............................... xii Sending or posting your comments ........................... xii Getting information, help, and service .......................... xiii Chapter 1. Introduction ............................. 1 Architecture ................................... 2 Flash enclosure ................................. 3 Grid controllers ................................. 4 Back-end interconnect ............................... 4 Logical architecture ................................ 4 Functionality ................................... 5 Specifications ................................... 6 Performance ..................................
    [Show full text]
  • IBM Flashsystem 9100
    IBM FlashSystem Data Sheet IBM FlashSystem 9100 Flexible NVMe storage powered by IBM Spectrum Virtualize and IBM FlashCore Highlights technologies Real-time and AI-based applications are where business is • Accelerate business apps with NVMe and IBM moving—rapidly. In fact, within the next few years, industry FlashCore technologies analysts predict that half of all enterprise IT infrastructure will employ some form of machine learning or AI capabilities • Increase storage cost- to improve enterprise productivity, manage business risks efficiency with compression and drive cost reductions. Also, the majority of Fortune 2000 and deduplication companies will have at least one mission-critical workload • Leverage AI to optimize that leverages real-time big data analytics. For both AI and storage operations and real-time applications, the amount of data that must be efficiency rapidly captured and processed will drive the need for the • Transform IT infrastructure performance of both flash-based storage and solutions with IBM Spectrum 1 Virtualize leveraging NVMe technologies. • Increase ROI with IBM Spectrum Virtualize • Extend a rich set of data services across all your storage systems • Simplify data reuse and protection with multicloud solutions IBM FlashSystem Data Sheet For decades, IBM has offered a range of enterprise class high-performance, ultra-low latency storage solutions.2 Now, IBM FlashSystem 9100 combines the performance of flash and end-to- end NVMe with the reliability and innovation of IBM FlashCore technology and the rich feature set and high availability of IBM Spectrum Virtualize. This powerful new storage platform provides: The option to use IBM FlashCore modules (FCMs) with inline-hardware compression, data protection and innovative flash management features provided by IBM FlashCore technology, or industry-standard NVMe flash drives.
    [Show full text]
  • IBM Flashsystem Storage a Prescription for Epic Requirements
    IBM Systems and Technology Healthcare Technical White Paper IBM FlashSystem storage A prescription for Epic requirements Unique storage challenge Contents In most use cases involving flash storage deployments, the business environment changes, driving a need for higher-performance storage. 1 Unique storage challenge However, the case of Epic Systems Corporation software is the 1 Award-winning Epic software opposite—the storage requirements haven’t changed recently, but the options for addressing them have. 2 World-class IBM FlashSystem storage Epic, a privately-held company founded in 1979 and based in Verona, 3 Epic storage requirements Wisconsin, makes applications for medical groups, hospitals and other 4 Prescription for performance healthcare organizations. Epic software typically exhibits high- 7 IBM FlashSystem storage frequency, random storage accesses with stringent latency meets Epic challenges requirements. IBM has been working with Epic to develop host-side and storage-side solutions to meet these requirements. Extensive 8 For more information testing has demonstrated that the combination of IBM® POWER8™ servers and IBM FlashSystem™ storage more than meets the performance levels Epic recommends for the backend storage supporting its software implementations—at a cost point multiple times lower than other storage alternatives. Award-winning Epic software Epic’s integrated electronic medical record (EMR) software covers all aspects of healthcare operations, including clinical, billing and revenue, in addition to patient record access. Epic software implementations employ two main database technologies. The online transactional processing (OLTP) database runs Caché from InterSystems Corporation as the main OLTP database engine. In addition, Epic applications use analytical databases that run on Microsoft SQL Server or Oracle database software.
    [Show full text]
  • IBM Flashsystem 9200 Product Guide
    Front cover IBM FlashSystem 9200 Product Guide Jon Herd Redpaper IBM FlashSystem 9200 Product Guide This IBM® Redbooks® Product Guide publication describes the IBM FlashSystem® 9200 solution, which is a comprehensive, all-flash, and NVMe-enabled enterprise storage solution that delivers the full capabilities of IBM FlashCore® technology. In addition, it provides a rich set of software-defined storage (SDS) features, including data reduction and de-duplication, dynamic tiering, thin-provisioning, snapshots, cloning, replication, data copy services, and IBM HyperSwap® for high availability (HA). Scale-out and scale-up configurations further enhance capacity and throughput for better availability. The success or failure of businesses often depend on how well they use their data assets for competitive advantage. Deeper insights from data require better information technology. As organizations modernize their IT infrastructure to boost innovation, they need a data storage system that can keep pace with highly virtualized environments, cloud computing, mobile and social systems of engagement, and in-depth and real-time analytics. Making the correct decision about storage investment is critical. Organizations must have enough storage performance and agility to innovate because they must implement cloud-based IT services, deploy a virtual desktop infrastructure (VDI), enhance fraud detection, and use new analytics capabilities. Concurrently, future storage investments must lower IT infrastructure costs while helping organizations derive the greatest possible value from their data assets. IBM FlashSystem storage solutions can accelerate the transformation of modern organizations into an IBM Cognitive Business®. IBM FlashSystem all-flash storage arrays are support the organization's active data sets. IBM FlashSystem solutions offer a broad range of industry-leading storage virtualization and data management features that can provide improved storage system performance, efficiency, and reliability.
