Using ICSF z/OS in a non-mainframe environment

View Only

Back to discussions

Expand all | Collapse all

1. Using ICSF z/OS in a non-mainframe environment

0 Like
Renato Almeida de Brito
Posted Thu September 16, 2021 07:35 AM

Reply
Hello,

Does anyone know if it is possible to use ICSF z/OS as a general installation HSM? For example, we use its features from a non-mainframe environment without the need to make programs on the mainframe (C, Assembler, Cobol... etc). Similar to what is done with DB2 on z/OS, which can be activated from a non-mainframe environment without the need to write programs on the mainframe.

Thanks.

------------------------------
Renato Almeida de Brito
------------------------------
2. RE: Using ICSF z/OS in a non-mainframe environment

0 Like
Eric Rossman
Posted Thu September 16, 2021 01:00 PM
Edited by Eric Rossman Thu September 16, 2021 05:05 PM

Reply
<Edited: ACSP was the tool I was trying to think of, not the remote crypto plugin>.

------------------------------
Eric Rossman
------------------------------

Original Message
3. RE: Using ICSF z/OS in a non-mainframe environment

0 Like
Dan Little
Posted Thu September 16, 2021 01:30 PM

Reply
I think this product from IBM might be helpful. It has REST API etc. that can be called from distributed or mainframe.

https://www.ibm.com/security/key-management/acsp

We are using it.

Dan

Dan W Little | Senior Director, Mainframe Operating Systems | Mainframe & Midrange Hosting Services | Tech Infrastructure | Tech & Ops | RBC | T. 416-348-4502 | C. 647-271-7485

155 Wellington St W | 5th Floor | Toronto, Ontario M5V 3K7

_______________________________________________________________________
If you received this email in error, please advise the sender (by return email or otherwise) immediately. You have consented to receive the attached electronically at the above-noted email address; please retain a copy of this confirmation for future reference.
Si vous recevez ce courriel par erreur, veuillez en aviser l'expéditeur immédiatement, par retour de courriel ou par un autre moyen. Vous avez accepté de recevoir le(s) document(s) ci-joint(s) par voie électronique à l'adresse courriel indiquée ci-dessus; veuillez conserver une copie de cette confirmation pour les fins de reference future.

Original Message
4. RE: Using ICSF z/OS in a non-mainframe environment

0 Like
Eric Rossman
Posted Thu September 16, 2021 05:04 PM

Reply
Dan, you are exactly right. THAT was the product I was thinking of, not the remote crypto plugin.

------------------------------
Eric Rossman
------------------------------

Original Message
5. RE: Using ICSF z/OS in a non-mainframe environment

0 Like
Dan Little
Posted Thu September 16, 2021 01:35 PM

Reply
I have no experience with this remote crypto plugin. It is a little concerning maybe that it refers to zBX which no longer exists to my knowledge.

<quote>
Therefore, you should limit the use of the remote crypto plug-in to zEnterprise 196 (z196) systems where applications or appliances deployed on IBM® zEnterprise® BladeCenter® Extensions (zBX) communicates with the remote crypto plug-in over the intraensemble data network (IEDN).
</quote>

Dan

------------------------------
Dan Little
------------------------------

Original Message
6. RE: Using ICSF z/OS in a non-mainframe environment

0 Like
Bertus Bekker
Posted Thu September 16, 2021 02:09 PM

Reply
The crypto card is available as a separate product (sold by IBM Z division) that can be installed in a PCI slot in a play machine.

IIRC the machine code is 4767 or 4668.

Personally, I would rather have it in a real Z.

Original Message
7. RE: Using ICSF z/OS in a non-mainframe environment

0 Like
Eysha Shirrine Powers
Posted Thu September 16, 2021 02:55 PM

Reply
The Advanced Crypto Service Provider (ACSP) that Dan mentioned would be a good option to explore. It essentially turns IBM Z into a remote crypto HSM. https://www.ibm.com/security/key-management/acsp

If you have questions on it, just contact cccc@dk.ibm.com.

------------------------------
Eysha Shirrine
------------------------------

Original Message
8. RE: Using ICSF z/OS in a non-mainframe environment

0 Like
Renato Almeida de Brito
Posted Thu September 16, 2021 03:56 PM

Reply
I would like to thank everyone for their contribution. Let's analyze what is the best alternative for our infrastructure.

------------------------------
Renato Almeida de Brito
------------------------------

Original Message
9. RE: Using ICSF z/OS in a non-mainframe environment

1 Like
Henrik Lyksborg
Posted Fri September 17, 2021 09:35 AM

Reply
Hi - Henrik from the CCC, I am product owner for the ACSP solution. I will be happy to give a brief introduction to ACSP and it's use cases.
Regrads - Henrik Lyksborg

------------------------------
Henrik Lyksborg
------------------------------

Original Message

IBM Crypto Education Community

Using ICSF z/OS in a non-mainframe environment

Renato Almeida de BritoThu September 16, 2021 07:35 AM

Eric RossmanThu September 16, 2021 01:00 PM

Dan LittleThu September 16, 2021 01:30 PM

Eric RossmanThu September 16, 2021 05:04 PM

Dan LittleThu September 16, 2021 01:35 PM

Bertus BekkerThu September 16, 2021 02:09 PM

Eysha Shirrine PowersThu September 16, 2021 02:55 PM

Renato Almeida de BritoThu September 16, 2021 03:56 PM

Henrik LyksborgFri September 17, 2021 09:35 AM

1. Using ICSF z/OS in a non-mainframe environment

2. RE: Using ICSF z/OS in a non-mainframe environment

3. RE: Using ICSF z/OS in a non-mainframe environment

4. RE: Using ICSF z/OS in a non-mainframe environment

5. RE: Using ICSF z/OS in a non-mainframe environment

6. RE: Using ICSF z/OS in a non-mainframe environment

7. RE: Using ICSF z/OS in a non-mainframe environment

8. RE: Using ICSF z/OS in a non-mainframe environment

9. RE: Using ICSF z/OS in a non-mainframe environment