John Chase wrote: >Have any of you implemented SSL over TCPIP (z/OS 1.5 or thereabouts) without >using an ICSF, and obtained any measurements of the additional resources >consumed by computing encryption on "standard" CPU engines?
Yes, but bear in mind there are a lot of variables you'll need to know in order to get a good forecast. Some examples: 1. Protocol(s) (HTTPS, SFTP, TN3270E, etc.) 2. Network load (# of handshakes and megabytes transferred per unit time, basically). 3. SSL/TLS algorithm(s) and key lengths used -- and whether it's "clear key" or not. 4. Model mainframe. 5. Whether or not you have CryptoExpress cards, and which ones. (Not in your case.) 6. Whether you're depending on z/OS-supplied algorithms (i.e. ICSF) or some other set of crypto libraries. 7. Operating system (z/OS, Linux, etc.) 8. Whether there's other encryption going on already -- could the CPACF facilities be saturated? Note that z/OS 1.7 throws another variable into the mix because it has TCP/IP stack-level encryption as something you can use even if the original application doesn't directly support network encryption. The model mainframe matters because CPACF (CP Assist) can give a boost to certain algorithms. The variety of algorithms and the amount of boost will vary according to your mainframe model, with the System z9-109 obviously being king of the hill. You could ask your friendly IBM or business partner representative to run a SIZE390 estimate based on your variables. You can also ask them for some "What if?" analysis (e.g. whether a CryptoExpress card be worthwhile, for example). Hope that helps. - - - - - Timothy F. Sipples Consulting Enterprise Software Architect IBM Americas zSeries/z9 Software Phone: +1 312 529 1612 E-Mail: [EMAIL PROTECTED] ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
