Previous topic |
Next topic |
Contents |
Index |
Contact z/OS |
Library |
PDF
Steps for disallowing dynamic CKDS updates during CKDS administration updates z/OS Cryptographic Services ICSF Administrator's Guide SA22-7521-17 |
|
ICSF prioritizes changes to the CKDS sequentially, regardless of the source. A KGUP job does not have priority over application calls to the dynamic CKDS update services. Exclusive use of the CKDS by any one application call is minimal, however. For this reason, ICSF allows for a maximum concurrent usage of the CKDS by both KGUP and the dynamic update services. When you perform any function that affects the current CKDS (such as reenciphering, refreshing, or changing the master key), you should consider temporarily disallowing the dynamic CKDS update services. If you are planning to use KGUP to make significant changes to the CKDS, you should disallow dynamic CKDS update on every system which shares the CKDS. If you are planning to perform a coordinated CKDS change master key or coordinated CKDS refresh operation on a large CKDS (millions of records), you may experience a temporary suspension of CKDS update requests running in parallel. If you cannot tolerate a temporary suspension in your workload, and would prefer that update requests are failed instead of suspended, you should disallow dynamic CKDS updates on every system which shares the same active CKDS prior to performing the coordinated CKDS administration operation. If an application tries to use the dynamic CKDS update services when they are disallowed, the return code indicates that the CKDS management service has been disabled by the system administrator. To disallow dynamic CKDS access, perform these tasks:
|
Copyright IBM Corporation 1990, 2014
|