OMEGAMON XE for IBM Cryptographic C ...publib.boulder.ibm.com/tividd/td/ITOXfICCP/GC32-9301-00/...2...

transcript

User’s GuideOMEGAMON® XE for

IBM Cryptographic Coprocessors

Version 100

GC32-9301-00

May 2002

Candle Corporation201 North Douglas Street

El Segundo, California 90245-9796

2 OMEGAMON XE for IBM Cryptographic Coprocessors User’s Guide, V100

Registered trademarks and service marks of Candle Corporation: AF/OPERATOR, AF/PERFORMER, AF/REMOTE, Availability Command Center, Candle, Candle Command Center, Candle Direct logo, Candle Electronic Customer Support, Candle logo, Candle Management Server, Candle Management Workstation, Candle Technologies, CL/CONFERENCE, CL/SUPERSESSION, CommandWatch, CT, CT/Data Server, CT/DS, DELTAMON, eBA, eBA*ServiceMonitor, eBA*ServiceNetwork, eBusiness Assurance, eBusiness Institute, ETEWatch, IntelliWatch, IntelliWatch Pinnacle, MQSecure, MQView, OMEGACENTER, OMEGAMON, OMEGAMON/e, OMEGAMON II, OMEGAMON Monitoring Agent, OMEGAVIEW, OMEGAVIEW II, PQEdit, Solutions for Networked Applications, Solutions for Networked Businesses, and Transplex.Trademarks and service marks of Candle Corporation: Alert Adapter, Alert Adapter Plus, Alert Emitter, AMS, Amsys, AutoBridge, AUTOMATED FACILITIES, Availability Management Systems, Candle Alert, Candle Business Partner Logo, Candle Command Center/SentinelManager, Candle CommandPro, Candle CIRCUIT, Candle eDelivery, CandleLight, CandleNet, CandleNet 2000, CandleNet Command Center, CandleNet eBP, CandleNet eBP Access, CandleNet eBP Administrator, CandleNet eBP Broker Access, CandleNet eBP Configuration, CandleNet eBP Connector, CandleNet eBP File Transfer, CandleNet eBP Host Connect, CandleNet eBP Object Access, CandleNet eBP Object Browser, CandleNet eBP Secure Access, CandleNet eBP Service Directory, CandleNet eBP Universal Connector, CandleNet eBP Workflow Access, CandleNet eBusiness Assurance, CandleNet eBusiness Exchange, CandleNet eBusiness Platform, CandleNet eBusiness Platform Administrator, CandleNet eBusiness Platform Connector, CandleNet eBusiness Platform Connectors, CandleNet eBusiness Platform Powered by Roma Technology, CandleNet eBusiness Platform Service Directory, CandleNet Portal, CCC, CCP, CEBA, CECS, CICAT, CL/ENGINE, CL/GATEWAY, CL/TECHNOLOGY, CMS, CMW, Command & Control, Connect-Notes, Connect-Two, CSA ANALYZER, CT/ALS, CT/Application Logic Services, CT/DCS, CT/Distributed Computing Services, CT/Engine, CT/Implementation Services, CT/IX, CT/Workbench, CT/Workstation Server, CT/WS, !DB Logo, !DB/DASD, !DB/EXPLAIN, !DB/MIGRATOR, !DB/QUICKCHANGE, !DB/QUICKCOMPARE, !DB/SMU, !DB/Tools, !DB/WORKBENCH, Design Network, DEXAN, e2e, eBAA, eBAAuditor, eBAN, eBANetwork, eBAAPractice, eBP, eBusiness Assurance Network, eBusiness at the speed of light, eBusiness at the speed of light logo, eBusiness Exchange, eBusiness Institute, eBX, End-to-End, ENTERPRISE, Enterprise Candle Command Center, Enterprise Candle Management Workstation, Enterprise Reporter Plus, EPILOG, ER+, ERPNet, ESRA, ETEWatch Customizer, HostBridge, InterFlow, Candle InterFlow, Lava Console, MessageMate, Messaging Mastered, Millennium Management Blueprint, MMNA, MQADMIN, MQEdit, MQEXPERT, MQMON, NBX, NetGlue, NetGlue Extra, NetMirror, NetScheduler, OMA, OMC Gateway, OMC Status Manager, OMEGACENTER Bridge, OMEGACENTER Gateway, OMEGACENTER Status Manager, OMEGAMON Management Center, OSM, PC COMPANION, Performance Pac, PowerQ, PQConfiguration, PQScope, Response Time Network, Roma, Roma Application Manager, Roma Broker, Roma BSP, Roma Connector, Roma Developer, Roma FS/A, Roma FS/Access, RomaNet, Roma Network, Roma Object Access, Roma Secure, Roma WF/Access, Roma Workflow Access, RTA, RTN, SentinelManager, Somerset, Somerset Systems, Status Monitor, The Millennium Alliance, The Millennium Alliance logo, The Millennium Management Network Alliance, TMA2000, Tracer, Unified Directory Services, Volcano and ZCopy.Trademarks and registered trademarks of other companies: AIX, DB2, MQSeries and WebSphere are registered trademarks of International Business Machines Corporation. SAP is a registered trademark and R/3 is a trademark of SAP AG. UNIX is a registered trademark in the U.S. and other countries, licensed exclusively through X/Open Company Ltd. HP-UX is a trademark of Hewlett-Packard Company. SunOS is a trademark of Sun Microsystems, Inc. All other company and product names used herein are trademarks or registered trademarks of their respective companies.

Threaded Environment for AS/400, Patent No. 5,504,898; Data Server with Data Probes Employing Predicate Tests in Rule Statements (Event Driven Sampling), Patent No. 5,615,359; MVS/ESA Message Transport System Using the XCF Coupling Facility, Patent No. 5,754,856; Intelligent Remote Agent for Computer Performance Monitoring, Patent No. 5,781,703; Data Server with Event Driven Sampling, Patent No. 5,809,238; Threaded Environment for Computer Systems Without Native Threading Support, Patent No. 5,835,763; Object Procedure Messaging Facility, Patent No. 5,848,234; End-to-End Response Time Measurement for Computer Programs, Patent No. 5,991,705; Communications on a Network, Patent Pending; Improved Message Queuing Based Network Computing Architecture, Patent Pending; User Interface for System Management Applications, Patent Pending.

NOTICE: This documentation is provided with RESTRICTED RIGHTS. Use, duplication, or disclosure by the Government is subject to restrictions set forth in the applicable license agreement and/or the applicable government rights clause.This documentation contains confidential, proprietary information of Candle Corporation that is licensed for your internal use only. Any unauthorized use, duplication, or disclosure is unlawful.

Contents 3

List of Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

List of Figures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9About This Book . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10Adobe Portable Document Format . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Chapter 1. Introducing OMEGAMON XE for IBM Cryptographic Coprocessors . 13Operating Environment. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15Attributes and Situations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21Viewing and Using OMEGAMON XE Data . . . . . . . . . . . . . . . . . . . . 23Overview of OMEGAMON XE for IBM Cryptographic Coprocessors. 28

Chapter 2. Configuring OMEGAMON XE for IBM Cryptographic Coprocessors . 29Configuring the Monitoring Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . 30Monitored ICSF Service Exits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

Chapter 3. Workspaces. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37Accessing the Workspaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38IBM Cryptographic Coprocessor Workspace . . . . . . . . . . . . . . . . . . . 39Cross-System ICSF Workspace . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40Service Call Performance Workspace . . . . . . . . . . . . . . . . . . . . . . . . 42Top User Performance Workspace . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

Chapter 4. Predefined Situations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45Exception Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46Descriptions of the Predefined Situations. . . . . . . . . . . . . . . . . . . . . . 47

Chapter 5. Usage Scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51Validating Your Cryptography Configuration . . . . . . . . . . . . . . . . . . . 52Monitoring and Improving Cryptography Performance . . . . . . . . . . . 54

Contents

Monitoring and Improving Cross-System ICSF Performance . . . . . . . 58

Appendix A. Guide to Candle Customer Support . . . . . . . . . . . . . . . . . . . . . 61Base Maintenance Plan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62Enhanced Support Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66Customer Support Contact Information. . . . . . . . . . . . . . . . . . . . . . . 68

Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69

List of Tables 5

Table 1. ICSF Service Exits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

List of Tables

List of Figures 7

FIGURE 1. Graphical User Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16FIGURE 2. Business View . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18FIGURE 3. Event Workspace. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25FIGURE 4. Navigator Items for Agents on Two ICSF Subsystems . . . . . . . . . . . . 38FIGURE 5. IBM Cryptographic Coprocessor Workspace . . . . . . . . . . . . . . . . . . . 53FIGURE 6. Service Call Performance Workspace . . . . . . . . . . . . . . . . . . . . . . . . 55FIGURE 7. Cross-System ICSF Workspace . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58

List of Figures

Preface 9

Preface

This guide gives instructions for using OMEGAMON® XE for IBM Cryptographic Coprocessors to monitor the Integrated Cryptographic Service Facility (ICSF) subsystem of MVS. The guide explains

� how OMEGAMON XE for IBM Cryptographic Coprocessors works with the CandleNet PortalTM front end

� how to access specific information about performance-related events in your environment

� how to use the real-time data, alerts, and reports of OMEGAMON XE for IBM Cryptographic Coprocessors to diagnose and solve problems in ICSF configuration and performance

About This Book

Who should read this bookThis guide is intended for network and system administrators and operators. It assumes that� you have installed CandleNet Portal and OMEGAMON XE for IBM

Cryptographic Coprocessors.� you are familiar with basic CandleNet Portal concepts, tasks, and features.

