Steps for refreshing the active CKDS using the ICSF panels

KGUP processing affects keys that are stored on a disk copy of the CKDS. You specify the name of the data set when you submit the KGUP job. For information on specifying the disk copy of the CKDS for KGUP processing, see Steps for specifying data sets using the ICSF panels.

ICSF functions use an in-storage copy of the CKDS. To make the changes caused by the KGUP processing active, you replace the in-storage copy of the CKDS with the disk copy that the KGUP processing changed. You refresh the current copy of the CKDS with the changed disk copy of the CKDS. This procedure should be performed on all systems sharing the updated CKDS to ensure they all utilize the updated CKDS records.

Note: The preferred method for performing a CKDS refresh is to use the coordinated refresh function. See Performing a coordinated refresh in Running in a Sysplex Environment for environment requirements and instructions.
  1. To access the panels to refresh the current CKDS, choose option 4 on the Key Administration panel, as shown in Figure 1.
    Figure 1. Selecting the Refresh Option on the Key Administration Panel
     CSFSAM00 ----------------- ICSF - Key Administration ---------------
     OPTION ===> 4
    
    
        Enter the number of the desired option.
    
        1  Create         - Create key generator control statements
    
        2  Data Set       - Specify data sets for processing
    
        3  Submit         - Invoke Key Generator Utility Program (KGUP)
    
        4  Refresh        - Activate an existing cryptographic key data set
    
    
        Press ENTER to go to the selected option
        Press END   to exit to the previous panel
     

    The Refresh in-storage CKDS panel appears. See Figure 2.

    Figure 2. Refresh In-Storage CKDS
     CSFSAE40 ------------------- ICSF - Refresh in-storage CKDS --------
     COMMAND ===> _
    
       Enter the Cryptographic Key Data Set (CKDS) to be loaded.
    
       Cryptographic Keys ===> TEST.CSFCKDS________________________________
    
    
       Press ENTER to refresh the in-storage copy of CKDS
       Press END   to exit to previous panel
     
  2. Enter the name of the disk copy of the CKDS to replace the current in-storage copy.

    The name of the CKDS that you chose when you specified data sets for KGUP processing on the Specify KGUP Data Sets panel, automatically appears on this panel. If you change the data set name on this panel, the data set name on the Specify KGUP Data Sets panel also changes. Refer to Figure 3 for an example of the Specify KGUP Data Sets panel.

  3. Press ENTER to replace the in-storage copy of the CKDS with the disk copy.

    Applications that are running on ICSF are not disrupted. A message stating that the CKDS was refreshed appears on the right of the top line on the panel.

    If CKDS record authentication is enabled, ICSF performs a MAC verification on the records when reading the CKDS into storage. If a record fails the MAC verification, the record is not loaded into storage. The operator receives a message indicating the key label and type for that record.

  4. Press END to return to the Key Administration Panel.
    Note: If you restart ICSF, the name of the disk copy that you specify in the CKDSN installation option is read into storage.