ICSF is only required if you want to use the ICSF APIs, so it depends on what, if anything in your shop might be using the APIs. System SSL (TLS) will certainly leverage the APIs if you have Crypto Express cards available and that might provide some CPU relief. The Guardium Database Encryption Tool requires it if you want to encrypt IMS segments or DB2 tables at the row level.
Pervasive is getting a lot of attention and if you're going that route, I would highly recommend that ICSF be active everywhere. You don't want one system writing ciphertext to a file and another system thinking that the file is cleartext. IBM is also recommending that ICSF be 'always up'. They have made a number of changes to the component so that it will come up earlier in the IPL and it should be one of the last tasks running. Given the growth in crypto workload, I take 'always up' to also mean 'running everywhere'. There are simply more things that can leverage ICSF, some optionally and some require it. I'm not sure why DFSMShsm would need ICSF active, unless they were using the Encryption Facility for z/OS with the DFSMSdss feature. Greg Boyd Mainframe Crypto www.mainframecrypto.com On Fri, 18 Jan 2019 18:16:37 +0000, Mary Kay Tubello <mtube...@humana.com> wrote: >Hello all, > >Does anyone know if z/os 2.3 requires ICSF to be installed on each LPAR? > >Thanks, >Mary Kay > >Large Systems Engineering >IT Infrastructure >Humana >123 E. Main St. 40202 (CT6) >502-476-2772 >mtube...@humana.com<mailto:mtube...@humana.com> > > > > >---------------------------------------------------------------------- >For IBM-MAIN subscribe / signoff / archive access instructions, >send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
