SKLM also has a backup function that creates a *.jar data file with all
its certs and settings. I've installed totally new versions of SKLM,
restored a jar file, set the SKLM servers to the old IP address, and the
DS/TS boxes grab their keys without any knowledge of the hardware switch.
So if you can get a new server fast enough after a total failure, such
an install and jar file restore may be faster than my one experience
with the recovery key. Of course you have to have a backup jar file :)
On 3/23/2021 3:38 PM, Baumgarte, Randall wrote:
There is also a recovery key that is used in the event SKLM isn't reachable.
It needed to be setup when encryption was enabled.
-----Original Message-----
From: IBM Mainframe Discussion List <[email protected]> On Behalf Of Ed
Jaffe
Sent: Tuesday, March 23, 2021 1:12 PM
To: [email protected]
Subject: Re: SKLM Servers
This message was sent from an external source outside of Western & Southern's
network. Do not click links or open attachments unless you recognize the sender and
know the contents are safe.
________________________________________________________________________________________________________________________
On 3/23/2021 10:05 AM, Dave Jousma wrote:
DS8K's only *need* to retrieve keys at IML time, but does reach out regularly
for heartbeat, and will phone home if unreachable. Pretty easy to setup, let
me know you need any assist.
We have the Java-based ISKLM running on two z/OS LPARs for our tape.
I assumed ISKLM would not be usable for DASD because of the "catch-22"
situation of needing the DASD to IPL z/OS.
Suppose we had a complete power down of the computer room. Could we still
somehow IPL z/OS from DASD that has not yet contacted its z/OS-based SKLM?
Thanks...
--
Phoenix Software International
Edward E. Jaffe
831 Parkview Drive North
El Segundo, CA 90245
https://www.phoenixsoftware.com/
--------------------------------------------------------------------------------
This e-mail message, including any attachments, appended messages and the
information contained therein, is for the sole use of the intended
recipient(s). If you are not an intended recipient or have otherwise
received this email message in error, any use, dissemination, distribution,
review, storage or copying of this e-mail message and the information
contained therein is strictly prohibited. If you are not an intended
recipient, please contact the sender by reply e-mail and destroy all copies
of this email message and do not otherwise utilize or retain this email
message or any or all of the information contained therein. Although this
email message and any attachments or appended messages are believed to be
free of any virus or other defect that might affect any computer system into
which it is received and opened, it is the responsibility of the recipient
to ensure that it is virus free and no responsibility is accepted by the
sender for any loss or damage arising in any way from its opening or use.
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
