Crypto Connect ACSP (CC ACSP)

UKO Crypto Connect ACSP (CC ACSP) is a new enhancement to the CC ACSP product that is build on the heritage and foundation of the Advanced Cryptographic Service Provider (ACSP). It extends CC ACSP’s capabilities by enabling applications to access cryptographic hardware over the network, supporting flexible deployment across various platforms and operating systems. The CC ACSP client supports load balancing across a cluster of CC ACSP servers, helping ensure high availability. If a server becomes unavailable, cryptographic workloads are automatically redirected to remaining servers; and once restored, the client rebalances the load across all servers.

Additionally, CC ACSP allows for the definition of User-Defined Functions (UDFs)—custom code that implements business-specific logic and extends standard CCA/ICSF APIs. This feature supports crypto agility by enabling tailored cryptographic operations within the CC ACSP server.

It acts as a connector or interface, allowing for the decentralization of HSM usage. By setting up a CC ACSP server on a z/OS server where the HSM is located and installing CC ACSP clients where needed, you can manage connections to CC ACSP servers through the Crypto Connect window.

In containerized environments like UKO for Containers, CC ACSP is crucial as containers lack dedicated hardware like Crypto cards. CC ACSP allows multiple containers or microservices to share and access the same HSM, helping ensure efficient cryptographic operations without the need for individual hardware in each container.

CC ACSP is specifically registered and managed under Crypto Connect within IBM's portfolio, making it a key component for optimizing HSM usage across various applications and containerized environments.

For more information, see CC ACSP server.

For information about user roles and privileges, see System roles