If you are unfamiliar with CandleNet Portal, see– Administering OMEGAMON Products: CandleNet Portal, CJ99-6420– the online CandleNet Portal Tour

� the ICSF subsystem is installed on one or more MVS systems, and you are familiar with its operation. For answers to your questions about ICSF, see the IBM documentation.

Where to look for more informationFor more information about OMEGAMON XE for IBM Cryptographic Coprocessors and other related products, see the� technical documentation CD-ROM that came with this product� online help provided with this and other related products� Candle web site at www.candle.com

Ordering additional documentationTo order additional product manuals, contact your Candle Customer Support representative.

We would like to hear from youCandle welcomes your comments and suggestions for changes or additions to this User’s Guide. A comment form located at the back of the book provides simple instructions for communicating with the Candle Information Development department.

You can also send e-mail to UserDoc@candle.com. Please include OMEGAMON XE for IBM Cryptographic Coprocessors User’s Guide, V100 in the subject line.

Preface 11

Adobe Portable Document Format

Printing this bookCandle supplies documentation in the Adobe Portable Document Format (PDF). The Adobe Acrobat Reader will print PDF documents with the fonts, formatting, and graphics in the original document. To print a Candle document, do the following:

1. Specify the print options for your system. From the Acrobat Reader Menu bar, select File > Page Setup… and make your selections. A setting of 300 dpi is highly recommended as is duplex printing if your printer supports this option.

2. To start printing, select File > Print... on the Acrobat Reader Menu bar.

3. On the Print pop-up, select one of the Print Range options for� All� Current page� Pages from: [ ] to: [ ]

4. (Optional). Select the Shrink to Fit option if you need to fit oversize pages to the paper size currently loaded on your printer.

Printing problems?The print quality of your output is ultimately determined by your printer. Sometimes printing problems can occur. If you experience printing problems, potential areas to check are:� settings for your printer and printer driver. (The dpi settings for both your

driver and printer should be the same. A setting of 300 dpi is recommended.)

� the printer driver you are using. (You may need a different printer driver or the Universal Printer driver from Adobe. This free printer driver is available at www.adobe.com.)

� the halftone/graphics color adjustment for printing color on black and white printers (check the printer properties under Start > Settings > Printer). For more information, see the online help for the Acrobat Reader.

� the amount of available memory in your printer. (Insufficient memory can cause a document or graphics to fail to print.)

For additional information on printing problems, refer to the documentation for your printer or contact your printer manufacturer.

Adobe Portable Document Format

Contacting AdobeIf additional information is needed about Adobe Acrobat Reader or printing problems, see the Readme.pdf file that ships with Adobe Acrobat Reader or contact Adobe at www.adobe.com.

Introducing OMEGAMON XE for IBM Cryptographic Coprocessors 13

Introducing OMEGAMON XE forIBM Cryptographic Coprocessors

This chapter explains how OMEGAMON XE for IBM Cryptographic Coprocessors works and how it uses the CandleNet Portal interface.

Chapter ContentsOperating Environment. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

What is OMEGAMON XE?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15Components of the environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15What is CandleNet Portal? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16What is the Candle Management Workstation?. . . . . . . . . . . . . . . . . . . . . . . . 17Further information on CandleNet Portal and CMW. . . . . . . . . . . . . . . . . . . . 17What is OMEGAMON DE?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18About the Workflow Editor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

Attributes and Situations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21Using attributes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21For more information on attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21What is a situation? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21What is a predefined situation?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21Using situations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22For more information on situations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

Viewing and Using OMEGAMON XE Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23Workspaces and views . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23What is a workspace? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23Workspace properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23Adding a workspace to your favorites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24Available views. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24Associating workspaces with attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24Event workspaces. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

Filtering data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26Sorting data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26Using the data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26Historical data collection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

Overview of OMEGAMON XE for IBM Cryptographic Coprocessors . . . . . . . . . . 28What the agent does. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28How to start and stop the agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28What’s next . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

Operating Environment

What is OMEGAMON XE?OMEGAMON XE is a suite of Candle products that monitor system and network applications on a variety of platforms. These products keep track of the availability and performance of all parts of your enterprise from one or more designated workstations, and provide reports you can use to track trends and troubleshoot problems. You can use OMEGAMON XE to� establish your own performance thresholds� raise alerts when thresholds are exceeded� trace the causes leading up to an alert� create situations (conditions to test when monitoring)� create comprehensive reports about system and network conditions� create and send commands to systems in your managed enterprise by

means of the Take Action feature, which you can use, for instance, to restart a process that is not functioning properly

� define your own queries, using the attributes provided by OMEGAMON XE for IBM Cryptographic Coprocessors, to monitor conditions of particular interest to you

Components of the environmentThe client-server-agent implementation includes� a client, which can be

– a CandleNet Portal workstation– a Candle Management Workstation® (CMW™), used primarily for

managing work groups, work lists, and managed systems lists

� a server, known as the Candle Management Server® (CMSTM)� a CandleNet Portal Server that performs common functions and lightens

the CandleNet Portal client’s workload� monitoring agents that collect and distribute data to a CMS.

OMEGAMON XE for IBM Cryptographic Coprocessors is such an agent.An additional feature package, OMEGAMON DE, is available with OMEGAMON XE. For information about its capabilities, see “What is OMEGAMON DE?” on page 18.

What is CandleNet Portal?CandleNet Portal is the graphical user interface for OMEGAMON XE products. It provides a view of all enterprise performance data, from which you can drill down to examine selected components more closely. Its application window consists of � a Navigator (1 in Figure 1) that shows all your systems, applications, or

business entities where Candle agents are installed� a workspace (2 in Figure 1) that includes table and chart views of system,

application, and business entity conditions

FIGURE 1. Graphical User Interface

CandleNet Portal runs situations at regular intervals to check that your applications and system resources are running, and running well. A failed test causes a warning or critical event indicator to appear in the Navigator.

CandleNet Portal offers two modes of operation:

� desktop mode, in which the CandleNet Portal client is installed on your workstation and runs as a desktop application.

� browser mode, in which the system administrator installs the CandleNet Portal client on the web server, and you start CandleNet Portal from your browser. In browser mode, thin client software is downloaded to your system the first time you log on to CandleNet Portal, and thereafter only when there are software updates.

What is the Candle Management Workstation?When using OMEGAMON XE for IBM Cryptographic Coprocessors, you can use the Candle Management Workstation (CMW) to manage work groups, work lists, data items, and managed systems lists.

Further information on CandleNet Portal and CMWFor further information about CandleNet Portal, see

� Administering OMEGAMON Products: CandleNet Portal, CJ99-6420

� the online CandleNet Portal Tour

For further information about using the CMW for user administration, see

� Candle Management Workstation Administrator’s Guide, MW53-6049

� the CMW online help

If you are an experienced CMW user, see the CandleNet Portal help topic For CMW Users. This topic addresses the similarities and differences between the user interfaces, provides guidance about interface functions, and clarifies terminology.

What is OMEGAMON DE?The OMEGAMON DE feature package offers a dashboard view of your enterprise. From this single point of control, you can manage the resources your business-critical applications rely on, including a range of operating systems, servers, databases, mainframes, and Web components. When you install OMEGAMON DE, a Business View tab appears at the bottom of your Navigator pane (1 in Figure 2), in addition to the Physical View (shown in Figure 1) provided by OMEGAMON XE.

FIGURE 2. Business View

Detailed information about OMEGAMON DE is provided in the CandleNet Portal online help. Here is a summary of its features.

� You can display multiple applications in one workspace.

In a single workspace, you can build a table or chart with data from one monitoring agent, and another table or chart with data from a different agent. Within that workspace, you can show views from as many different agents as are included on that branch of the Navigator, in either the physical view or the business view.

� You can link application workspaces.

