I was just asked a question that I'm not sure how to answer..... But here it is.
If java .jar files are really zip/archive files, and opening them requires
some sort of unzip action which is theoretically a decryption process,
would a z/series crypto card speed this sort of thing up for WebSphere running
on Linux for z/Series if such a card were configured? That made me also
wonder... would this also help such things as clam AV scanning of archive files
and zip files?
I don't know enough about the crypto facility to even hazard a guess.
Thanks
-J
Marcy Cortes <[EMAIL PROTECTED]>
Sent by: Linux on 390 Port
<[email protected]>
To
[email protected]
cc
04/26/2007 10:09 AM
Subject
Re: Crypto
CPACF enablement
Please respond to
Linux on 390 Port <[email protected]>
You can do this to see if its being used:
[EMAIL PROTECTED]:~> cat /proc/driver/z90crypt
z90crypt version: 1.3.3
Cryptographic domain: 6
Total device count: 1
PCICA count: 0
PCICC count: 0
PCIXCC MCL2 count: 0
PCIXCC MCL3 count: 0
CEX2C count: 0
CEX2A count: 1
requestq count: 0
pendingq count: 0
Total open handles: 9
Online devices: 1=PCICA 2=PCICC 3=PCIXCC(MCL2) 4=PCIXCC(MCL3) 5=CEX2C
6=CEX2A
0000000000000000 0000000000000000 0060000000000000
0000000000000000
Waiting work element counts
0000000000000000 0000000000000000 0000000000000000
0000000000000000
Per-device successfully completed request counts
00000000 00000000 00000000 00000000 00000000 00000000 00000000
00000000
00000000 00000000 00000000 00000000 00000000 00000000 00000000
00000000
00000000 00000000 00000000 00000000 00000000 00000000 00000000
00000000
00000000 00000000 00000000 00000000 00000000 00000000 00000000
00000000
00000000 00000000 00054CE9 00000000 00000000 00000000 00000000
00000000
00000000 00000000 00000000 00000000 00000000 00000000 00000000
00000000
00000000 00000000 00000000 00000000 00000000 00000000 00000000
00000000
00000000 00000000 00000000 00000000 00000000 00000000 00000000
00000000
[EMAIL PROTECTED]:~>
Marcy Cortes
Enterprise Hosting Services - z/VM and z/Linux
w. (415) 243-6343
c. (415) 517-0895
"This message may contain confidential and/or privileged information.
If you are not the addressee or authorized to receive this for the
addressee, you must not use, copy, disclose, or take any action based on
this message or any information herein. If you have received this
message in error, please advise the sender immediately by reply e-mail
and delete this message. Thank you for your cooperation."
-----Original Message-----
From: Linux on 390 Port [mailto:[EMAIL PROTECTED] On Behalf Of
Thomas Kern
Sent: Thursday, April 26, 2007 8:00 AM
To: [email protected]
Subject: Re: [LINUX-390] Crypto CPACF enablement
Is there a verification program that can be run in a SLES 9/10 guest to
check the functionality of the CPACF / Coprocessor / Accelerator ?
--- [email protected] <[EMAIL PROTECTED]> wrote:
> > Kind of stuck on this one. Had the CE come out and enable the Crypto
> > co-processor CPACF feature code for our z9-104 yesterday, then went
> > to define and use the feature in a Linux LPAR, but it doesn't work.
> > We
> have
> > the libica code installed, but whether it's used or not we get the
> same
> > throughput from the openssl speed tests. I didn't think it took a
> > POR
> to
> > get the feature recognized - is there something I'm missing here?
>
> Enabling the crypto engine really might not help you much. How much
> help you'll get depends a lot on what you're trying to do with it.
>
> There are two components to a SSL transaction: the initial asymmetric
> crypto-ignition process at connection startup, and the ongoing
> symmetric process after the connection is established. Pre z9 BC/EC,
> depending on how you configured the crypto engine (as coprocessor or
> accelerator), you get enhancement of one or the other function. The BC
> and EC models can be configured in such a way to help somewhat with
both tasks.
>
> If a majority of your transactions are short=lived connections, the
> SSL offload for the asymmetric step will help a lot. If you're doing
> long-lived sessions (like tn3270 wrapping), then you won't get a lot
> out of it, except after a network interruption when all the clients
> try to renegotiate keys at once. If you're expecting it to help with
> SSH sessions, it doesn't. Most of that is symmetric, or uses
> algorithms that CPACF doesn't yet know how to accelerate.
>
> (AFAIS, the openssl speed tests don't really do enough connection
> volume to show much of a difference even when the crypto engine is
> known to be working. )
>
> ----------------------------------------------------------------------
> For LINUX-390 subscribe / signoff / archive access instructions, send
> email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or
visit
> http://www.marist.edu/htbin/wlvindex?LINUX-390
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
----------------------------------------------------------------------
For LINUX-390 subscribe / signoff / archive access instructions, send
email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or
visit http://www.marist.edu/htbin/wlvindex?LINUX-390
----------------------------------------------------------------------
For LINUX-390 subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
----------------------------------------------------------------------
For LINUX-390 subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
