Like the PKDS and TKDS, ICSF manages a mirror copy of the CKDS data set in protected, private virtual storage to optimize cryptographic workload access to symmetric keys in the normal course of workload operation. This copy is kept current as keys are dynamically added to, and removed from, the active CKDS key store. Like any set of control information maintained in virtual storage, the in-storage CKDS copy must be accommodated with sufficient system central storage and auxiliary paging space resources.
Installations need to understand and plan for the system resources required for managing the CKDS copy in virtual storage, particularly when the installation is deploying a very large CKDS. Note that “very large” is a relative assessment depending upon the installation, and could be expressed, for example, in terms of tens or hundreds of thousands of symmetric keys in the CKDS, or perhaps even millions of keys.
An in-storage copy of a CKDS that is not experiencing significant dynamic key creation or deletion activity consumes a stable amount of virtual storage, and therefore a stable amount of system backing resource. Certain occasional but unavoidable ICSF functions such as CKDS refresh do, however, generate a significant spike in the amount of utilized virtual storage, and therefore a greater temporary demand for system resources backing that virtual storage.
Given these circumstances, it’s important to calculate and plan for the system central storage and auxiliary paging space required to support an active in-storage copy. For a CKDS shared across a sysplex environment, every active ICSF in the sysplex will have an equivalent resource requirement.
HI-A-RBA x ( ( 100 - %Free Space ) / 100 ) x 6
481,787,904 x ( ( 100 - 16 ) / 100 ) x 6 = 2,428,211,036.16 bytes
This CKDS VSAM data set will require 2.26 Gigabytes of combined central storage and auxiliary paging space for system backing resource.
As is the case with all virtual storage usage, central storage is the preferred medium to optimize the workload performance, and to avoid system paging overhead. Note that excessive system paging due to any virtual storage usage can cause degradation across the workload and system operation, and an extreme shortage of central storage and auxiliary paging space can lead to a catastrophic system failure.