W dniu 04.01.2022 o 22:25, Dave Jousma pisze:
On Tue, 4 Jan 2022 21:48:23 +0100, Radoslaw Skorupka <[email protected]>
wrote:
Another question about ICSF:
I vaguely remember that crypto domains had to be unique.
In other words every active LPAR can have unique domain number or
several numbers (which is another story).
Now I just read the domain number may be shared and then CKDS/PKDS
datasets may shared as well.
Assuming we want to share CKDS/PKDS between sysplex member within CPC it
is worth to consider - less master keys to manage.
So, is it true the domains can be shared across LPARs or I misunderstood
documentation?
I'm sure our friend from IBM will chime in, but we just went through this.
More than one lpar can use the same domain, but not the same domain on the same
crypto adapter. We have 4 crypto express cards in each cec. As an example,
In my lesser important lpars that dont have the same crypto load, i have
adapter 0 and 2 on domain 0 for lpar-a, and adapter 1 and 3 on domain 0 on
lpar-b.
If you try to use same domain on same adapter in multiple lpars, you will get a
activation failure.
Thank you for the clarification and excuse me for next question: are you
sure one can have i.e. LPARX using Crypto01 in domain 10 (no other
crypto cards) *and* LPARY using Crypto02 in domain 10 both activated?
As I said my memory is poor, however I vaguely remember such combination
was impossible as well as plain domain & cryptocard sharing - that mean
several LPARs using same domain ID and same card(s).
I know such restriction is, let's say, unreasonable but AFAIR that was
in effect . Unfortunately I cannot simply check it.
Regards
--
Radoslaw Skorupka
Lodz, Poland
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
