Multiple system access to ISKLM for z/OS

Technote (FAQ)


Question

Do we need to specify the EKM parm in IECIOSxx for all systems that will be communicating with the ISKLM server for tape drive access to encrypted tapes?

Answer

Yes, but only for in-band key management set-ups is this relevant. In that environment, the SETIOS command needs to be issued on all systems to define the host/port of the ISKLM server. (This is the temporary dynamic equivalent of the permanent IECIOSxx EKM update.)

In other words, it is correct that IECIOSxx needs to be updated on all systems that will require ISKLM services in an in-band key management environment. What this is doing is telling I/O services for each z/OS system where to go looking for encryption keys if required. The keyserver could be on any platform z/OS, Windows, UNIX etc.

For more information on ISKLM and in-band key management, click here for the link to the ISKLM InfoCenter.

Rate this page:

(0 users)Average rating

Document information


More support for:

IBM Security Key Lifecycle Manager for z/OS

Software version:

1.1.0

Operating system(s):

z/OS

Software edition:

Enterprise

Reference #:

1569958

Modified date:

2014-09-23

Translate my page

Machine Translation

Content navigation