We do use TKE, but I don’t think it matters for this conversation. But, correct me if I am wrong. We don’t assign a unique crypto domain per lpar. We have unique domains by environment for TECH, DEV and PROD environments. So the requirement for us is to load keys for each environment only per CPC. All lpars that share the same domain on the same CPC only need to be done on ONE of the systems.
Even with a TKE, we still have to go into the ICSF dialogs and do the SET MK function, again, once per crypto domain, per CPC. If you assign unique domain to every lpar, then yes, you have to logon to each and every lpar. _________________________________________________________________ Dave Jousma Assistant Vice President, Mainframe Engineering [email protected] 1830 East Paris, Grand Rapids, MI 49546 MD RSCB2H p 616.653.8429 f 616.653.2717 -----Original Message----- From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of Knutson, Sam Sent: Friday, January 11, 2013 8:56 AM To: [email protected] Subject: Re: ICSF Master Key Management: TKE verus TSO Panels Yes you have to initialize the keys in each LPAR but using CUT & PASTE in your TN3270 emulator provided you have the keys laid out neatly in your document you are working from this only take a few minutes on each. We have never purchased the TKE due to the added cost and have 10 LPARs to update on an upcoming z196 to zEC12 migration this month and this doesn't really even amount to any significant time in our migration activities. The same process occurs at Disaster Recovery since we recover at IBM BCRS and so between CEC swaps every few years and annual DR exercise it’s a process the z/OS systems programmers are familiar with. Best Regards, Sam Knutson, GEICO System z Team Leader mailto:[email protected] (office) 301.986.3574 (cell) 301.996.1318 GEICO Operating Principles #1 Be the low-cost provider. This e-mail transmission contains information that is confidential and may be privileged. It is intended only for the addressee(s) named above. If you receive this e-mail in error, please do not read, copy or disseminate it in any manner. If you are not the intended recipient, any disclosure, copying, distribution or use of the contents of this information is prohibited. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please erase it from your computer system. Your assistance in correcting this error is appreciated. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
