Table of Contents
Advertisement
Cryptographic Online List
3-80
PR/SM Planning Guide
Table 3-7. LPAR & Crypto Assignments (continued)
LPAR & Crypto Use
ACM17 Prod SSL & secure
ACM18 Test SSL & secure
ACM19 Test SSL only
ACM5VM Prod VM
Notes:
1. LPAR ACME0 and ACME1 both use Accelerator cards A00 and A04, however, they use
two different Usage Domains on these cards.
2. LPAR ACME0 and ACME3 both use Usage Domain 0, but they use them on different
accelerator cards, A00/A04 and A01/A07.
3. LPAR ACM17 and ACM18 both use Crypto Coprocessor X05, but they use different
Usage Domains on those cards, so there is no conflict.
4. ACM18 has two Usage Domains assigned, but only one can be used at a time.
Normally, this TEST LPAR will provide SSL and Secure support for the Test environment
using Usage Domain 5 on crypto accelerator cards A00 and A01, and crypto
coprocessor cards X05 and X06. By defining this LPAR with access to Usage Domain 2
it can be a backup LPAR for ACME2. If and when there is a problem with LPAR
ACME2, that operating system can be IPL'd in this LPAR, with the ICSF started task
pointing to UD=2, and it will be able to access the master keys for ACME2, which are
stored in Usage Domain 2 on X02 and X05.
It is very important to make the correct Crypto number assignments in the
Cryptographic Candidate List for each of these logical partitions to avoid
assignment conflicts.
Installation of a Cryptographic Adapter requires the IBM CP Assist for
Crpytographic Functions (CPACF) feature. See the z/OS ICSF Application
Programmer's Guide and the z/OS ICSF System Programmer's Guide for
complete information.
The Cryptographic Online List identifies the Cryptographic numbers that are
automatically brought online during logical partition activation. The
Cryptographic numbers selected in the Online List must also be selected in
the Candidate List.
After partition activation, installed Cryptographic features that are in the
partition Cryptographic Candidate list but not in the Cryptographic Online
List are in a configured off state (Standby). They can be later configured on
to the partition from the Support Element using the Configure On/Off
option in the Crypto Service Operations task list.
When the partition is activated, an error condition is not reported if the
Cryptographic number selected in the Online list is not installed in the
system. The Cryptographic number is ignored and the activation process
continues.
If a Cryptographic number selected in the Online list has been configured
off to the partition, it is automatically configured back on during the next
partition activation.
Usage Domain
Logical Partition
Assignment
Assignment
3
UD=4
A00 & X05
3
4
UD=5, 2
A00 & X02
UD=6
A00
UD=7, 8, 9, 10
A07 & X05
Backup Required?
Specify 2nd
Logical Partition
A01 & X06
A04 & X05
A04
Advertisement
Chapters
Table of Contents
