SWSA distributes the IPSec processing, including cryptography, for a single IPSec Security Association (SA) among systems in a sysplex environment. SWSA also allows workloads with IPSec-protected traffic to use the dynamic virtual IP address (DVIPA) takeover function. You can associate IPSec-protected workloads with DVIPAs that can be recovered by other systems in the case of a failure or planned takeover. IPSec SAs are automatically restarted on another system in the sysplex when a DVIPA takeover occurs.
Support for the Internet Key Exchange version 2 (IKEv2) protocol was provided in z/OS V1R12 Communications Server. The function provided in V1R12 did not include support for SWSA. SAs that were negotiated using the IKEv2 protocol could not be distributed or taken over in a sysplex environment. Starting in z/OS V1R13, SAs protecting IPv4 traffic that is negotiated using the IKEv2 protocol can be distributed and taken over in a sysplex environment.