On Thu, 6 Jan 2022 16:04:59 +0100, Radoslaw Skorupka <r.skoru...@hotmail.com> wrote:
> >Thank you for the clarification and excuse me for next question: are you >sure one can have i.e. LPARX using Crypto01 in domain 10 (no other >crypto cards) *and* LPARY using Crypto02 in domain 10 both activated? >As I said my memory is poor, however I vaguely remember such combination >was impossible as well as plain domain & cryptocard sharing - that mean >several LPARs using same domain ID and same card(s). >I know such restriction is, let's say, unreasonable but AFAIR that was >in effect . Unfortunately I cannot simply check it. > > Yes. We are configured that way today. I think I am saying this correctly, but if you only have one Crypto-express feature (two adapters), then only having 1 active on an lpar could be a single point of failure. I guess having just the one feature is also SPOF too. You have to be careful though, because the MK for the domain is the same on both adapters, so assigning them to two separate lpars means same MK. We share only across like environment lpars, never Test and Prod together. We didnt start out intending on sharing domains, but getting a TKE Key ceremony to load more domains takes an act of God getting all the right people together in the room, and when we implemented GDPS I mis-counted the number of new domains needed. Mark Jacobs talked about what looks like new function I was not aware of. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
