It would have the same IP and hostname. Disk and network is accessible to all CECs . Thanks for checking!
From: Reinhard Buendgen <[email protected]> Sent: Thursday, September 24, 2020 9:53 AM To: Cortes, Marcy D. [PRINCIPAL ENGINEER] <[email protected]> Cc: [email protected] Subject: RE: Encryption again - Question on TKE use to CCA Hm, wouldn't that "same Linux" (I assume you mean to boot the same image on different CECs) have different IP addresses, depending on where you boot it? I am afraid the TKE could be confused if you really used the same IP address on different CECs, but I guess it couldwork and it would "think" you just replaced all adapters (assuming the TKE looks at adapter S/Ns). But if each Linux instance has its own IP address then the TKE should be good at connecting to all of them and doing some work in parallel in particular if you want to configure the same master keys on multiple adapte domains. But to be on the safe side I will check with an TKE expert. Mit freundlichen Grüßen/Best Regards/Cordialement Reinhard ________________________________ Dr. Reinhard Bündgen Product Owner Security Linux on Z Linux on Z Development Mail:[email protected]<mailto:[email protected]> Phone: ++49-(0)7031-16-1130 Fax: ++49-(0)7031-16-3456 IBM Deutschland Research & Development GmbH Vorsitzender des Aufsichtsrats: Matthias Hartmann Geschäftsführung: Dirk Wittkopp Sitz der Gesellschaft: Böblingen Registergericht: Amtsgericht Stuttgart, HRB 243294 ________________________________ ----- Original message ----- From: <[email protected]<mailto:[email protected]>> To: <[email protected]<mailto:[email protected]>> Cc: <[email protected]<mailto:[email protected]>> Subject: [EXTERNAL] RE: Encryption again - Question on TKE use to CCA Date: Thu, Sep 24, 2020 6:32 PM Thank you! One more question, would TKE be totally confused if I used the same linux, moving it CEC to CEC (in an LPAR) to load keys on say 8 boxes? Or would each CEC need to have its own Linux? Marcy From: Reinhard Buendgen <[email protected]<mailto:[email protected]>> Sent: Thursday, September 24, 2020 6:03 AM To: Cortes, Marcy D. [PRINCIPAL ENGINEER] <[email protected]<mailto:[email protected]>> Cc: [email protected]<mailto:[email protected]> Subject: Re: Encryption again - Question on TKE use to CCA Hi Marcy, when using CCA (i.e. the TKE is configured to communicate with panel.exe) no authentication will be perfromed. You need neither enter an ID nor a password just click OK. This is not considered insecure because all the catcher does is to forward signed requests to the crypto adapter. For EP11 (i.e. if the TKE is configured to communicate with the ep11TKEd) it must a Linux user and password configured for the ep11TKEd as described here https://www.ibm.com/support/knowledgecenter/linuxonibm/com.ibm.linux.z.lxce/lxce_installing_hostpart.html (The default setting is to allow any user that has a password configured and is member of the ep11tke group to gain access through the ep11TKEd daemon.) Mit freundlichen Grüßen/Best Regards/Cordialement Reinhard ________________________________ Dr. Reinhard Bündgen Product Owner Security Linux on Z Linux on Z Development Mail:[email protected]<mailto:[email protected]> Phone: ++49-(0)7031-16-1130 Fax: ++49-(0)7031-16-3456 IBM Deutschland Research & Development GmbH Vorsitzender des Aufsichtsrats: Matthias Hartmann Geschäftsführung: Dirk Wittkopp Sitz der Gesellschaft: Böblingen Registergericht: Amtsgericht Stuttgart, HRB 243294 ________________________________ ----- Original message ----- From: Marcy Cortes <[email protected]<mailto:[email protected]>> Sent by: Linux on 390 Port <[email protected]<mailto:[email protected]>> To: [email protected]<mailto:[email protected]> Cc: Subject: [EXTERNAL] Encryption again - Question on TKE use to CCA Date: Thu, Sep 24, 2020 12:11 AM In this doc http://public.dhe.ibm.com/software/dw/linux390/docu/l91xct00.pdf page 13, what are these credentials? Where are they defined? Marcy This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [email protected]<mailto:[email protected]> with the message: INFO LINUX-390 or visit http://www2.marist.edu/htbin/wlvindex?LINUX-390<https://urldefense.proofpoint.com/v2/url?u=http-3A__www2.marist.edu_htbin_wlvindex-3FLINUX-2D390&d=DwMGaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=gDiditHI8xOAKhJe7-PksxYsvTcYalJU5qmCkWE2Yu4&m=m6vCMciw25_oE9VyS2qbo2oXksQjLQaEkA1mNLCjsak&s=XhVny1QsBTbtRVKRY3exqVgAQZM-WdeFUfQMGuHdTRY&e=> ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO LINUX-390 or visit http://www2.marist.edu/htbin/wlvindex?LINUX-390
