Once the ICSF Master Keys are entered into the crypto domain after the
first IPL of each system, they'll be there and ready when you IPL your
DR system in the future. If you've changed the keys on the production
side, you have to keep them in sync with the DR box too.
Mark Jacobs
Jesse 1 Robinson <mailto:[email protected]>
October 19, 2016 at 5:22 PM
Thanks to Stuart for pointing me to his doc. ;-)
Radoslaw, you said in one post that the whole thing can be done ahead
of time, but your latest post mentions only LPAR Image profile setup
on HMC. Mike Ward (and Stuart's doc) refer to ICSF, which requires an
OS, that is, IPL. Ours is a push-pull installation. New box cannot
even be cabled up until the old one is brought down. It should not
take long to run ICSF on each LPAR, but I'd prefer to take care of it
in advance if possible. Otherwise it will just have to be part of the
install.
One extra complication. This is our DR machine. There are a few LPARs
that run all the time, but most come up only during DR testing. I take
it we need to bring up DR systems for ICSF master key...
.
.
J.O.Skip Robinson
Southern California Edison Company
Electric Dragon Team Paddler
SHARE MVS Program Co-Manager
323-715-0595 Mobile
626-302-7535 Office
[email protected]
-----Original Message-----
From: IBM Mainframe Discussion List [mailto:[email protected]]
On Behalf Of R.S.
Sent: Wednesday, October 19, 2016 1:12 PM
To: [email protected]
Subject: (External):Re: Implementing ICSF - FOTS1949 PRNG is not seeded
Well,
Customize Activation Profiles, LPAR profile, Crypto tab.
You have to set up some values for two things:
Crypto Domain. Assign one "Control and Usage domain". Unique one.
Use the same domain if CSFPRMxx (or just leave it default).
Assigned Cryptos
Assign all existing CryptoExpress cards as Candidate and Online.
Note: this is simple configuration, one of many possible. Details are
more complex and depend on many factors.
When teaching this I spent few hours on that. :-)
--
Radoslaw Skorupka
Lodz, Poland
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
Please be alert for any emails that may ask you for login information
or directs you to login via a link. If you believe this message is a
phish or aren't sure whether this message is trustworthy, please send
the original message as an attachment to '[email protected]'.
--
Mark Jacobs
Time Customer Service
Global Technology Services
The standard you walk past is the standard you accept.
Lt. Gen. David Morrison
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