You can define a link from a workspace associated with one monitoring agent to a workspace associated with another agent.

� You can define enterprise-specific Navigator views.

The Navigator physical view shows the hierarchy of your managed enterprise by operating platform and type of Candle agent. The Navigator business view shows the hierarchy of managed objects. You can also define Navigator views for any logical grouping, such as a department or site hierarchy.

� You can define a graphic view.

The graphic view enables you to retrieve and display real-time monitoring data from Candle agents. Using the graphic view, you can create or import a background image, then place objects (Navigator items) on the image or have it done automatically, using geographical coordinates. You can zoom in and you can add such graphics as floor plans and organization charts.

� You can integrate information provided by Candle’s Universal Agent.

Candle’s Universal Agent is an agent you can configure to monitor any data you collect. It lets you integrate data from virtually any platform and any source, such as custom applications, databases, systems, and subsystems. Your defined data providers are listed in the Navigator, and default workspaces are automatically created.

About the Workflow EditorThe Workflow Editor enables you to design sets of automated processes, called policies, to resolve system problems. A policy performs actions, schedules work to be performed by users, or automates tasks.

You can find instructions for using the Workflow Editor in

� Administering OMEGAMON Products: CandleNet Portal, CJ99-6420

� the CandleNet Portal online help

Attributes and Situations

Using attributesOMEGAMON XE gathers data from remote agents residing on the managed systems of your network, and stores the data in attributes. You can use these attributes to build situations and monitor the performance of your ICSF subsystem.

Each attribute belongs to an attribute group, which associates related attributes. The individual attribute stores data for a particular property of the attribute group.

For example, the OMEGAMON XE for IBM Cryptographic Coprocessors attribute SvcTime stores the average service call duration. This attribute belongs to the SVCDET attribute group.

For more information on attributesFor complete descriptions of all the attributes for OMEGAMON XE for IBM Cryptographic Coprocessors, see the online help.

What is a situation?A situation is a logical expression involving one or more system conditions. Situations are used to monitor the condition of systems in your network. You can manage situations from CandleNet Portal by using the Situation Editor.

What is a predefined situation?OMEGAMON XE for IBM Cryptographic Coprocessors includes a set of predefined situations that you can use as provided or modify to meet your requirements. Predefined situations contain attributes that check for common system conditions. You can examine and, if desired, change the conditions or values being monitored by a predefined situation.

Note: If you choose to modify a predefined situation, make a backup copy first.

For a description of the predefined situations provided with OMEGAMON XE for IBM Cryptographic Coprocessors, see “Predefined Situations” on page 45.

Attributes and Situations

Using situationsYou manage situations from the CandleNet Portal graphical user interface (GUI) by using the Situation Editor to� display a situation� edit a situation� create a situation� delete a situation� save a situation� start or stop a situation� investigate the event workspace for a situation

When you open the Situation Editor, its left frame initially lists the situations associated with the Navigator item you selected. When you click a situation name or create a new situation, the right frame of the Situation Editor opens to provide you with the following information about the situation and to let you define the situation further.

For more information on situationsFor the most current information about situations, see� Administering OMEGAMON Products: CandleNet Portal, CJ99-6420� CandleNet Portal online help

Condition See, add to, and edit the condition being tested.

Distribution See the systems to which the situation is assigned and assign the situation to systems.

Expert Advice Write comments or instructions to be read in the event workspace.

Action Specify a command to be sent to the system.

You can also enter commands by adding a Take Action view to a workspace, selecting Take Action from the pop-up menu for an item in the Navigator’s physical view, or creating commands and saving them for later use.

Until Reset a true situation when another situation becomes true or a specified time interval elapses.

Viewing and Using OMEGAMON XE Data

Workspaces and viewsCandleNet Portal displays information in workspaces. Within a given workspace, information is displayed in formats called views. Information can be displayed in a tabular format called a table view, in a chart such as a pie chart or bar graph, or in other formats you can specify.

What is a workspace?A workspace is the working area of the CandleNet Portal client window. At the left of the workspace is a Navigator that permits you to select the system, application, or business entity whose data you want to display. As you select items in the Navigator, the workspace presents views pertinent to your selection. Each workspace has at least one view.

Every workspace has a set of properties. You can customize the workspace by using the Properties Editor to change the style and content of each view. Another way to customize the workspace is to change the type of view or to add views. Unless you save your changes, they are lost when you switch to another workspace.

Workspace propertiesThe properties of a workspace may include any of these.

Query Specify what data should go in the chart or table.

Filters Refine the view by filtering out unwanted data from the chart or table.

Thresholds Establish threshold values and color indicators for a table view.

Configuration Specify the script to run or the connection to make whenever you open the terminal view.

Style Change the behavior and appearance of the view.

Adding a workspace to your favoritesWhen using CandleNet Portal in browser mode, you can start it from any workstation by entering the URL for the web server where the browser mode client is installed. Each CandleNet Portal workspace also has a URL, so you can add the workspace to your Favorites list or specify it as your home page.

Available viewsCandleNet Portal can display your system, application, and business entity performance data in any of these views.� Table view� Pie chart view� Bar chart view� Plot chart view� Needle gauge view� Thermometer gauge view� Enterprise Event Console view, which shows the status of your situations

In addition, these views are available for your use:� Notepad view, which opens a text editor for writing text to be saved with

the workspace� Take Action view, which enables you to send a command to the system� Terminal view, which enables you to start a 3270 or 5250 work session� Browser view, which opens the integrated browser for accessing web

Associating workspaces with attributesA table or chart view always shows data from a single attribute group. In a table view, each column represents a single attribute and has the same name as that attribute.

Each CandleNet Portal workspace displays real-time information for many attributes. For descriptions of the workspaces associated with OMEGAMON XE for IBM Cryptographic Coprocessors, see “Workspaces” on page 37.

Event workspacesWhen the conditions of a situation have been met, the situation evaluates True, causing an event indicator to appear in the Navigator. You can investigate the event by opening its workspace.

The event workspace shows two table views:

� one with the values of the attributes when the situation evaluated True (1 in Figure 3)

� the other with the attributes’ current values (2 in Figure 3)

The event workspace can also display the text of expert advice written by the situation's author (3 in Figure 3), and the Take Action view so you can send a command (4 in Figure 3).

FIGURE 3. Event Workspace

Filtering dataTo set up data filtering for a given table view:

1. Right-click the table and select Properties.

2. From the displayed dialog, select the Filters tab.

3. Select the columns to display and set up criteria for the rows to display.

4. To save your filtering specifications, select File > Save Workspace.

Sorting dataTo sort the data in a table, click a column heading. Click once to sort the data in ascending order. Click a second time to resort the report in descending order. A third click restores the default sort order.

Using the dataYou can use the data collected by OMEGAMON XE to

� monitor the performance of your system, subsystem, and network resources

� select the most effective threshold values for situations you create

� review status information when a change in the state of a given resource occurs, such as from OK to Warning or from Warning to Critical

� identify and correct problems quickly

The data in OMEGAMON XE tables are obtained from a database. Therefore, although they may have been obtained quite recently, they are, strictly speaking, historical data. Most tables contain a timestamp column that indicates the time the monitoring agent obtained the data. A blank column indicates that no data are available for that column.

Historical data collectionYou can use CandleNet Portal’s historical data collection function to store and save the data collected by OMEGAMON XE for IBM Cryptographic Coprocessors. Historical data collection permits you to specify

� the attribute group or groups for data collection

� the interval for data collection

� the interval for data warehousing, if desired

� the location (either at the agent or at the CMS) for data storage

For more information about historical data collection, see

� Historical Data Collection Guide: OMEGAMON XE and CandleNet Command Center, CJ99-6478

� CandleNet Portal online help

Overview of OMEGAMON XE for IBM Cryptographic Coprocessors

What the agent doesOMEGAMON XE for IBM Cryptographic Coprocessors monitors the status, configuration, and performance of coprocessors installed in z900 and S/390 series servers. Using data collected at the beginning and end of each service call in the ICSF subsystem of MVS, the monitoring agent enables you to

� ensure the availability of coprocessors and their services

� validate cryptography configuration

� manage service call performance

� balance cryptography workloads among systems

How to start and stop the agentIf OMEGAMON XE for IBM Cryptographic Coprocessors is configured to run in the same address space as the CMS, the monitoring agent starts and stops automatically when the CMS starts and stops.

If OMEGAMON XE for IBM Cryptographic Coprocessors is configured to run in its own address space, you can start and stop it by issuing standard MVS START and STOP commands.

