Multiple system access to ISKLM for z/OS
Do we need to specify the EKM parm in IECIOSxx for all systems that will be communicating with the ISKLM server for tape drive access to encrypted tapes?
Yes, but only for in-band key management set-ups is this relevant. In that environment, the SETIOS command needs to be issued on all systems to define the host/port of the ISKLM server. (This is the temporary dynamic equivalent of the permanent IECIOSxx EKM update.)
In other words, it is correct that IECIOSxx needs to be updated on all systems that will require ISKLM services in an in-band key management environment. What this is doing is telling I/O services for each z/OS system where to go looking for encryption keys if required. The keyserver could be on any platform z/OS, Windows, UNIX etc.
For more information on ISKLM and in-band key management, click here for the link to the ISKLM InfoCenter.
More support for:
IBM Security Key Lifecycle Manager for z/OS
Software version: 1.1.0
Operating system(s): z/OS
Software edition: Enterprise
Reference #: 1569958
Modified date: 30 September 2016