Previous topic |
Next topic |
Contents |
Index |
Contact z/OS |
Library |
PDF
Performing a single system CKDS refresh z/OS Cryptographic Services ICSF Administrator's Guide SA22-7521-17 |
|
When you initialize a CKDS for the first time, you can copy the disk copy of the CKDS to create other CKDSs for the system. You can use KGUP to add and update any of the disk copies on your system. You can use the dynamic CKDS update callable services to add or update the disk copy of the current in-storage CKDS. For information about using KGUP, see Managing Cryptographic Keys Using the Key Generator Utility Program. For information on using the dynamic CKDS callable services, refer to the z/OS Cryptographic Services ICSF Application Programmer’s Guide. Note:
If you are running in a sysplex environment
with multiple ICSF instances sharing the same active CKDS, you may
be able to perform a coordinated CKDS refresh. The coordinated CKDS
refresh operation simplifies CKDS administration by allowing a refresh
to be initiated from a single ICSF instance. The refresh is then carried
out for all ICSF instances in the sysplex sharing the same active
CKDS. To perform a coordinated CKDS refresh, all members of the sysplex
(regardless of their active CKDS) must be at ICSF FMID HCR7790 or
later. If your sysplex meets this requirement, refer to Performing a coordinated CKDS refresh for more information. You can refresh the in-storage CKDS with an updated or different disk copy of the CKDS by using these steps. You can refresh the CKDS at any time without disrupting cryptographic functions. Note:
Prior to refreshing a CKDS, consider temporarily disallowing
dynamic CKDS update services. For more information, refer to Steps for disallowing dynamic CKDS updates during CKDS administration
updates.
Note:
You can use either a KGUP panel or a utility program,
instead of the CKDS panel, to refresh the CKDS. For information about
these other methods, see Refreshing the In-Storage CKDS. |
Copyright IBM Corporation 1990, 2014
|