I misread the thread of conversation. Yeah, what we call a "long burn" (very long MCL apply) can take as much as 15 minutes, so it is very well worth waiting until MCL is fully applied and the cards are back to operational before attempting to IPL.
That said, most of the crypto MCLs are concurrent now (with some exceptions) so this issue doesn't come up as often as it once did. Since ICSF can now get running earlier and most exploiters now do more checking before and after they attempt to use ICSF (to detect when it comes available if it wasn't at first), I hope that fewer folks are seeing issues with ICSF not yet being ready when needed. Eric Rossman --------------------------------- ICSF Security Architect z/OS Security --------------------------------- -----Original Message----- From: IBM Mainframe Discussion List <[email protected]> On Behalf Of Phil Smith III Sent: Monday, April 14, 2025 3:41 PM To: [email protected] Subject: [EXTERNAL] Re: GSK question If I had access to that log, I'd look at it. Long gone, I'm afraid...not my system. And I don't think they'd just IPLed when it went bad, though it's possible. -----Original Message----- From: IBM Mainframe Discussion List <[email protected]> On Behalf Of Jousma, David Sent: Monday, April 14, 2025 3:20 PM To: [email protected] Subject: Re: GSK question Eric, What I cut/pasted were “good” messages. I was only pointing out to Phil where to go look in the TCPIP STC. When the issue occurred years ago, was when ICSF was still on the customer to start, not autostarted by the OS. Our usual MCL procedure, is to have everything installed, and then do a therapeutic POR of the box so that all crypto, and OSA adapter code gets loaded, and any larger IODF changes go in. In fact, we just did this on our bi-annual MCL loads, and the new code for Crytpo took on the order of 5-10 minutes to activate and come online. Since we are a GDPS shop now, we also activate all the lpars(which kicks off the crypto initialization) automatically and then do the LOAD’s from GDPS. This is what we didn’t wait for back then, and the LPAR including TCPIP was up BEFORE the crypto adapters were initialized and caused our problems. Like I said, this may or may not be an issue anymore, but it is still a part of our POR process. Dave Jousma Vice President | Director, Technology Engineering From: IBM Mainframe Discussion List <[email protected]> on behalf of Eric Rossman <[email protected]> Date: Monday, April 14, 2025 at 2:58 PM To: [email protected] <[email protected]> Subject: Re: GSK question "Never!" (says the ICSF Architect). In all seriousness, those messages look good. David, were those the "good" case or the "bad"? If the bad, was ICSF up yet? Eric Rossman --------------------------------- ICSF Security Architect z/OS Security --------------------------------- This e-mail transmission contains information that is confidential and may be privileged. It is intended only for the addressee(s) named above. If you receive this e-mail in error, please do not read, copy or disseminate it in any manner. If you are not the intended recipient, any disclosure, copying, distribution or use of the contents of this information is prohibited. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please erase it from your computer system. Your assistance in correcting this error is appreciated. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
