× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. June 2017

Re: VIOS & Cryptographic coprocessor card

I believe that summing it up is this:

To utilize a Crypto co-processor it must be directly allocated to the IBM i Partition that needs it. It may not be shared in any way.

If you get a handle on that you are in good shape. You can still have VIOS server running and still use SAN disk and virtual Ethernet and still have other partitions. The rule simply dictates that the card slot and thus the crypto-card in it are allocated to the IBM i Partition directly. VIO server plays no part in the use of the card.

This is not an IVM vs HMC thing. Users with VPM (Virtual partition Manager) can ONLY use the Crypto card on the 'primary' or host partition on those servers.

Does that help?

- Larry "DrFranken" Bolhuis

www.Frankeni.com
www.iDevCloud.com - Personal Development IBM i timeshare service.
www.iInTheCloud.com - Commercial IBM i Cloud Hosting.

On 6/27/2017 11:32 AM, Keith McCully wrote:
Hi,

Along with our up and coming V7R3 upgrade we will be installing a 4765
cryptographic co-processor card to ensure integrity and origin of
payment files via digital signatures.

Also we want to virtualize (VIOS) but the IBM Knowledge Centre says
the following for the Integrated Virtualization Manager:

"Cryptographic coprocessors are not supported in this environment. You
also cannot use a Cryptographic coprocessor to generate and store
private keys associated with digital certificates. None of the Common
Cryptographic Architecture APIs in Option 35 - CCA Cryptographic
Service Provider are supported, because these APIs route requests to
cryptographic hardware.

Applications that use IBM i Cryptographic Services APIs must use a
software cryptographic service provider because hardware cryptographic
service providers are not supported"


However, another section of the Knowledge Centre states that Virtual
I/O Servers can be created and managed via HMC as well as Integrated
Virtualization Manager:

Has anyone done this via HMC and, if so, is the functionality reduced
when compared to IVM?

Thanks

Keith


As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.