We do use TKE, but I don’t think it matters for this conversation.  But, 
correct me if I am wrong.   We don’t assign a unique crypto domain per lpar.   
We have unique domains by environment for TECH, DEV and PROD environments.  So 
the requirement for us is to load keys for each environment only per CPC.  All 
lpars that share the same domain on the same CPC only need to be done on ONE of 
the systems.

Even with a TKE, we still have to go into the ICSF dialogs and do the SET MK 
function, again, once per crypto domain, per CPC.

If you assign unique domain to every lpar, then yes, you have to logon to each 
and every lpar.
_________________________________________________________________
Dave Jousma
Assistant Vice President, Mainframe Engineering
[email protected]
1830 East Paris, Grand Rapids, MI  49546 MD RSCB2H
p 616.653.8429
f 616.653.2717


-----Original Message-----
From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf 
Of Knutson, Sam
Sent: Friday, January 11, 2013 8:56 AM
To: [email protected]
Subject: Re: ICSF Master Key Management: TKE verus TSO Panels

Yes you have to initialize the keys in each LPAR but using CUT & PASTE in your 
TN3270 emulator provided you have the keys laid out neatly in your document you 
are working from this only take a few minutes on each.  We have never purchased 
the TKE due to the added cost and have 10 LPARs to update on an upcoming z196 
to zEC12 migration this month and this doesn't really even amount to any 
significant time in our migration activities.  The same process occurs at 
Disaster Recovery since we recover at IBM BCRS and so between CEC swaps every 
few years and annual DR exercise it’s a process the z/OS systems programmers 
are familiar with.

        Best Regards, 

                Sam Knutson, GEICO
                System z Team Leader
                mailto:[email protected]
                (office)  301.986.3574
                (cell) 301.996.1318  
            
GEICO Operating Principles #1 Be the low-cost provider.

This e-mail transmission contains information that is confidential and may be 
privileged.   It is intended only for the addressee(s) named above. If you 
receive this e-mail in error, please do not read, copy or disseminate it in any 
manner. If you are not the intended recipient, any disclosure, copying, 
distribution or use of the contents of this information is prohibited. Please 
reply to the message immediately by informing the sender that the message was 
misdirected. After replying, please erase it from your computer system. Your 
assistance in correcting this error is appreciated.


----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN

Reply via email to