For more information on configuring the monitoring agent, see� Installation & Configuration of Candle Products on OS/390 and z/OS,

CI51-6443� OMEGAMON XE for IBM Cryptographic Coprocessors Configuration

and Customization Guide, CG51-6555� “Configuring OMEGAMON XE for IBM Cryptographic Coprocessors” on

What’s nextThe rest of this guide tells you how to configure and use the agent to detect problems and improve cryptography service levels.

Configuring OMEGAMON XE for IBM Cryptographic Coprocessors 29

Configuring OMEGAMON XE forIBM Cryptographic Coprocessors

OverviewThis chapter contains information on setting up OMEGAMON XE for IBM Cryptographic Coprocessors for data collection. It also lists the 78 monitored ICSF exits, to help you interpret the information displayed in the product workspaces.

Chapter ContentsConfiguring the Monitoring Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30Adding the Candle exit to the ICSF configuration . . . . . . . . . . . . . . . . . . . . . . 31Setting up historical data collection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32Take Action commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

Monitored ICSF Service Exits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33List of monitored service calls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

Configuring the Monitoring Agent

PrerequisitesBefore you can configure OMEGAMON XE for IBM Cryptographic Coprocessors, you must complete product installation. Be sure you have followed all the steps in� Installation & Configuration of Candle Products on OS/390 and z/OS,

CI51-6443� OMEGAMON XE for IBM Cryptographic Coprocessors Configuration

and Customization Guide, CG51-6555

In particular, make sure that� you have specified, to the Candle Installation and Configuration

Assistance Tool (CICAT), the name of the current CSFPRM00 member and the name of the dataset containing that member. If so, CICAT will have1.updated the CSFPRM00 member to add the exit installation parameter2.placed the modified member in the RKANSAM dataset for copying into

the ICSF parameters member

� you have not set up your own ICSF service call exits. OMEGAMON XE for IBM Cryptographic Coprocessors monitors ICSF by hooking the standard service call exits defined by IBM. If those exits are customized, data collection cannot occur.If you need to define your own exits, Candle recommends that you use the ICSF security exits as alternatives to the two service call exits, CSFEXIT3 and CSFEXIT4. If the monitoring agent discovers a user-defined exit that conflicts with a Candle performance-monitoring exit, it will replace the user-defined exit, issue a warning message, and proceed with data collection. For a list of ICSF exits, see “Monitored ICSF Service Exits” on page 33.Important: The Candle exits use installation word 2 (CCVTINW2) in the Cryptographic Communications Vector (CCVT) control block. Your exits must not change this value, or fatal errors will occur in the monitoring agent. As an alternative, you can use installation word 1 (CCVTINW1), which is not used by the Candle exits and can be changed without any effect on the monitoring agent.

Adding the Candle exit to the ICSF configurationTo set up OMEGAMON XE for IBM Cryptographic Coprocessors for data collection, you must make KCGEXIT3 accessible at subsystem and agent startup. The RKANMOD runtime dataset delivered by CICAT contains KCGEXIT3. You can choose between two methods of adding the Candle exit to the ICSF configuration.

Method 1: Add RKANMOD to the ICSF STEPLIB

To use this method, modify the ICSF subsystem JCL to include the hilev.rte.RKANMOD dataset in the STEPLIB DD concatenation (where hilev is the high-level qualifier and rte is the runtime environment). The dataset must be APF-authorized. If KCGEXIT3 is then updated by a runtime environment load operation, you must recycle the ICSF subsystem to use the updated exit.

Advantage of Method 1: When maintenance is applied to the RKANMOD(KCGEXIT3) load module, you do not have to copy the module to another load library.

Drawback of Method 1: All Candle load modules in the RKANMOD dataset are exposed to the ICSF address space.

Method 2: Copy RKANMOD(KCGEXIT3) to a new dataset

To use this method, copy RKANMOD(KCGEXIT3) into either a new APF-authorized LOADLIB dataset or a dataset defined to the LINKLIST. If you copy to a LOADLIB dataset, you must concatenate the new dataset to the STEPLIB of ICSF. If you copy to a LINKLIST dataset, you need not adjust the STEPLIB of ICSF.

Advantage of Method 2: Only the KCGEXIT3 module is exposed to the ICSF address space.

Drawback of Method 2: When maintenance is applied to the RKANMOD(KCGEXIT3) load module, you will have to copy the updated load module to the separate LOADLIB or LINKLIST dataset and then recycle the ICSF subsystem to use the updated exit. Additionally, if you have used a LINKLIST dataset, you will have to perform a LINKLIST lookaside (LLA) refresh.

In case of trouble

If KCGEXIT3 is missing from the ICSF subsystem configuration or if maintenance levels do not match, error messages are issued in the RKLVLOG log file. See the Candle Products Messages Manual: Volume 2, MU52-6239.

Setting up historical data collectionOMEGAMON XE for IBM Cryptographic Coprocessors provides optional historical reporting on the Service Call Performance (SVCDET) and Top User Performance (TOPUSER) attribute groups. Since these attributes report rolling averages of 10 minutes of collected data, Candle recommends that historical sampling occur at 5 minute intervals (half the length of the data averaging interval).

For instructions on setting up historical data collection in CandleNet Portal, see� Historical Data Collection Guide: OMEGAMON XE and CandleNet

Command Center, CJ99-6478� CandleNet Portal online help

Take Action commandsFrom the Take Action view of the CandleNet Portal, you can issue MVS console commands to the same system where the OMEGAMON XE for IBM Cryptographic Coprocessors agent is executing. Because product-specific actions for cryptography could create a security risk, they are not available.

Tip: Before executing any Take Action commands, see the CandleNet Portal online help on the Take Action view.

Monitored ICSF Service Exits

OverviewOMEGAMON XE for IBM Cryptographic Coprocessors monitors 78 ICSF services by collecting data at the beginning and end of each service call. Two additional exits, service call exits CSFEXIT3 and CSFEXIT4, are reserved for use by the Candle monitoring agent. For more information about those exits, see “Prerequisites” on page 30.

List of monitored service callsThis table lists the monitored ICSF service exits and names the cryptographic service that uses each exit.

Table 1. ICSF Service Exits

Exit Service

CSFAEGN ANSI X9.17 EDC Generate

CSFAKEX ANSI X9.17 Key Export

CSFAKIM ANSI X9.17 Key Import

CSFAKTR ANSI X9.17 Key Translate

CSFATKN ANSI X9.17 Transport Key Partial Notarize

CSFCKI Clear Key Import

CSFCKM Multiple Clear Key Import

CSFCPA Clear PIN Generate Alternate

CSFCPE Clear PIN Encrypt

CSFCSG VISA CVV Service Generate

CSFCSV VISA CVV Service Verify

CSFCTT Ciphertext Translate

CSFCTT1 Ciphertext Translate, with Access List Entry Token (ALET)

CSFCVE Cryptographic Variable Encipher

CSFCVT Control Vector Translate

CSFDCO Decode

CSFDEC Decipher

CSFDEC1 Decipher (with ALET)

CSFDKG Diversified Key Generate

CSFDKM Data Key Import

CSFDKX Data Key Export

CSFDSG Digital Signature Generate

CSFDSV Digital Signature Verify

CSFECO Encode

CSFEDC Cipher/Decipher

CSFEMK Encipher under Master Key

CSFENC Encipher

CSFENC1 Encipher (with ALET)

CSFEPG Encrypted PIN Generate

CSFGKC Generate a key

CSFKEX Key Export

CSFKGN Key Generate

CSFKIM Key Import

CSFKPI Key Part Import

CSFKRC Key Record Create

CSFKRD Key Record Delete

CSFKRR Key Record Read

CSFKRW Key Record Write

CSFKTR Key Translate

Exit Service

CSFKYT Key Test

CSFKYTX Key Test Extended

CSFMDG MDC Generate

CSFMDG1 MDC Generate (with ALET)

CSFMGN MAC Generate

CSFMGN1 MAC Generate (with ALET)

CSFMVR MAC Verify

CSFMVR1 MAC Verify (with ALET)

CSFOWH One Way Hash Generate

CSFOWH1 One Way Hash Generate (with ALET)

CSFPCI PCI Interface

CSFPEX Prohibit Export

CSFPEXX Prohibit Export Extended

CSFPGN Clear PIN Generate

CSFPKD PKA Decrypt

CSFPKE PKA Encrypt

CSFPKG PKA Key Generate

CSFPKI PKA Key Import

CSFPKRC PKDS Record Create

CSFPKRD PKDS Record Delete

CSFPKRR PKDS Record Read

CSFPKRW PKDS Record Write

CSFPKSC PKSC Interface

CSFPKX PKA Public Key Extract

CSFPTR Encrypted PIN Translate

Exit Service

CSFPVR Encrypted PIN Verify

CSFRKD Retained Key Delete

CSFRKL Retained Key List

CSFRNG Random Number Generate

CSFRTC Import a key

CSFSBC SET Block Compose

CSFSBD SET Block Decompose

CSFSKI Secure Key Import

CSFSKM Multiple Secure Key Import

CSFSYG Symmetric Key Generate

CSFSYI Symmetric Key Import

CSFSYX Symmetric Key Export

CSFTCK Transform CDMF Key

CSFUDK User Derived Key

Exit Service

Workspaces 37

Workspaces

Introduction This chapter gives instructions for accessing the OMEGAMON XE for IBM Cryptographic Coprocessors workspaces and summarizes those workspaces and their views.

