Maybe contact the Computer History Museum https://computerhistory.org/
. They probably have the resources to ship anything they're
interested in.
Their collection includes IBM hardware that predates any of us having
seen a digital computer. It's been quite a while since I was there,
but
Eric Rossman wrote:
>The CPACF is a physically separate chip that runs in lockstep
>with the CP that invokes it. So, it is does cost general CP but
>much less than implementing it in millicode.
Actually, every processor core includes its own CPACF coprocessor section. In
other words, CPACF is
Timothy,
You forgot to mention the other alternative for using CPACF facilities - direct
application-level HLASM coding. I did that once a long while ago, in the era
before protected clear keys, for encryption of a single field in a huge
business record, security provided by "hiding" the
Thanks Timothy, and thanks to others who helped with my side questions.
On 1/24/2024 2:20 AM, Timothy Sipples wrote:
So Timothy (and probably just for me), I've seen a couple
of sites without crypto HSM cards not bother to run ICSF.
Can I assume in that case there's pretty-much no way any
IBM beat on top and bottom line. Stock is flying. Up $10 a share after hours.
Dying my a$$
Sent from Yahoo Mail for iPhone
On Friday, January 19, 2024, 4:01 PM, Dave Beagle
<0525eaef6620-dmarc-requ...@listserv.ua.edu> wrote:
No wonder IBM stock is hitting another new high today.
Sent
Hi, Sheila.
I cannot help specifically, however, if you do not have the complete error
message I am including it below. The message says the reason for the
failure is noted in the error. You might consider posting the ENTIRE error
message to the group.
IZUR400E The request could not be
> > Peter wrote:
> > > Still I am trying to understand encryption and decryption
> > > load goes to general CP Incase if you don't have CPACF or
> > > ICSF ?
> Phil Smith III wrote:
> > Even with CPACF and ICSF, some/most of the encryption load
> > is on the CPU.
> > They aren't magic. CPACF is
Hello,
I am new to z/osmf. I am getting this error
IZUR400E The request could not be completed. z/OSMF could not connect to the
DDS or Linux data gatherer at UR
Can someone point me in the right direction?
Thanks
Shelia Chalk
Mainframe System Programmer
sch...@ssfcu.org
You will need at least a CPACF to initialise ICSF.
Lennie
-Original Message-
From: IBM Mainframe Discussion List On Behalf Of
Tony Harminc
Sent: 24 January 2024 18:55
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Encryption and decryption - processor or TCPIP
On Wed, 24 Jan 2024 at 12:38,
On Wed, 24 Jan 2024 at 12:38, Phil Smith III wrote:
> Peter wrote:
> >Still I am trying to understand encryption and decryption load goes to
> >general CP Incase if you don't have CPACF or ICSF ?
>
> Even with CPACF and ICSF, some/most of the encryption load is on the CPU.
> They aren't magic.
>> For example, does z⧸OS XL C⧸C++ support packed decimal? Others?
Gil,
Fixed-point (Packed) Decimal Data
z/OS XL C supports fixed-point (packed) decimal as a native data type for use
in business applications. The packed data type is similar to the COBOL data
type COMP-3 or the PL/I
(from another list)
On 1/23/24 14:29:31, Arthur David Olson wrote:
I'm wondering if an implementation [of C] is required to support all the
features of the hardware it is meant for. (If not, implementations on
[non-]power-of-2 word-size two's complement machines might not have some of the
Peter wrote:
>Still I am trying to understand encryption and decryption load goes to
>general CP Incase if you don't have CPACF or ICSF ?
Even with CPACF and ICSF, some/most of the encryption load is on the CPU. They
aren't magic. CPACF is faster, but it's still fundamentally executing Z
Thanks. Needless to say, this is not one of the best documented interfaces.
Your help is valued.
--Bill
Bill Yeager, CTO
Alebra Technologies, Inc.
PO Box 120390
New Brighton, MN 55112
678-232-3270
This e-mail, including attachments, may include confidential and/or proprietary
I think there might be some confusion as to terminology.
CPACF is a hardware engine built into the CEC.
Crypto Express cards are hardware engines purchased to be plugged into the box.
ICSF can use CPACF (which still counts against general CP but is much more
efficient than software crypto),
Hello,
I would like to retrieve the CSDATA stored in my RACF user profile. This is
what I have:
USER=TSGJR
CSDATA INFORMATION
--
FULLNAME John Blythe Reid
You can make each model an entry point in the module, with an ALIAS for each
one when you bind the module.
Jim Mulder
-Original Message-
From: IBM Mainframe Discussion List On Behalf Of
Bill Yeager
Sent: Wednesday, January 24, 2024 10:47 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re:
Eric
Still I am trying to understand encryption and decryption load goes to
general CP Incase if you don't have CPACF or ICSF ?
On Wed, Jan 24, 2024, 6:44 PM Eric D Rossman wrote:
> Responding to a bunch of questions/comments in one reply.
>
> Tom Brennan:
> > I thought I heard that you can
Jim,
Just one more question, if you please...
