Question & Answer
Question
As users of the System Wide Security Associations (SWSA) function, how do we determine the right size for our EZBDVIPA coupling facility structure?
Answer
The base structure name for System Wide Security Associations (SWSA) is EZBDVIPA.
To assist you in determining the right size for your EZBDVIPA structure, as you will be using SWSA (Distributed DVIPA + IPSec), you can issue the following commands on the primary distributor host:
ipsec -k display all
ipsec -y display all
These commands will display all the Phase1 SAs (security associations) and all Phase2 SAs, including expired SAs, which have not yet been garbage collected.
You can then determine which SAs are related to the DDVIPA (Distributed DVIPA) in question and size your CF (coupling facility) structure accordingly:
Issuing the command ipsec -y display -s on all the target hosts will give you the shadow SA information, but you can get the same number of overall SAs in use from the distributor.
The command ipsec -k display -e might also be useful because it shows the associated Phase2 SAs of the Phase 1 SAs.
The total number of SAs that are associated with DDVIPAs can then be used as input to the IBM CF Structure Sizer (CFSIZER) web-based application, which is a tool that estimates the storage size for each structure by asking questions based on your existing or planned configuration.
For more information, see Determining Structure Size Impact of CF Level Changes.
Product Synonym
ZOSCS COMMSERVER
Was this topic helpful?
Document Information
Modified date:
04 December 2017
UID
dwa1416641