On Fri, 3 Oct 2025 07:25:22 -0500, Steve Estle <[email protected]> wrote:
>[....] What I am looking for is a clear decision tree / matrix to determine if >crypto cards are required or not - I understand they can reduce CPU overhead >but beyond optimized encryption / decryption what are the gating factors that >drive the need for crypto hardware cards (I know they are needed for pervasive >encryption for data at rest), but less clear on when they are absolutely >required for network encryption related purposes. I reviewed the thread and it seems like no one really answered your question: No, crypto cards are not required for TLS. However, they may be required by your POC. For example, if you need to demonstrate the establishment of (e.g.) 20K TLS connections per second (because that's a requirement in production), you will (IMO) need them. (20K is just a number I pulled out of the air.). The faster the machine, the more the system can do without the crypto cards, but at a given amount of capacity, at some point you saturate the system's ability to respond to TLS handshakes in a timely manner. At that point, you turn to the crypto cards for help rather than driving software costs up by purchasing more capacity. Alan Altmark IBM Senior z/VM Engineer and Consultant ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
