Element or feature: | Cryptographic Services. |
When change was introduced: | General migration action not tied to a specific release. |
Applies to migration from: | z/OS V1R13 and z/OS V1R12. |
Timing: | Before the first IPL of z/OS V2R1. |
Is the migration action required? | Yes, if you currently use OCSF or if new products or functions on your new z/OS system require OCSF to be active. However, if you installed your new z/OS® system with ServerPac or SystemPac, the OCSF installation script has been run and you do not have to perform this migration action for that system. |
Target system hardware requirements: | None. |
Target system software requirements: | None. |
Other system (coexistence or fallback) requirements: | None. |
Restrictions: | None. |
System impacts: | None. |
Related IBM® Health Checker for z/OS check: | None. |
Steps to take: Migrate the OCSF /var directory structure to the target system. If you installed z/OS with CBPDO or by cloning an already-installed z/OS system, you can either copy the/var/ocsf directory from your old system or rerun the installation script. If you installed z/OS with ServerPac, the OCSF installation script has been run and you have no migration actions for that target system (although you still have to migrate the directory structure to any cloned systems, as already described).
If you installed z/OS V1R11 with CBPDO or by cloning an already-installed V1R11 system, you can either copy the /var/ocsf directory from your old system or rerun the installation script. If you installed z/OS V1R11 with ServerPac or SystemPac, the OCSF installation script has been run and you have no migration actions for that target system (although you still have to migrate the directory structure to any cloned systems, as already described).
If you copy /var/ocsf, verify that the OCSF /var directory structure has been migrated to the target system as described in Migrate /etc and /var system control files. The OCSF registry (the /var/ocsf files) contains the directory path names to the code libraries. If the registry files are copied, the CSSM DLL and the add-ins must be in the same location on the target system as on the prior release. The normal locations are /usr/lpp/ocsf/lib for the CSSM and supporting DLLs and /usr/lpp/ocsf/addins for the add-in libraries.
If you copied /var/ocsf, do the following:
If you did not copy /var/ocsf, rerun the installation script:
Whether you reinstalled or migrated, it is strongly recommended that you rerun IVP ocsf_baseivp from the OMVS shell. This IVP verifies that OCSF is installed and configured correctly. To run the IVP:
If you were using other IBM or non-IBM services to supplement the functions in OCSF, such as the Open Cryptographic Enhanced Plug-ins (OCEP) component of base element Integrated Security Services, or the PKI Services component of base element Cryptographic Services, you must ensure that these are migrated or reinstalled.
Reference information: Integrated Security Services Open Cryptographic Enhanced Plug-ins Application Programming.