PI57908: NEW ENCRYPTION EXIT TO EXPLOIT THE ICSF CSNBKRR SERVICE FOR IMS.

A fix is available

APAR status

Closed as new function.

Error description

New encryption exit, DECENAA1, to exploit the ICSF CSNBKRR
service for IMS.  The exit driver DECENCDV has also been updated
to handle the PST now being used in DECENAA1.

Local fix

Problem summary

****************************************************************
* USERS AFFECTED: All IBM InfoSphere Guardium Data Encryption  *
*                 for DB2 and IMS Databases Version 1 Release  *
*                 2 users.                                     *
****************************************************************
* PROBLEM DESCRIPTION: New IMS encryption exit, DECENAA1,      *
*                      to exploit the ICSF CSNBKRR service     *
*                      (PI57908)                               *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
New encryption exit, DECENAA1, to exploit the ICSF CSNBKRR
service, for IMS.
The exit driver DECENCDV has also been updated to handle the
PST now being used in DECENAA1.

Problem conclusion

Temporary fix

Comments

1. NOTE: Prior to SMP/E apply, please make a full backup of your
DEC V1.2 SMP/E Environment.  This APAR updates the JCLIN. To
back out or return JCLIN to any previous state, the SMP/E
Environment backup will be needed.  A SMP/E RESTORE does not
back out changes to the JCLIN.
2. After successful SMP/E apply, the Modules DECENAA1 and
DECSSI10 are introduced.  These are IMS exits provided for
performance enhancements.
3. After successful SMP/E apply, the samplib members
DECIMSCB and DECIMSDV are updated.  They now allow link for
DECENAA1, as well as instructional comments on how to use
DECSSI10.  If Customer wishes to use the new DECENAA1 exit,
Customer should execute the updated samplib member, DECIMSCB,
to link the new IMS Module DECENAA1.
4. Customer should note that changes have been made to the
ISPF dialog s SDECPLIB, SDECSLIB and SDECCEXE libraries, to
accommodate using DECENAA1, via the ISPF panel DECPI0.
5. If Customer wishes to use the new DECENAA1 and DECSSI10
Modules, then proceed to step 6., else stop here.
6. After successful linking of the DEC V1.2 DECENBB1 Module,
for this APAR, Customer should do either of the following
actions:
a.  Determine if the IMS EXIT library, for the IMS Subsystem
where DEC V1.2 is used, is in the System Linklist concatenation.
If so, issue the LLA Refresh command on that System LPAR.
This will allow Customer to use the updated code, without need
to Cycle the IMS Subsystem.
b.  If the IMS EXIT library, for the IMS Subsystem where
DEC V1.2 is used, is not in the System Linklist concatenation,
Customer will need to Cycle the IMS Subsystem, in order to
use the updated code.
7. Customer should note the Instructional Comments, in samplib
member DECIMSCB, on how to activate the Exit named DECSSI10.
Customer can choose to perform this activation in either a
Dynamic or Static mode.
NOTE:  The Encryption Tool subsystem interface must be
installed on each z/OS system in the sysplex where DL/I batch
jobs are executed.

Dynamic installation
Install the subsystem by issuing z/OS commands SETPROG and
SETSSI.
With a dynamic installation, you are not required to IPL the
system to activate the subsystem interface.
However, because the subsystem interface persists for the
current IPL only, you must reinstall the subsystem interface
after an IPL.
Procedure
A.    Issue the SETPROG command from the z/OS console to add
the Encryption Tool subsystem module DECSSI10 to LPA:
SETPROG LPA,ADD,MODNAME=DECSSI10,DSNAME=smqhlq.SDECLOAD
where smqhlq.SDECLOAD is the name of your Encryption Tool load
library.
B.    Issue the SETSSI command from the z/OS console to
activate the Encryption Tool subsystem module DECSSI10:
SETSSI ADD,SUB=subname,INITRTN=DECSSI10
where subname is a valid and unique 4-character subsystem
name that you choose. The subsystem name does not need to be
the same across z/OS systems in a sysplex.
Results:
After you issue the SETSSI command, the following message
is displayed:
DEC7000I SSI INITIALIZATION COMPLETE
If you install the Encryption Tool subsystem interface
dynamically, you must issue these commands after each IPL.
For more information about the SETPROG and SETSSI commands,
see z/OS System Commands.

Static installation
Install the subsystem by adding module DECSSI10 to the z/OS
Link Pack Area and adding the subsystem interface definition
to SYS1.PARMLIB subsystem definition member IEFSSNxx.
NOTE: With a static installation, you are required to
immediately IPL the system to activate the subsystem interface.
The subsystem interface persists across all IPLs.
Tip: Install the interface dynamically so that you can use
Encryption Tool without an IPL. Then install the interface
statically so that the subsystem interface is activated after
each IPL.
Procedure
A. Add module DECSSI10 to the z/OS Link Pack Area (LPA).
Either pageable (PLPA) or modifiable LPA can be used.
B. Add the definition for the Encryption Tool subsystem
interface definition to SYS1.PARMLIB subsystem definition
member IEFSSNxx.
You must use the keyword parameter form of the IEFSSNxx PARMLIB
member for the Encryption Tool subsystem interface.
The Encryption Tool subsystem interface uses dynamic SSI
services that are not supported in the positional form of
IEFSSNxx.
The form of the definition control statement is:
SUBSYS SUBNAME(subname) INITRTN(DECSSI10)
where subname is a valid and unique 4-character subsystem
name that you choose. The subname does not need to be the same
across z/OS systems in a sysplex.
For more information about the SUBSYS control statement, see
z/OS Initialization and Tuning Reference.
C. IPL the z/OS system.
After the IPL completes processing, the following message
is displayed:
DEC7000I SSI INITIALIZATION COMPLETE

APAR Information

APAR number
PI57908
Reported component name
DATA ENCRYPTION
Reported component ID
5655P0300
Reported release
120
Status
CLOSED UR1
PE
NoPE
HIPER
NoHIPER
Special Attention
YesSpecatt / New Function / Xsystem
Submitted date
2016-02-23
Closed date
2016-04-20
Last modified date
2016-05-04

APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:

UI37167

Modules/Macros

DECENAA1 DECENCDV DECENC05 DECENC07 DECF0005
DECF0010 DECHI0   DECIMSCB DECIMSDV DECPI0   DECSSI10 H29F120J

Fix information

Fixed component name
DATA ENCRYPTION
Fixed component ID
5655P0300

Applicable component levels

R120 PSY UI37167
UP16/04/26 P F604

Fix is available

Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.

[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"1.2.0","Edition":"","Line of Business":{"code":"","label":""}}]

Document Information

Modified date:
04 May 2016

Tips

PI57908: NEW ENCRYPTION EXIT TO EXPLOIT THE ICSF CSNBKRR SERVICE FOR IMS.

A fix is available

Subscribe

APAR status

Closed as new function.

Error description

Local fix

Problem summary

Problem conclusion

Temporary fix

Comments

APAR Information

APAR number

Reported component name

Reported component ID

Reported release

Status

PE

HIPER

Special Attention

Submitted date

Closed date

Last modified date

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Modules/Macros

Fix information

Fixed component name

Fixed component ID

Applicable component levels

R120 PSY UI37167

Fix is available

Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.

Document Information

Share your feedback

Need support?