I'd like to put a bunch of CB mappings in one module if it's possible. The
manual was totally unclear as to whether this is possible and, if so, how to do
it.
Do you know?
Thanks,
Bill
Bill Yeager, CTO
Alebra Technologies, Inc.
PO Box 120390
Peter wrote:
>After implementing ATTLS there is some delay in our CICS transaction but I
>was suspecting if sn absence of crypto processor can overload the general
>processor to cause this delay ?
Define "some delay". Adding AT-TLS means that a TLS handshake is being added to
the communication.
Responding to a bunch of questions/comments in one reply.
Tom Brennan:
> I thought I heard that you can start ICSF without a crypto
> card and it will use CPACF for some of the heavier encryption
> processing (maybe like generating prime numbers) and save
> individual tasks some CP time.
ICSF
No need to apologise; You made me snigger. “Fix it with finance” is what I
often use.
Caveat vendor?
Cheers, Martin
From: IBM Mainframe Discussion List on behalf of
Lennie Dymoke-Bradshaw <032fff1be9b4-dmarc-requ...@listserv.ua.edu>
Date: Wednesday, 24 January 2024 at 13:19
To:
Sorry MaRtin.
L
-Original Message-
From: IBM Mainframe Discussion List On Behalf Of
Lennie Dymoke-Bradshaw
Sent: 24 January 2024 13:09
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Encryption and decryption - processor or TCPIP
Matin said " Easily managed by provisioning enough zIIP."
As
Matin said " Easily managed by provisioning enough zIIP."
As one of my old manager's used to say, "you can solve anything with a pot
of gold".
-Original Message-
From: IBM Mainframe Discussion List On Behalf Of
Martin Packer
Sent: 24 January 2024 12:51
To: IBM-MAIN@LISTSERV.UA.EDU
Jim,
You nailed it with the LISTMAP. Once I had gotten an error with this control
block (earlier), IPCS had set the length to 4 and remembered it. I used
"DROPMAP structure(oprm)" and then rand the CBF again it worked!
Thanks so much.
Bill Yeager, CTO
Alebra Technologies, Inc.
PO
Thanks. Then if I see zIIP for TCP/IP I should tentatively conclude it’s this.
The interesting bit would be if this zIIP usage were large – and pre-empting
Db2 Engine. Easily managed by provisioning enough zIIP.
Cheers, Martin
From: IBM Mainframe Discussion List on behalf of
Lennie
Martin,
As Timothy has pointed out, it is for IPSEC processing that a zIIP is used,
not AT/TLS. I think you are correct that this would show against the TCP/IP
address space. But I think you should confirm that with others. (e.g. Chris
Meyer)
Lennie
-Original Message-
From: IBM
Lennie Dymoke-Bradshaw wrote:
>In the back of my mind I also think that the crypto processing for TCP/IP
>could be performed on a zIIP processor (which could be using its CPACF, of
>course).
IPSec/IKEv2 can exploit zIIPs (and CPACF).
>So Timothy (and probably just for me), I've seen a couple
>of sites without crypto HSM cards not bother to run ICSF.
>Can I assume in that case there's pretty-much no way any
>encryption processing could be using CPACF?
ICSF supports many, many cryptography-dependent features in z/OS. Even many
In the back of my mind I also think that the crypto processing for TCP/IP
could be performed on a zIIP processor (which could be using its CPACF, of
course).
Lennie, or anybody who knows, which address space would show zIIP CPU time
under those circumstances? I’m assuming TCP/IP address
Tom,
It is possible to initialise ICSF without a Crypto Express card. I have done
it. Changes were made to ICSF in support of that initialisation many years
ago. It does require the CPACF. However, this only supports clear keys in
the CKDS. The CKDS formatting is different in some way and cannot
Woah... right now I'm only about 1000 miles from Timothy so I get to see
his responses in real time and not California time :)
So Timothy (and probably just for me), I've seen a couple of sites
without crypto HSM cards not bother to run ICSF. Can I assume in that
case there's pretty-much no
My case was before AT-TLS, when I believe it was up to each application
to handle the encryption themselves, so we saw a big spike and delay in
the SSHD task each time someone logged on. That timing contributed to
my theory about the prime number generation or similar initial
encryption
It would be worth looking at the RMF report on the crypto processing and
seeing if they are running hot.
Does the PAGENT address space a lot of CPU - is it delayed?
The code may execute on your CICS TCB - executing cross memory (via PC) in
the TCPIP address space(s).I don't recall seeing
Peter wrote:
>I have a general question here. When you don't have crypto processor, So
>when a ATTLS traffic is enabled does the encryption and decryption handled
>by Started task TCPIP or the general processor?
I’ve seen some of the follow-up messages, and it seems like you’re trying to
Cheryl,
Thank you for all the knowledge, experience, and guidance over the years. I
appreciate all you've done for the mainframe ecosystem, from the Tuning Letters
to Cheryl's Hot Flashes, the Road Shows and everything in between. I've
learned from your questions here on IBM-MAIN as much as
36 matches
Mail list logo
