I am with Mark on this one. If you want to restrict access, then remove the co-processors from the activation profile on the HMC. Make them offline and not eligible to be brought online.
Rob Schramm Senior Systems Consultant Imperium Group On Thu, Mar 29, 2012 at 6:55 AM, Mark Jacobs <[email protected]> wrote: > I believe the answer to your questions are; > > 1) No. By deactivating the co-processors on one lpar doesn't affect the > other lpars. > 2) Never tried it but my best guess is no. > > The only way to fully and permanently take these crypto co-processors off > line is through the support element on the HMC. > > Mark Jacobs > > > On 03/29/12 04:03, Francis van Zutphen wrote: >> >> Hello fellow ICSF/crypto supporters, >> >> We currently define our co-processor cards(CEX3) to all our 10 lpars. >> We are now in the process of outsourcing 2 lpars ( I will call these lpar >> "A" and "B"). >> >> We do not have Masterkeys defined in the CKDS for Lpar "A" and lpar "B". >> We are also certain that although the co-processors are available (ONLINE >> status), they are not used. >> We want to make sure that they are not used by doing a "deactivate" via >> the TSO "ICSF Coprocessor Management panel" on "A" and "B" >> >> Question: 1. Will the "deactivate" operation on lpar "A"and lpar "B" >> affect the other lpars? >> Question: 2. Will the "deactivate" status remain across IPLs? >> >> At a later stage we will use the support element to remove domain >> definitions for "A"and B" >> >> regards >> >> Francis van Zutphen >> >> >> ---------------------------------------------------------------------- >> For IBM-MAIN subscribe / signoff / archive access instructions, >> send email to [email protected] with the message: INFO IBM-MAIN >> >> > > > > -- > Mark Jacobs > Time Customer Service > Tampa, FL > ---- > > Learn from yesterday, live for today, hope for tomorrow. > The important thing is to not stop questioning. > > - Albert Einstein > > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
