The z13 (and I think b|ec12s) have CPACF built into each physical CPU, the older machines had CPACF but it was shared between multiple processors.
There is some extra CPU involved when you don't have a cryptoexpress (CEX), but you have to remember that not everything is or can be offloaded to the CEX either. I think the cryptoexpress has 8 processors, but depending on what you are doing SSL-wise you may not see any real measurable improvement over CPACF. If you are going to use CPACF with System SSL or MQ, you have to turn on a feature code, (feature #3863). In reality, some part of the key negotiation will be performed on the General Processor (and CPACF) regardless of CEX availability. Also certain SSLCIPH specs are not supported by the CEX cards (as per https://www.ibm.com/developerworks/community/blogs/c4142f9d-6cf1-44ef-a44a-b09428ad96d1/entry/is_my_ssl_channel_using_hardware_assist?lang=en ). Brian ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