Chapter Contents

Accessing the Workspaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38Main workspace . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38Subordinate workspaces. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

IBM Cryptographic Coprocessor Workspace . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39Event Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39ICSF Subsystem Status view. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

Cross-System ICSF Workspace . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40ICSF Subsystems by System view. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40Service Call Performance by System view . . . . . . . . . . . . . . . . . . . . . . . . . . . 40Top Users by System view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

Service Call Performance Workspace . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42Service Call Performance view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42

Top User Performance Workspace. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43Performance by Top Users view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

Accessing the Workspaces

Main workspaceTo access the main or product-level workspace for OMEGAMON XE for IBM Cryptographic Coprocessors, click IBM Cryptographic Coprocessor in the Navigator (the left side of the CandleNet Portal window, shown in Figure 4).

Subordinate workspacesTo access subordinate workspaces for OMEGAMON XE for IBM Cryptographic Coprocessors:

1. Expand the IBM Cryptographic Coprocessor item in the Navigator (Figure 4).

2. Select View > Workspaces.

3. From the list displayed, click the name of the workspace you want to open.The rest of this chapter describes the workspaces and their views. For usage scenarios that show how the workspaces can help you make cryptography configuration decisions, discover and solve performance problems, and prevent future problems, see “Usage Scenarios” on page 51.

FIGURE 4. Navigator Items for Agents on Two ICSF Subsystems

Product-level item

Raised situation

Subordinate items

Workspaces 39

IBM Cryptographic Coprocessor Workspace

OverviewThe IBM Cryptographic Coprocessor workspace displays information about ICSF status and configuration. The workspace contains these table views:

� Event Console

� ICSF Subsystem Status

Event ConsoleThe Event Console shows the status of your OMEGAMON XE for IBM Cryptographic Coprocessors situations and their recent event history. If any situations evaluate True, they appear as items in the Navigator (see Figure 4) and as entries in the Event Console view.

For a complete list of the situations provided with OMEGAMON XE for IBM Cryptographic Coprocessors, see “Predefined Situations” on page 45.

ICSF Subsystem Status viewThe ICSF Subsystem Status view displays the current value of attributes from the ICSF attribute group. These attributes contain information about ICSF subsystem status and configuration.

These are the kinds of data represented by the ICSF attributes:

� status of cryptographic services

� availability of cryptographic coprocessors

� whether the coprocessors are operating in a Processor Resource/System Manager (PR/SM) configuration

� master key and public key information

For a complete list of attributes and their possible values, see the online help.

Cross-System ICSF Workspace

OverviewThe Cross-System ICSF workspace summarizes status, configuration, and performance information about ICSF subsystems on MVS images sharing coprocessors in a Sysplex or PR/SM complex. The workspace shows data from all monitoring agents that are installed on the subsystems and are communicating with CMS, even if the agents do not communicate directly with each other.

The workspace contains these table views:

� ICSF Subsystems by System

� Service Call Performance by System

� Top Users by System

ICSF Subsystems by System viewThe ICSF Subsystems by System view summarizes status and configuration information about the ICSF subsystem on each MVS image. The data displayed represent a subset of the attributes from the ICSF group.

Service Call Performance by System viewThe Service Call Performance by System view shows averages for

� service request arrival rate

� service time per call

� number of requests pending

� bytes processed per service call

for the ICSF subsystem on each MVS image. The data displayed represent a subset of the attributes from the Service Call Detail group.

Workspaces 41

Top Users by System viewThe top Users by System view summarizes performance data for the top 32 users of the ICSF subsystem on each MVS image. The most active user of cryptographic services across systems is shown at the top of the list. The data displayed represent a subset of the attributes from the Top User group.

Service Call Performance Workspace

OverviewThe Service Call Performance workspace displays 4 bar charts showing these averages for each of the top 10 service calls:

� service request arrivals per minute

� bytes processed (data available for some but not all service calls)

The workspace also contains the Service Call Performance table view.

Service Call Performance viewThe Service Call Performance view gives detailed information for all 78 service calls monitored by OMEGAMON XE for IBM Cryptographic Coprocessors. The data displayed represent the values of attributes in the Service Call Detail group. For a complete list of these attributes and their possible values, see the online help.

Workspaces 43

Top User Performance Workspace

OverviewThe Top User Performance workspace displays 4 bar charts showing these averages for each of the top 10 users (by jobname) of cryptographic services:

� service request arrivals per minute

� bytes processed per service call (data available for some but not all service calls)

The workspace also contains the Performance by Top Users table view.

Performance by Top Users viewThe Performance by Top Users view gives detailed performance and usage information for the top 10 users of cryptographic services. The data displayed represent the values of attributes in the Top User group. For a complete list of these attributes and their possible values, see the online help.

Top User Performance Workspace

Predefined Situations 45

Predefined Situations

OverviewThis section contains information on the predefined situations provided for use with OMEGAMON XE for IBM Cryptographic Coprocessors.

Chapter Contents

Exception Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46How situations work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46Using the predefined situations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46

Descriptions of the Predefined Situations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47Crypto_CKDS_Access_Disabled . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47Crypto_CKDS_80PCT_Full . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47Crypto_Internal_Error . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47Crypto_Invalid_Master_Key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47Crypto_Invalid_PKA_Master_Keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48Crypto_No_Coprocessors. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48Crypto_No_PCI_Coprocessors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48Crypto_PCI_Unavailable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48Crypto_PKA_Services_Disabled . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48Crypto_PKDS_Read_Disabled . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49Crypto_PKDS_Write_Disabled . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49Crypto_Service_Unavailable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49

Exception Monitoring

How situations workA situation describes a condition you want to test. CandleNet Portal compares the situation with the values collected by the Candle monitoring agent and registers an event if the condition is met. You are alerted to events by indicator icons that appear in the Navigator. When you move your cursor over an event indicator, a flyover dialog gives you more information about the event. When you click a situation in the flyover, an event workspace gives more detailed information, expert advice, and a Take Action view that allows you to execute system commands. For more information about event workspaces, see “Event workspaces” on page 25.

Using the predefined situationsOMEGAMON XE for IBM Cryptographic Coprocessors offers a set of predefined situations that address some of the most common cryptography exception conditions. You can use these situations as provided to begin exception monitoring immediately, or as templates for creating your own situations. All the predefined situations are set to activate at startup.

Note: If you choose to modify a predefined situation, make a backup copy first.

The rest of this chapter lists and describes the predefined situations supplied with OMEGAMON XE for IBM Cryptographic Coprocessors.

Descriptions of the Predefined Situations

Crypto_CKDS_Access_DisabledAccess to the Cryptographic Key Dataset (CKDS) has been disabled. The CKDS is a VSAM linear dataset that stores keys used for encryption and authentication. Access is normally disabled when a new master key or CKDS is being initialized. The interruption should be temporary, and access to the dataset should be restored automatically after key management operations are completed.

Crypto_CKDS_80PCT_FullThe CKDS is now at 80% of its maximum capacity. The name of the CKDS is shown in the CKDSname attribute. Create a new dataset using a new master key, and re-encipher all keys into the new dataset. For further details, see IBM’s ICSF documentation.

Crypto_Internal_Error An internal monitor error has occurred in the monitoring agent. Make a note of the event attribute values, and contact Candle Customer Support to report the error and receive assistance in correcting the problem.

Examples of event attribute values

MonStatus = Overrun

indicates an internal queue overflow.

SCEDisabled > 0

indicates that one or more service call exits have abended and are no longer collecting performance data.

Crypto_Invalid_Master_KeyA valid master key must be loaded into at least one of the cryptographic coprocessors. Use the ICSF ISPF dialog TKE or the system element to load the master key into each cryptographic coprocessor. Different master keys may be loaded into different coprocessors shared by PR/SM Logical Partitions (LPARs). Each LPAR is associated with a separate Domain Index to isolate

cryptographic keys. For PCI coprocessors, the master key must have the same value as the Symmetric-keys Master Key (SYM-MK).

