Creating an encrypted auxiliary storage pool

Use this information to create an encrypted basic auxiliary storage pool (ASP) and add disk units to it.

Important: If you installed option 45 and the system is being recovered from the most recent SAVSYS media, you need to take one of the following actions.

Do an initial program load (IPL) of the system.
Reinstall option 45 before you can create an encrypted ASP.

To create an independent ASP, you must use IBM Navigator for i or the Configure Device ASP (CFGDEVASP) command. For more information, see Configuring independent disk pools.

If you want to have device parity protection for the disks that you are adding, start device parity protection before you create an ASP.
If you do not want to have device parity protection for the disks that you are adding, initialize and format the disk units before you create an ASP.
Plan how you want to add the new disk units to each ASP before you begin this procedure.

To configure an encrypted basic ASP, complete these steps:

If you are creating an encrypted ASP for the first time, install IBM i Option 45 (Encrypted ASP Enablement) by using the GO LICPGM command.
Option 45 needs to be installed only one time.
Start Dedicated Service Tools (DST) or System Service Tools (SST).
Enter your service tools user ID and password.
From the Use Dedicated Service Tools (DST) menu, follow these steps:
1. Select option 4 (Work with disk units).
2. Select option 1 (Work with disk configuration) on the Work with Disk Units display.
3. Select option 3 (Work with ASP configuration) on the Work with Disk Configuration display.
4. Select option 3 (Add units to ASPs) on the Work with ASP Configuration display.
Or from the System Service Tools (SST) menu, follow these steps:
1. Select option 3 (Work with disk units).
2. Select option 2 (Work with disk configuration) on the Work with Disk Units display.
3. Select option 2 (Add units to ASPs) on the Work with ASP Configuration display.

On the 'Add Units to ASP' display, enter 2 (Create encrypted ASPs) to create encrypted ASPs.

                          Add Units to ASPs

Select one of the following:

   1. Create unencrypted ASPs
   2. Create encrypted ASPs
   3. Add units to existing ASPs

On the 'Specify New Encrypted ASPs to Add Units to' display, enter the ASP number to which you want to add disk units.

User ASPs 2 through 32 can be encrypted. You can create multiple encrypted ASPs and add disk units to them.

                       Specify New Encrypted ASPs to Add Units to          

Specify the new ASP to add each unit to.  
All the new ASPs will be encrypted.   

Specify  Serial                                  Resource    
  ASP    Number           Type  Model  Capacity  Name        
    2    21-6C597         4327   050      70564  DD007         
    3    50-128840F       2107   A84      70564  DD004        
         50-128940F       2107   A84      70564  DD005        
         50-128A40F       2107   A85      35165  DD011       
         50-128B40F       2107   A85      35165  DD003      
         68-0C8BA12       6717   050       8589  DD008       
         68-0C9D209       6717   050       8589  DD009       
         68-606E0         6718   050      17548  DD006       
         68-0CDAB10       6718   050      17548  DD010        
         21-05348         4327   050      70564  DD012           
         21-05322         4327   050      70564  DD013        

F3=Exit     F5=Refresh     F11=Display disk configuration capacity  
F12=Cancel

If you require more than one ASP, type an ASP number next to each disk unit that you want to configure.
Number 1 is reserved for the system ASP. You can enter a number from 2 to 32. Numbers 33 to 255 are reserved for independent ASPs.
After you complete all units, press Enter.

The 'Confirm Add Units' display shows what the entire system configuration after you add the units. Verify this configuration against your planned configuration. Press F11 to display the encryption status of the ASP.

                                                           Confirm Add Units   

Add will take several minutes for each unit.  The system will 
have the displayed protection after the unit(s) are added.   

Press Enter to confirm your choice for Add units. 
Press F9=Capacity Information to display the resulting capacity.
Press F10=Confirm Add and Balance data on units.
Press F12=Cancel to return and change your choice.

            Serial                  Resource 
ASP  Unit   Number      Type Model  Name       Protection
  1                                            Unprotected
        1   68-0CDAB35  6718  050   DD001      Unprotected
  2                                            Unprotected  
        3   21-6C597    4327  050   DD007      Unprotected    
  3                                            Unprotected   
        2   50-128840F  2107  A84   DD002      Unprotected

If you are satisfied with the configuration, press the Enter key to add the disk units to the encrypted ASP.
If you want to make changes, press F12 to return to step 8.
Adding disk units can take from several minutes to several hours. During that time, you are shown the Function Status display.
```
                                Function Status   

You selected to add units. 




                                     5 % Complete   
```
The system updates the display periodically.
Note: You can press F16 to return to the Use Dedicated Service Tools (DST) menu if you have other tasks to complete. However, you cannot attempt any disk configuration tasks or end DST until the system finishes adding disk units.
The time that it takes the system to add units depends on the following factors.
- The type, model, and size of each unit that is added.
- The ability of the system to do multiple adds at the same time.
End DST or SST.
If you created the user ASP (encrypted or unencrypted) using SST, you must complete a normal IPL to use integrated file system objects on the ASP. If you used DST to create the encrypted user ASPs, you do not need to do this IPL.