Chapter 4. Cryptography 173
4.3 Cryptographic RMF monitoring
Starting with z/OS Version 1 Release 2, RMF now provides performance monitoring for the
PCI Cryptographic Coprocessor (PCICC) and the Cryptographic Accelerator (PCICA)
features and usage reporting on the Cryptographic Coprocessor Function (CCF). The new
Postprocessor Crypto Hardware Activity Report is based on new SMF records type 70
subtype 2. These records will be gathered by the new Monitor I gathering option. In addition,
new overview conditions are available for the Postprocessor.
This report is available as a Small Program Enhancement (SPE) and needs to be installed as
APAR OW49808.
The new gathering option for Monitor I to gather data for cryptographic hardware activities is
CRYPTO/NOCRYPTO. By default, this option activates data gathering. To suppress data
gathering, change CRYPTO to NOCRYPTO in ERBRMF00, or add NOCRYPTO to the
customized Parmlib member for Monitor I.
For the PCICC and PCICA features, the request rate is per daughter card. Reported are the
number of requests per second, average execution time per second (in milliseconds) and
utilization (in percent). The utilization indicates how much the feature is busy during the
interval.
For the PCICC, rate, execution time, and utilization percent are reported for all operations
(referred to as the TOTAL). Separately, the count of the RSA Key Generations is provided.
For the PCICA, rate, execution time, and utilization percent are reported for all operations and
individually for 1024-bit ME format RSA operations, 2048-bit ME format RSA operations,
1024-bit CRT format RSA operations, and 2048-bit CRT format RSA operations.
For the Cryptographic Coprocessor Function (CCF), the following are reported: rate
(operations per second) and average data size (in bytes) for DES encryption and decryption
(individually for single DES and triple DES, MAC generation and verify, and hashing). For PIN
operations, rates for PIN translate and PIN verify are reported separately.
Example 4-1 RMF Report
C R Y P T O H A R D W A R E A C T I V I T Y
PAGE 1
z/OS V1R2 SYSTEM ID 2064 DATE 11/28/2001 INTERVAL 05.00.000
RPT VERSION V1R2 RMF TIME 13.10.00 CYCLE 1.000 SECONDS
--- PCI CRYPTOGRAPHIC COPROCESSOR --
-------- TOTAL -------- KEY-GEN
ID RATE EXEC TIME UTIL% RATE
6 0.08 4387 33.7 0.08
7 31.28 22.4 70.1 0.19
-------------------------------------------------- PCI CRYPTOGRAPHIC ACCELERATOR --------------------------------------------------
-------- TOTAL -------- ------ ME(1024) ------- ------ ME(2048) ------- ------ CRT(1024) ------ ------ CRT(2048) ------
ID RATE EXEC TIME UTIL% RATE EXEC TIME UTIL% RATE EXEC TIME UTIL% RATE EXEC TIME UTIL% RATE EXEC TIME UTIL%
8 446.7 5.9 53.0 53.8 9.1 9.8 0.00 0.0 0.0 366.5 4.6 33.4 26.43 18.5 9.8
9 733.0 4.6 66.8 0.00 0.0 0.0 0.00 0.0 0.0 733.0 4.6 66.8 0.00 0.0 0.0
----------------------------- CRYPTOGRAPHIC COPROCESSOR FACILITY -----------------------------
DES ENCRYPTION DES DECRYPTION ----- MAC ------ - HASH - ------ PIN -------
SINGLE TRIPLE SINGLE TRIPLE GENERATE VERIFY TRANSLATE VERIFIY
RATE 18.52 21.10 0.00 0.00 642.1 0.00 609.0 4687 4515
SIZE 500K 500K 0.00 0.00 27786 0.00 128.0
Get IBM eServer zSeries 900 Technical Guide now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