Crypto_Invalid_PKA_Master_KeysThe public key algorithm (PKA) master key values are invalid. These include the Key Management Master Key (KMMK) and Signature Master Key (SMK) values. Ensure that both the KMMK and the SMK are loaded into each coprocessor. For PCI coprocessors, the SMK Key must be the same value used for the Asymmetric-keys Master Key (ASYM-MK). Use the KMMKey and SMKey attributes to validate the verification hash patterns for these keys.

Crypto_No_CoprocessorsNo cryptographic coprocessors are online. At least one cryptographic coprocessor must be online for cryptographic services to become available. Verify that at least one coprocessor has been configured for the MVS system. Use the System Element console to configure coprocessors for use by systems.

Crypto_No_PCI_CoprocessorsNo PCI cryptographic coprocessors are online. Several public key algorithm (PKA) service calls require that a PCI coprocessor be available. Since PCI coprocessors are optimized for PKA operations, PKA services run more slowly on complementary metal-oxide semiconductor (CMOS) coprocessors.

Crypto_PCI_UnavailableAt least one PCI coprocessor was detected but was not active or available. Several PKA service calls require that a PCI coprocessor be available. Since PCI coprocessors are optimized for PKA operations, PKA services run more slowly on CMOS coprocessors.

Crypto_PKA_Services_DisabledPKA service calls are disabled. In general, these services are disabled only to update the KMMK or SMK, or to manage the Public Key Dataset (PKDS). PKA services calls should be re-enabled automatically after PKA management operations are completed.

Crypto_PKDS_Read_DisabledRead operations on the PKDS are disabled. The PKDS is a VSAM dataset that stores PKA keys used for encryption and authentication. PKDS read access is normally disabled for management operations on the PKDS. The interruption should be temporary, and read access should be restored automatically after management operations are completed. The PKDSname attribute displays the name of the current PKDS.

Crypto_PKDS_Write_DisabledWrite operations on the PKDS are disabled. PKDS write access is normally disabled for management operations on the PKDS. The interruption should be temporary, and write access should be restored automatically after management operations are completed. The PKDSname attribute displays the name of the current PKDS.

Crypto_Service_Unavailable Cryptographic services are unavailable. Verify that the ICSF subsystem is running on the system. If the ICSF subsystem is active, ensure that cryptographic coprocessors are online and available to the system. Also verify that a valid master key has been loaded in each coprocessor configured for the system.

Usage Scenarios 51

Usage Scenarios

OverviewThis chapter provides scenarios that illustrate how the data collected and presented by OMEGAMON XE for IBM Cryptographic Coprocessors can be used to monitor and improve your cryptographic services.

Validating Your Cryptography Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52Cryptography configuration problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52Checking and correcting the configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . 52

Monitoring and Improving Cryptography Performance . . . . . . . . . . . . . . . . . . . . . 54Cryptography performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54Checking service call performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54Checking top user performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56Improving performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57

Monitoring and Improving Cross-System ICSF Performance . . . . . . . . . . . . . . . . . 58Cross-system cryptography performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58Checking and improving cross-system cryptography performance . . . . . . . . . 58

Validating Your Cryptography Configuration

Cryptography configuration problemsMany cryptography problems are the result of configuration errors such as

� failure to assign coprocessors to the MVS system

� offline or unavailable coprocessors

� disabled public keys

� invalid master keys

This scenario involves checking your cryptography configuration and correcting any errors discovered.

Checking and correcting the configuration

1. Start the OMEGAMON XE for IBM Cryptographic Coprocessors monitoring agent.

2. Start CandleNet Portal.

3. Expand items in the Navigator (1 in Figure 5 on page 53) until you see an IBM Cryptographic Coprocessor item, then select that item.

4. Check the Event Console (2 in Figure 5 on page 53) to see whether any predefined situations have been raised (evaluated True) and have triggered events. If so, select the situation to open the event workspace. Follow the expert advice given there to resolve the problem. If you need to execute MVS commands, you can do so from the Take Action view in the event workspace. (See “Event workspaces” on page 25.)

5. Check the attributes in the ICSF Subsystem Status view (3 in Figure 5 on page 53) to make sure that� the ICSF subsystem is configured correctly

� master keys are loaded and set correctly

� coprocessors are online and active

� cryptography services are operational

Usage Scenarios 53

FIGURE 5. IBM Cryptographic Coprocessor Workspace

6. If several ICSF subsystems are installed on MVS images that share coprocessors and a monitoring agent is installed on each subsystem, you should find more than one IBM Cryptographic Coprocessor item in the Navigator. Repeat steps 3–5 for each. Also, be sure to check cross-system ICSF performance. (See “Monitoring and Improving Cross-System ICSF Performance” on page 58).

7. Recheck the product-level workspace(s) after any changes or adjustments to the cryptography configuration.

Monitoring and Improving Cryptography Performance

Cryptography performanceOn each ICSF subsystem, cryptography performance monitoring has two main components.

� Service call performance monitoring involves gathering data such as

– arrival rate of service requests

– time to complete each service call

– queue lengths

� Top user performance monitoring involves determining which jobnames are the heaviest users of cryptography services.

The data collected by OMEGAMON XE for IBM Cryptographic Coprocessors help you make load-balancing decisions to improve cryptography performance.

Checking service call performance

3. Expand Navigator items until you see an IBM Cryptographic Coprocessor item, then expand that item.

4. Select Service Call Performance.

5. Check the Average Arrivals per Minute bar chart (1 in Figure 6 on page 55) to see which services are being called most frequently. In the example shown in Figure 6 on page 55, requests for the Random_Number_Generate service are arriving most frequently.

Usage Scenarios 55

FIGURE 6. Service Call Performance Workspace

6. Check the Average Service Time per Call bar chart (2 in Figure 6 on page 55) to see which services are taking the longest time to complete. In the example, Decipher and Encipher service calls are taking the longest time to complete; however, they are not arriving frequently, so they do not pose a performance problem. Random_Number_Generate, the most frequently called service, is completing rapidly, so it does not pose a performance problem either. Performance problems tend to occur when a particular service call both arrives frequently and takes a long time to complete.

7. Check the Average Pending per Call bar chart (3 in Figure 6 on page 55) for queue length. In the example, there is no queue, so each request is being serviced as soon as it arrives. A high number of pending requests for a particular service call would indicate a performance problem.

8. Use the Average Bytes per Service Call bar chart (4 in Figure 6 on page 55) to see whether the service calls with the largest number of bytes also have the highest service times. In the example, Encipher and Decipher service calls have the largest number of bytes, so their relatively high service times are to be expected.

Note: Byte counts are available for some but not all service calls. Therefore, the data shown in the Average Bytes per Service Call bar chart are correct but incomplete. For a list of the service calls for which byte counts are available, see the online help.

9. If any of the statistics displayed in the bar charts do not seem to make sense or if you need more information about a service call’s performance, you can find detailed data in the Service Call Performance table (5 in Figure 6 on page 55). For explanations of all the attributes in this table, see the online help.

Checking top user performance

4. Select Top User Performance.

5. Check the bar charts in the Top User workspace to see which jobnames� are requesting cryptography services most frequently

� have the highest average service time

� are waiting longest for their requests to move to the top of the queue

� are requesting services with the highest byte counts.

Note: Byte counts are available for some but not all service calls. Therefore, the data shown in the Top 10 Average Bytes per Call bar chart are correct but incomplete. For a list of the service calls for which byte counts are available, see the online help.

Usage Scenarios 57

6. If any of the statistics displayed in the bar charts do not seem to make sense or if you need more information about top user performance, you can find detailed data in the Performance by Top Users table. One particularly useful piece of information in this table is the LastSvcDesc column, which shows the service requested most recently by each of the top users. Click the Refresh button several times, and see whether the same service call keeps showing up. If so, that service call is being used heavily by the top users and may be implicated in any performance problems that arise.For explanations of all the columns, see the online help.

Improving performance

1. If service times are unacceptably high, you might consider decreasing the strength of cryptography by reducing the length of the key. Conversely, if you need to increase the strength of cryptography, you can observe and weigh the performance risk.

2. If any of the top jobnames are relatively unimportant, you might want to reduce their priority on the system.

3. For the most frequently called services and the services with the highest normal service times, you might want to create your own situations. In each situation, specify combinations of arrival rate and service time that you consider worrisome (warning) or truly unacceptable (critical). Whenever a service call reaches a specified threshold, an event alert will be posted on CandleNet Portal. You can then take immediate action to correct the problem.For instructions on creating situations, see the CandleNet Portal online help.

Monitoring and Improving Cross-System ICSF Performance

Cross-system cryptography performanceIf several ICSF subsystems are installed on MVS images that share coprocessors in a Sysplex or PR/SM complex, the workloads on each subsystem can affect the performance of the other subsystems. Use the Cross-System ICSF workspace to compare the subsystems’ cryptography performance and to troubleshoot performance problems.

