W dniu 03.10.2025 o 14:25, Steve Estle pisze:
All,
Am working with financial institution that needs to encrypt traffic across
network pipe using at least AES256 or higher encryption protocol with TLS 1.2
or higher that will lead to an eventual proof of concept involving new Z
replication software that will propagate / replicate change logs for CICS and
DB2. They do not currently have crypto accelerator cards installed in Z
processor(s). They are running ZOS 3.1. What I am looking for is a clear
decision tree / matrix to determine if crypto cards are required or not - I
understand they can reduce CPU overhead but beyond optimized encryption /
decryption what are the gating factors that drive the need for crypto hardware
cards (I know they are needed for pervasive encryption for data at rest), but
less clear on when they are absolutely required for network encryption related
purposes.
You need CPACF, which is free of charge (although it has to be enabled
due to export controls).
Nice to have: CryptoExpress cards (2 at least, for redundancy purposes).
And some guy who explain what is possible and what's ridiculous.
--
Radoslaw Skorupka
Lodz, Poland
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
