Hal,
At least when I did it the other issue (to me) was there were some
sysplex issues that were not clear. Like I said its been a while, but
IIRC the manuals were less than clear and there were also DR issues
that were at best murky due to doc. There were some issues that (to
me) that were a nightmare i.e. who manages the key .
Ed
On Feb 6, 2006, at 1:21 PM, Hal Merritt wrote:
I, too, was once very confused. Now, I am only a little confused ;-)
There is a trick: There are two very different facets. One is ICF
proper. But it is only an API. It does nothing it and of itself except
supply a secure place for you to store your keys and optionally
certificates. It uses (are you ready?) a Master Key. But that's all
the
Master Key is used for.
So, the endpoint of your labor is the message that crypto services are
available. That's it.
You now have one (or two) VSAM clusters that you would treat much like
your RACF databases, and you will have to fret about setting the
Master
Key on any processor you plan to use, be it another LPAR or your DR
site. Keeping in mind that if the keys are lost, so is the data.
Actually using the facility is approached from a completely different
direction. If, for example, you want SSL, then you go to the TCP/IP
manuals. If you want to encrypt data, then you would go to that
application's manuals. For certificates, key rings, and such, off
you go
to RACF.
HTH and good luck.
-----Original Message-----
From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On
Behalf Of Roger Lowe
Sent: Sunday, February 05, 2006 9:29 PM
To: [email protected]
Subject: ICSF for Dummies?
Hi Listers,
Trying to wrap my head around configuring ICSF with CEX2C
(Crytpo
Express 2) on z890. Have rtfm'ed the "ICSF Admin Guide", "ICSF Systems
Programmers Guide" and am still slightly be-fuddled. Crypto is a whole
new
ball-game for me! Has anyone got an ICSF/Crypto for Dummies to
point me
in
the right direction?
Cheers, Roger
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
