ICSF is currently required if you want to use the Unix /dev/random and /dev/urandom devices. These might be required by Unix apps (or jobs/stcs that use z/OS Unix System services).
For exampe: IBM OpenSSH server will not work without ICSF and /dev/random available. On Fri, Jan 18, 2019 at 5:24 PM Greg Boyd <[email protected]> wrote: > ICSF is only required if you want to use the ICSF APIs, so it depends on > what, if anything in your shop might be using the APIs. System SSL (TLS) > will certainly leverage the APIs if you have Crypto Express cards available > and that might provide some CPU relief. The Guardium Database Encryption > Tool requires it if you want to encrypt IMS segments or DB2 tables at the > row level. > > Pervasive is getting a lot of attention and if you're going that route, I > would highly recommend that ICSF be active everywhere. You don't want one > system writing ciphertext to a file and another system thinking that the > file is cleartext. IBM is also recommending that ICSF be 'always up'. > They have made a number of changes to the component so that it will come up > earlier in the IPL and it should be one of the last tasks running. > > Given the growth in crypto workload, I take 'always up' to also mean > 'running everywhere'. There are simply more things that can leverage ICSF, > some optionally and some require it. > > I'm not sure why DFSMShsm would need ICSF active, unless they were using > the Encryption Facility for z/OS with the DFSMSdss feature. > > Greg Boyd > Mainframe Crypto > www.mainframecrypto.com > > > > On Fri, 18 Jan 2019 18:16:37 +0000, Mary Kay Tubello <[email protected]> > wrote: > > >Hello all, > > > >Does anyone know if z/os 2.3 requires ICSF to be installed on each LPAR? > > > >Thanks, > >Mary Kay > > > >Large Systems Engineering > >IT Infrastructure > >Humana > >123 E. Main St. 40202 (CT6) > >502-476-2772 > >[email protected]<mailto:[email protected]> > > > > > > > > > >---------------------------------------------------------------------- > >For IBM-MAIN subscribe / signoff / archive access instructions, > >send email to [email protected] with the message: INFO IBM-MAIN > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
