EKM

Specify the encryption key management primary and secondary host names and the maximum number of concurrent socket connections that are allowed for the communication with the encryption key manager. By default, the primary and the secondary host names for the encryption key manager are set to NONE. Use the MAXCONN keyword to set the maximum number of socket connections that are possible with the encryption key manager. Some of the socket connections can remain open for faster communication. Use the MAXPCONN keyword to set the number of connections that remain open for faster communication. By default, the maximum number of socket connections to the encryption key manager is 255; eight socket connections are permanently connected. However, if the sockets for communication are not needed, the sockets are not opened.

  ADDUSER IOSAS OMVS(UID(xxxx) HOME('/'))
  where xxxx is a unique user id.

PRIMARY=host_name[:port|,PRIPORT=port]|ipv4_address[:port | ,PRIPORT=port]| ipv6_address[,PRIPORT=port]| NONE

Specifies the host name, IPv4 address or IPv6 address and optional port number of the primary key manager. The primary host is used exclusively unless a failure occurs and all attempts to retry fail. In subsequent requests after a failure, the primary host is retried before the use of the secondary host. When a connection to the primary host is established again, normal operation continues.

host_name[:port | ,PRIPORT=port]

The host name of the encryption key manager.

port

The port number of the encryption key manager. The specification of port is mutually exclusive with the PRIPORT keyword. If port is not specified and the PRIPORT keyword is not specified, the default port is 3801.

PRIPORT=port

Specifies the port number for the host name or IP address for the primary key manager. PRIMARY= must be specified for PRIPORT= to be valid.

Default: 3801 (if not specified on the PRIMARY keyword)

ipv4_address[:port | ,PRIPORT=port]

The IP address of the encryption key manager. The IP addresses must be specified as a dotted decimal quad: ddd.ddd.ddd.ddd.

port

The port number of the encryption key manager. The specification of port is mutually exclusive with the PRIPORT keyword. If port is not specified and the PRIPORT keyword is not specified, the default port is 3801.

PRIPORT=port

Specifies the port number for the host name or IP address for the primary key manager. PRIMARY= must be specified for PRIPORT= to be valid.

Default: 3801 (if not specified on the PRIMARY keyword)

ipv6_address[,PRIPORT=port]

The IP address of the encryption key manager in IPv6 format (for example, ::FFFF:127.0.0.1 or 2001:0db8:85a3:08d3:1319:8a2e:0370:7344).

The optional port number for an IPv6 address must be specified with the PRIPORT keyword.

PRIPORT=port

Specifies the port number for the host name or IP address for the primary key manager. PRIMARY= must be specified for PRIPORT= to be valid.

Default: 3801 (if not specified on the PRIMARY keyword)

NONE

No encryption key manager is specified.

Default: None.

SECONDARY=host_name[:port | ,SECPORT=port] | ipv4_address[:port | ,SECPORT=port]| ipv6_address[,SECPORT=port]| NONE

Specifies the host name, IPv4 address, or IPv6 address and optional port number of the secondary key manager.

host_name[:port | ,SECPORT=port]

The host name of the encryption key manager.

port

The port number of the encryption key manager. The specification of port is mutually exclusive with the SECPORT keyword. If port is not specified and the SECPORT keyword is not specified, the default port is 3801.

SECPORT=port

Specifies the port number for the host name or IP address for the primary key manager. SECONDARY= must be specified for SECPORT= to be valid.

Default: 3801 (if not specified on the SECONDARY keyword)

ipv4_address[:port | ,SECPORT=port]

The IP address of the encryption key manager. The IP addresses must be specified as a dotted decimal quad: ddd.ddd.ddd.ddd.

port

The port number of the encryption key manager. The specification of port is mutually exclusive with the SECPORT keyword. If port is not specified and the SECPORT keyword is not specified, the default port is 3801.

SECPORT=port

Specifies the port number for the host name or IP address for the secondary key manager. SECONDARY= must be specified for SECPORT= to be valid.

Default: 3801 (if not specified on the SECONDARY keyword)

ipv6_address[,SECPORT=port]

The IP address of the encryption key manager in IPv6 format (for example, ::FFFF:127.0.0.1 or 2001:0db8:85a3:08d3:1319:8a2e:0370:7344). The optional port number for an IPv6 address must be specified with the SECPORT keyword.

SECPORT=port

Specifies the port number for the host name or IP address for the secondary key manager. SECONDARY= must be specified for SECPORT= to be valid.

Default: 3801 (if not specified on the SECONDARY keyword)

NONE

No encryption key manager is specified.

Default: None.

MAXCONN=ddd

Specifies the maximum number of concurrent socket connections for Encryption Key Management. If high network stress occurs because of the high socket utilization for Encryption Key Management, this number can be lowered.

Value range: 1 to 255

Default: 255

MAXPCONN=ddd

Specifies the maximum number of concurrent socket connections for Encryption Key Management that remain open to prevent the overhead of opening and closing socket communication. This MAXPCONN keyword specifies the number of total connections reserved to be permanent connections.

Value range: 0 to the number specified in MAXCONN

Default: 8

EKM PRIMARY=key.manager.com:3801,SECONDARY=key.manager.com
EKM PRIMARY=127.0.0.1:3801,SECONDARY=127.0.0.1
EKM PRIMARY=127.0.0.1,PRIPORT=3801,
    SECONDARY=127.0.0.1,SECPORT=3801
EKM PRIMARY=::1
EKM PRIMARY=::FFFF:127.0.0.1,PRIPORT=3801
EKM PRIMARY=2001:0db8:85a3:08d3:1319:8a2e:0370:7344, 
    PRIPORT=3801
EKM PRIMARY=NONE,SECONDARY=NONE
EKM MAXCONN=255,MAXPCONN=8