Checking and improving cross-system cryptography performance

4. Select Cross-System.

FIGURE 7. Cross-System ICSF Workspace

Usage Scenarios 59

5. Check the ICSF Subsystems by System table (1 in Figure 7 on page 58) to make sure the coprocessors are online and cryptography services are active on all systems. In the example shown, no PCI coprocessor is available on either of the two monitored systems. Predefined situation Crypto_No_PCI_Coprocessors defines the lack of an online PCI coprocessor as a warning condition, so warning event indicators appear on the table and in the Navigator. If you find configuration or availability problems, correct them immediately.

6. The Service Call Performance by System table (2 in Figure 7 on page 58) gives you the average request arrival rate, service time in milliseconds, queue length, and byte count per service call for each system. In the example shown, all service calls have been processed on one of the two available systems. Service time is well under a millisecond, however, and the Pending column shows no request queue, so there is no performance problem. If the same system continued to be used exclusively and the arrival rate increased, service time and queue length would also increase, and a serious performance problem might develop. In such a case, you might consider rebalancing workloads among systems to correct the problem.

7. Check the Top Users by System table (3 in Figure 7 on page 58) to see whether one or two jobnames seem to be monopolizing cryptographic services. If any of the top jobnames are relatively unimportant, you might want to reduce their priority on the system.

8. Take a look at the LastSvcDesc column, which shows the service requested most recently by each of the top users. Click the Refresh button several times, and see whether the same service call keeps showing up. If so, that service call is being used heavily by the top users and may be implicated in performance problems. See “Improving performance” on page 57 for suggestions for improving service call performance.

Guide to Candle Customer Support 61

Guide to CandleCustomer Support

IntroductionCandle Corporation is committed to producing top-quality software products and services. To assist you with making effective use of our products in your business environment, Candle is also committed to providing easy-to-use, responsive customer support.

Precision, speed, availability, predictability—these terms describe our products and Customer Support services.

Included in this Guide to Candle Customer Support is information about the following:

Base Maintenance Plan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62– Telephone Support– eSupport– Description of Severity Levels– Service-level objectives– Recording and monitoring calls for quality purposes– Customer Support Escalations– Above and Beyond

Enhanced Support Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66– Assigned Support Center Representative (ASCR)– Maintenance Assessment Services (MAS)– Multi-Services Manager (MSM)

Customer Support Contact Information . . . . . . . . . . . . . . . . . . . . . . . . . . 68– Link to Worldwide Support Telephone and E-mail information

Base Maintenance Plan

OverviewCandle offers a comprehensive Base Maintenance Plan to ensure that you realize the greatest value possible from your Candle software investments. We have more than 200 technicians providing support worldwide, committed to being responsive and to providing expedient resolutions to support requests. Technicians are available worldwide at all times during the local business day. In the event of an after-hours or weekend emergency, our computerized call management and forwarding system will ensure that a technician responds to Severity One situations within one hour. For customers outside of North America, after-hours and weekend support is provided in English language only by Candle Customer Support technicians located in the United States.

Telephone supportCandle provides consistently reliable levels of service—thanks to our worldwide support network of dedicated experts trained for specific products and operating systems. You will always work with a professional who truly understands your problem.

We use an online interactive problem management system to log and track all customer-reported support requests. We give your support request immediate attention by routing the issue to the appropriate technical resource, regardless of geographic location.

Level 0 Support is where your call to Candle Customer Support is first handled. Your support request is recorded in our problem management system, then transferred to the appropriate Level 1 support team. We provide Level 0 manual interaction with our customers because we support more than 170 products. We feel our customers would prefer personal interaction to a complex VRU or IVR selection menu.

Level 1 Support is the service provided for initial support requests. Our Level 1 team offers problem determination assistance, problem analysis, problem resolutions, installation assistance, and preventative and corrective service information. They also provide product usage assistance.

Level 2 Support is engaged if Level 1 cannot provide a resolution to your problem. Our Level 2 technicians are equipped to analyze and reproduce errors or to determine that an error is not reproducible. Problems that cannot be resolved by Level 2 are escalated to Candle’s Level 3 R&D support team.

Level 3 Support is engaged if a problem is identified in Candle product code. At Level 3, efforts are made to provide error correction, circumvention or notification that a correction or circumvention is not available. Level 3 support provides available maintenance modifications and maintenance delivery to correct appropriate documentation or product code errors.

eSupportIn order to facilitate the support process, Candle also provides eSupport, an electronic full-service information and customer support facility, via the World Wide Web at www.candle.com/support/. eSupport allows you to open a new service request and update existing service requests, as well as update information in your customer profile. New and updated service requests are queued to a support technician for immediate action. And we can respond to your request electronically or by telephone—it is your choice.

eSupport also contains a continually expanding knowledge base that customers can tap into at any time for self-service access to product and maintenance information.

The Candle Web Site and eSupport can be accessed 24 hours a day, 7 days a week by using your authorized Candle user ID and password.

Description of Candle severity levelsResponses to customer-reported product issues and usage questions are prioritized within Candle according to Severity Code assignment. Customers set their own Severity Levels when contacting a support center. This ensures that we respond according to your individual business requirements.

Severity 1 Crisis

A crisis affects your ability to conduct business, and no procedural workaround exists. The system or application may be down.

Severity 2High

A high-impact problem indicates significant business effect to you. The program is usable but severely limited.

Candle has established the following service-level objectives:

Severity 3Moderate

A moderate-impact problem involves partial, non-critical functionality loss or a reasonable workaround to the problem. A “fix” may be provided in a future release.

Severity 4Low

A low-impact problem is a “how-to” or an advisory question.

Severity 5Enhancement Request

This is a request for software or documentation enhancement. Our business units review all requests for possible incorporation into a future release of the product.

Call Status Severity 1 Goal

Severity 2 Goal

Severity 3 Goal

Severity 4 Goal

Severity 5Goal

First Call Time to Answer

90% within one minute

Level 1 Response(Normal Business Hours)

90% within 5 minutes

90% within one hour

Level 2 Response(Normal Business Hours)

Warm Transfer

90% within two hours

90% within eight hours

Scheduled follow-up (status update)

Hourly or as agreed

Daily or as agreed

Weekly or as agreed Notification is made when an enhancement is incorporated into a generally available product.

Notification is made when a fix is incorporated into a generally available product.

The above information is for guideline purposes only. Candle does not guarantee or warrant the above service levels. This information is valid as of October 1999 and is subject to change without prior notice.

Recording and Monitoring Calls for Quality PurposesCandle is committed to customer satisfaction. To ensure that our customers receive high levels of service, quality and professionalism, we'll monitor and possibly record incoming and outgoing Customer Support calls. The information gleaned from these calls will help us serve you better. If you prefer that your telephone call with Candle Customer Support in North America not be monitored or recorded, please advise the representative when you call us at (800) 328-1811 or (310) 535-3636.

Customer Support EscalationsCandle Customer Support is committed to achieving high satisfaction ratings from our customers. However, we realize that you may occasionally have support issues that need to be escalated to Candle management. In those instances, we offer the following simple escalation procedure:

If you experience dissatisfaction with Candle Customer Support at any time, please escalate your concern by calling the Candle support location closest to you. Ask to speak to a Customer Support manager. During standard business hours, a Customer Support manager will be available to talk with you or will return your call. If you elect to hold for a manager, you will be connected with someone as soon as possible. If you wish a return call, please tell the Candle representative coordinating your call when you will be available. After contacting you, the Customer Support manager will develop an action plan to resolve your issue. All escalations or complaints received about support issues are logged and tracked to ensure responsiveness and closure.

Above and BeyondWhat differentiates Candle's support services from our competitors? We go the extra mile by offering the following as part of our Base Maintenance Plan:

� Unlimited multi-language defect, installation and operations support� eSupport using the World Wide Web� Regularly scheduled product updates and maintenance provided at no

additional charge� Over 200 specialized technicians providing expert support for your

Candle products

Enhanced Support Services

OverviewOur Base Maintenance Plan provides a high level of software support in a packaged offering. However, in addition to this plan, we have additional fee-based support services to meet unique customer needs.

The following are some examples of our added-value support services:

� Assigned Support Center Representative Services (ASCR)

– An assigned focal point for managing support escalation needs– Proactive notification of available software fixes– Proactive notification of product version updates– Weekly conference calls with your ASCR to review active problem

records– Monthly performance reviews of Candle Customer Support service

levels– Optional on-site visits (extra charges may apply)

� Maintenance Assessment Service (MAS)

– On-site assessment services– Advice about product maintenance and implementation– Training your staff to develop efficient and focused procedures to

reduce overall cost of ownership of your Candle software products– Analysis of your Candle product environment: versions, updates,

code correction history, incident history and product configurations– Reviews to ensure that purchased Candle products and solutions are

used effectively

� Multi-Services Manager (MSM)

Multi-Services Manager provides highly valued services to customers requiring on-site full time expertise to complement their technical resources.