    [Show full text]
  • Implementing IBM Flashsystem 900 Model AE3
    Front cover Implementing IBM FlashSystem 900 Model AE3 Detlef Helmbrecht Jim Cioffi Jon Herd Jeffrey Irving Christian Karpp Volker Kiemes Carsten Larsen Adrian Orben Redbooks International Technical Support Organization Implementing IBM FlashSystem 900 Model AE3 March 2018 SG24-8414-00 Note: Before using this information and the product it supports, read the information in “Notices” on page ix. First Edition (March 2018) This edition applies to the IBM FlashSystem 900 Model AE3. © Copyright International Business Machines Corporation 2018. All rights reserved. Note to U.S. Government Users Restricted Rights -- Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. Contents Notices . ix Trademarks . .x Preface . xi Authors. xi Now you can become a published author, too! . xiv Comments welcome. xiv Stay connected to IBM Redbooks . xiv Chapter 1. Introduction to FlashSystem . 1 1.1 FlashSystem storage overview . 3 1.2 IBM FlashCore technology . 4 1.2.1 IBM Piece of Mind Initiative. 5 1.3 Why flash technology matters . 6 1.4 IBM FlashSystem family product differentiation . 7 1.5 Technology and architectural design overview . 8 1.5.1 Hardware-only data path. 9 1.5.2 3DTLC flash memory chips. 10 1.5.3 Flash module capacities . 10 1.5.4 Gateway interface FPGA . 11 1.5.5 Flash controller FPGA. 11 1.5.6 IBM Variable Stripe RAID and 2D Flash RAID overview . 12 1.5.7 Inline hardware data compression . 14 1.5.8 Encryption . 14 1.6 Usability plus reliability, availability, and serviceability enhancements . 16 1.6.1 Automatic battery reconditioning. 16 1.6.2 Remote Support Assistance .
    [Show full text]
  • IBM Flashsystem 7200 | Data Sheet
    IBM Systems Data Sheet IBM FlashSystem 7200 | Data sheet Cost-efficient storage made simple for Highlights hybrid cloud • Deploy enterprise-grade To take advantage of artificial intelligence (AI)-enhanced functionality applications, real-time Big Data analytics, and cloud • Leverage NVMe architectures that require higher levels of system performance in one cost- performance and storage capacity, enterprises around the efficient system globe are rapidly moving to modernize legacy IT infrastructures. But for many organizations, staff resources • Build easy-to-manage, and expertise are not abundant, and cost-efficiency is a top high-performance hybrid cloud environments priority. These organizations have important investments in existing infrastructure that they want to maximize. They need • Extend data services across enterprise-grade solutions that optimize cost-efficiency and more than 500 security while simplifying the pathway to modernization. The heterogeneous systems IBM FlashSystem 7200 is designed specifically for these • Transform data economics requirements and use cases. using sophisticated data reduction Built with IBM Spectrum Virtualize software – part of the IBM • Leverage AI to optimize Spectrum Storage family – IBM FlashSystem 7200 provides storage management and feature-rich, enterprise-grade storage solutions that help streamline issue resolution enterprises effectively support the workloads and • Deploy leading-edge applications that are crucial to their business success. IBM storage solutions with FlashSystem storage arrays can handle massive volumes of confidence using IBM data, enable rapid and flexible cloud services deployments, FlashWatch and deliver the performance needed to gain insights from the • Increase cost-efficiency latest AI and analytics technologies with all-flash or hybrid- with IBM Storage Utility flash solutions.
    [Show full text]
  • IBM System Storage Solutions Handbook
    Front cover IBM System Storage Solutions Handbook Ezgi Coskun Mikael Lindström Maciej Olejniczak Oliver Stark Megan Gilge Redbooks International Technical Support Organization IBM System Storage Solutions Handbook July 2016 SG24-5250-11 Note: Before using this information and the product it supports, read the information in “Notices” on page vii. Eleventh Edition (July 2016) This edition applies to the IBM System Storage products as of April 2016. © Copyright International Business Machines Corporation 1999, 2016. All rights reserved. Note to U.S. Government Users Restricted Rights -- Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. Contents Notices . vii Trademarks . viii IBM Redbooks promotions . ix Preface . xi Authors. xi Now you can become a published author, too! . xiii Comments welcome. xiii Stay connected to IBM Redbooks . xiii Chapter 1. Introduction. 1 1.1 IBM Spectrum family and software defined systems. 2 1.1.1 Introduction to software-defined architecture . 2 1.1.2 Introduction to software-defined storage. 4 1.1.3 SDS reference architecture. 5 1.2 IBM storage systems. 6 1.2.1 IBM SAN Volume Controller and IBM Storwize family . 7 1.2.2 IBM FlashSystem family . 8 1.2.3 IBM DS8880 Storage System . 9 1.2.4 IBM XIV Storage System . 9 1.2.5 IBM Elastic Storage Server. 9 1.2.6 IBM tape storage. 9 1.2.7 IBM storage area network products . 11 1.3 IBM storage services. 12 Chapter 2. IBM Spectrum Storage family . 13 2.1 SDS architecture . 14 2.2 SDS control plane . 15 2.2.1 IBM Spectrum Control.
    [Show full text]