Frank,
You did your job by entering same master keys. Now, different domain are
"compatible" - then can share CKDS/PKDS.
You wanted to share domain, which is impossible (and that's good IMHO).
Of course there another story behind,: should one share crypto between
prod and dev?
We just answered how it's possible, not is it recommended.
Regards
--
Radoslaw Skorupka
Lodz, Poland
W dniu 2018-09-28 o 20:34, Frank Swarbrick pisze:
Let me explain a bit more what I was trying to ask. We have 3 LPARs (production,
dev/test, sandbox) on the same CPC. Sandbox up to this point did not have master keys
loaded. We quickly needed to load some, so I recommended we use the same keys as
dev/test. I had hoped that we could have Sandbox use the same crypto domain as dev/test;
thus the question. I ended up just loading the same keys, rather than attempting to
"share" the same domain. But I still wondered if the latter could be done. It
sounds like you are saying no.
________________________________
From: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> on behalf of R.S.
<r.skoru...@bremultibank.com.pl>
Sent: Friday, September 28, 2018 8:43 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: ICSF crypto domain sharing
W dniu 2018-09-28 o 12:54, Jousma, David pisze:
Yes, they can be shared. Our PROD lpars are all on the same domain.
IMHO no, domains cannot be shared.
Maybe your prod LPARs reside on different CPC each?
Some remarks:
1. Single LPAR can have more than one domain, but z/OS ICSF can use only
one at a time. However you can change domain number in PARMLIB and
recycle ICSF.
2. Domain number cannot be assigned to more than one active LPAR.
Deactivated LPARs could share domain id.
3. In the old days it was possible to have i.e. 40 LPARs and number of
domains was 16. In that case More crypto engines were needed, for
example Crypto 1 and 3 were assigned to LPARs 01-0F, Crypto engines 2
and 4 were assigned to LPARs 10-1F and remaining LPARs had no access to
Crypto engines (CPACF is not affected). In that case LPAR 01 and LPAR 11
may have Domain Id 2 assigned, but on separated Crypto engines.
4. It is impossible to have i.e. Domain 12 on Crypto1 and Domain 07 on
Crypto2 at a time.
5. It is also possible to have the same master keys on different domains
(and even different CPCs) - in that case, CKDS/PKDS can be shared/copied
between that systems.
--
Radoslaw Skorupka
Lodz, Poland
======================================================================
Jeśli nie jesteś adresatem tej wiadomości:
- powiadom nas o tym w mailu zwrotnym (dziękujemy!),
- usuń trwale tę wiadomość (i wszystkie kopie, które wydrukowałeś lub zapisałeś
na dysku).
Wiadomość ta może zawierać chronione prawem informacje, które może wykorzystać
tylko adresat.Przypominamy, że każdy, kto rozpowszechnia (kopiuje, rozprowadza)
tę wiadomość lub podejmuje podobne działania, narusza prawo i może podlegać
karze.
mBank S.A. z siedzibą w Warszawie, ul. Senatorska 18, 00-950
Warszawa,www.mBank.pl, e-mail: kont...@mbank.pl. Sąd Rejonowy dla m. st.
Warszawy XII Wydział Gospodarczy Krajowego Rejestru Sądowego, KRS 0000025237,
NIP: 526-021-50-88. Kapitał zakładowy (opłacony w całości) według stanu na
01.01.2018 r. wynosi 169.248.488 złotych.
If you are not the addressee of this message:
- let us know by replying to this e-mail (thank you!),
- delete this message permanently (including all the copies which you have
printed out or saved).
This message may contain legally protected information, which may be used
exclusively by the addressee.Please be reminded that anyone who disseminates
(copies, distributes) this message or takes any similar action, violates the
law and may be penalised.
======================================================================
Jeśli nie jesteś adresatem tej wiadomości:
- powiadom nas o tym w mailu zwrotnym (dziękujemy!),
- usuń trwale tę wiadomość (i wszystkie kopie, które wydrukowałeś lub zapisałeś
na dysku).
Wiadomość ta może zawierać chronione prawem informacje, które może wykorzystać
tylko adresat.Przypominamy, że każdy, kto rozpowszechnia (kopiuje, rozprowadza)
tę wiadomość lub podejmuje podobne działania, narusza prawo i może podlegać
karze.
mBank S.A. z siedzibą w Warszawie, ul. Senatorska 18, 00-950
Warszawa,www.mBank.pl, e-mail: kont...@mbank.pl. Sąd Rejonowy dla m. st.
Warszawy XII Wydział Gospodarczy Krajowego Rejestru Sądowego, KRS 0000025237,
NIP: 526-021-50-88. Kapitał zakładowy (opłacony w całości) według stanu na
01.01.2018 r. wynosi 169.248.488 złotych.
If you are not the addressee of this message:
- let us know by replying to this e-mail (thank you!),
- delete this message permanently (including all the copies which you have
printed out or saved).
This message may contain legally protected information, which may be used
exclusively by the addressee.Please be reminded that anyone who disseminates
(copies, distributes) this message or takes any similar action, violates the
law and may be penalised.
mBank S.A. with its registered office in Warsaw, ul. Senatorska 18, 00-950
Warszawa,www.mBank.pl, e-mail: kont...@mbank.pl. District Court for the Capital
City of Warsaw, 12th Commercial Division of the National Court Register, KRS
0000025237, NIP: 526-021-50-88. Fully paid-up share capital amounting to PLN
169,248,488 as at 1 January 2018.
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