– Dedicated on-site Candle resource (6 months or one year) at your site to help ensure maximum use and effectiveness of your Candle products

– Liaison for all Candle product support activities, coordination and assistance with implementation of all product updates and maintenance releases

– Works with your staff to understand business needs and systems requirements

– Possesses technical and systems management skills to enhance your staff’s knowledge and expertise

– Other projects as defined in Statement of Work for MSM services

Customer Support Contact Information

Link to Worldwide Support Telephone and E-mail informationTo contact Customer Support, the current list of telephone numbers and e-mail addresses can be found on the Candle Web site, www.candle.com/support/.

Select Support Contacts from the list on the left of the page.

Index 69

AAccess List Entry Token (ALET) 33Adobe portable document format 11agents 15alerts 46APF-authorized datasets 31arrivals 42, 43ASCR

assigned support center representative 66assigned support center representative

ASCR 66Asymmetric-keys Master Key

(ASYM-MK) 48attribute groups

defined 21ICSF 39Service Call Detail 40, 42Top User 41, 43

attributesCKDSname 47defined 21KMMKey 48MonStatus 47PKDSname 49SCEDisabled 47SMKey 48

averages, rolling 32

Bbrowser

mode 17view 24

business view 18byte count, service call 42, 43

CCandle Installation and Configuration

Assistance Tool (CICAT) 30Candle Management Server (CMS) 15Candle Management Workstation

(CMW) 15, 17CandleNet Portal 17

defined 16Navigator 23Server 15workspaces 23

CCVTINW2 installation word 30chart views 24CICAT

See Candle Installation and Configuration Assistance Tool

CKDSname attribute 47client 15complementary metal-oxide semiconductor

(CMOS) coprocessors 48configuration

cryptography 52product 29

coprocessorsCMOS 48

inactive 48offline 48PCI 48

Cross-System ICSF workspace 40, 58Crypto_CKDS_80PCT_Full situation 47Crypto_CKDS_Access_Disabled

situation 47Crypto_Internal_Error situation 47Crypto_Invalid_Master_Key situation 47Crypto_Invalid_PKA_Master_Keys

situation 48Crypto_No_Coprocessors situation 48Crypto_No_PCI_Coprocessors situation 48,

59Crypto_PCI_Unavailable situation 48Crypto_PKA_Services_Disabled

situation 48Crypto_PKDS_Read_Disabled situation 49Crypto_PKDS_Write_Disabled situation 49Crypto_Service_Unavailable situation 49Cryptographic Communications Vector

(CCVT) control block 30cryptographic coprocessors

inactive 48offline 48

Cryptographic Key Dataset (CKDS) 47cryptography

configuration 52performance 54, 58

CSFEXIT3 exit 30CSFEXIT4 exit 30CSFPRM00 member 30customer service

telephone support 62customer support

base maintenance plan 62contact information 68enhanced support services 66eSupport 63severity levels 63

averaging interval 32filters 23, 26historical 27, 32saving 27sorting 26storing 27views 23

datasetsAPF-authorized 31LINKLIST 31LOADLIB 31STEPLIB 31

desktop mode 17Domain Index 47

EEnterprise Event Console view 24eSupport

customer support 63Event Console view 24, 39event workspaces 25events 25, 46exceptions 46exits 30, 33

Ffilters 23, 26

Hhash patterns 48historical data collection 27, 32

IIBM Cryptographic Coprocessor

workspace 38, 39, 52ICSF 9

attribute group 39exits 30, 33status 39

Index 71

ICSF Subsystem Status view 39, 52ICSF Subsystems by System view 40, 59installation 30installation word 30Integrated Cryptographic Service Facility 9intervals

averaging 32sampling 32

Jjobnames 56

KKCGEXIT3 exit 31Key Management Master Key (KMMK) 48keys 47

master 47PKA 49

KMMKey attribute 48

LLastSvcDesc column 57, 59LINKLIST dataset 31LINKLIST lookaside (LLA) 31lists

managed systems 15work 15

load module 31LOADLIB dataset 31log files 32Logical Partitions (LPARs) 47

Mmain workspace 38maintenance assessment service

MAS 66MAS

maintenance assessment service 66master keys 47

Asymmetric-keys (ASYM-MK) 48invalid 47

Key Management (KMMK) 48public key algorithm (PKA) 48Signature (SMK) 48Symmetric-keys (SYM-MK) 48

modesbrowser 17desktop 17

module, load 31monitoring agents 15MonStatus attribute 47MSM

multi-services manager 66multi-services manager

MSM 66MVS images 40, 58

NNavigator 16, 23, 38Notepad view 24

OOMEGAMON DE 18OMEGAMON XE, defined 15overview, product 15

PPCI coprocessors 48

inactive 48offline 48

pending 42, 43performance 54, 58

service calls 54top users 56

Performance by Top Users view 43, 57physical view 18PKDSname attribute 49policies 20predefined situations 21, 46

Crypto_CKDS_80PCT_Full 47Crypto_CKDS_Access_Disabled 47Crypto_Internal_Error 47

Crypto_Invalid_Master_Key 47Crypto_No_Coprocessors 48Crypto_No_PCI_Coprocessors 48, 59Crypto_PCI_Unavailable 48Crypto_PKA_Invalid_Master_Keys 48Crypto_PKA_Services_Disabled 48Crypto_PKDS_Read_Disabled 49Crypto_PKDS_Write_Disabled 49Crypto_Service_Unavailable 49

printing problems 11Processor Resource/System Manager

(PR/SM) 39, 40, 47, 58product

configuration 29overview 15workspace 38, 52

product-provided situations 21, 46properties, workspace 23public key algorithm (PKA) 48, 49Public Key Dataset (PKDS) 48

read access 49write access 49

Qqueue length 42, 43, 55

Rread access 49RKANMOD runtime dataset 31RKANMOD(KCGEXIT3) load module 31RKANSAM dataset 30RKLVLOG log file 32rolling averages 32runtime environment 31

Ssampling interval 32SCEDisabled attribute 47scenarios 51security exits 30servers 15

Service Call Detail group 40, 42Service Call Performance by System

view 40, 59Service Call Performance view 42, 56Service Call Performance workspace 42, 54service calls

byte count 42, 43exits 30, 33monitored 33performance 54PKA 48

service time 42, 43severity levels

customer support 63Signature Master Key (SMK) 48Situation Editor 22situations 15, 46

defined 21predefined 21, 46product-provided 21, 46

situations, predefinedCrypto_CKDS_80PCT_Full 47Crypto_CKDS_Access_Disabled 47Crypto_Internal_Error 47Crypto_Invalid_Master_Key 47Crypto_No_Coprocessors 48Crypto_No_PCI_Coprocessors 48, 59Crypto_PCI_Unavailable 48Crypto_PKA_Invalid_Master_Keys 48Crypto_PKA_Services_Disabled 48Crypto_PKDS_Read_Disabled 49Crypto_PKDS_Write_Disabled 49Crypto_Service_Unavailable 49

SMKey attribute 48sorting data 26starting the product 28STEPLIB dataset 31stopping the product 28style, view 23Symmetric-keys Master Key (SYM-MK) 48Sysplex 40, 58System Element console 48

Index 73

Ttable view 23Take Action view 24telephone support

customer service 62Terminal view 24thin client 17thresholds 23TKE dialog 47Top User attribute group 41, 43top user performance 56Top User Performance workspace 43, 56top users

view 43, 57workspace 43, 56

Top Users by System view 41, 59

UUniversal Agent 19users, top 43, 57

Vverification hash patterns 48views

Browser 24business 18chart 24Enterprise Event Console 24Event Console 39ICSF Subsystem Status 39, 52ICSF Subsystems by System 40, 59Notepad 24Performance by Top Users 43, 57physical 18Service Call Performance 42, 56Service Call Performance by System 40,

59style 23table 23Take Action 24Terminal 24

Top Users by System 41, 59

Wwork groups 15Workflow Editor 20workspaces

accessing 38Cross-System ICSF 40, 58defined 23event 25IBM Cryptographic Coprocessor 38, 39,

52main 38product-level 38properties 23Service Call Performance 42, 54subordinate 38Top User Performance 43, 56

write access 49

OMEGAMON XE for IBM Cryptographic C ...publib.boulder.ibm.com/tividd/td/ITOXfICCP/GC32-9301-00/...2...

Documents