Abstract: Provided are a computer program product, system, and method embodiments for reverting from a new security association to a previous security association in response to an error during a rekey operation. An initiator maintains a first security association with the responder having a first key to use to encrypt and decrypt data transmitted with the responder. The initiator initiates a rekey operation to establish a second security association with the responder using a second key. The initiator detects a failure of the rekey operation after the responder started using the second key for transmissions. A revert message is sent to the responder to revert back to using the first security association and first key in response to detecting the failure of the rekey operation.

Abstract: Provided are a computer program product, system, and method embodiments for reverting from a new security association to a previous security association in response to an error during a rekey operation. The responder maintains a first security association with the initiator having a first key to use to encrypt and decrypt messages transmitted with the initiator. The responder receives a message from the initiator for a rekey operation to establish a second security association with the initiator using a second key. The responder queues Input/Output (I/O) for transmission using the second key after completing the rekey operation. After activating the second security association, the responder receives a revert message from the initiator to revert back to using the first security association and first key in response to a failure of the rekey operation.

Abstract: A host port is enabled for security. The host port performs Input/Output (I/O) in plaintext on a path between the host port and a storage port, in response to determining that an audit mode indicator has been enabled to allow I/O even if authentication or security association negotiation between the host port and the storage port cannot be completed successfully. Concurrently with performing of I/O in plaintext on the path, the host port enables encryption of data for I/O on the path.

Abstract: A host port is enabled for security. In response to a determination by the host port that authentication or security association negotiation with a storage port cannot be completed successfully, the host port determines whether an audit mode indicator has been enabled in a login response from the storage port. The host port preserves input/output (I/O) access to the storage port based on determining whether the audit mode indicator has been enabled in the login response from the storage port.

Abstract: Provided are a computer program product, system and method embodiments for secure communication between an initiator and a responder over a network. The responder receives, from the initiator, a security association initialization message to establish a security association with the responder including key material used to generate a key for the security association. The responder receives an authentication message from the initiator to program the responder to establish authentication between the responder and the initiator after establishing the security association. The responder sends an authentication message response to the initiator to establish authentication with the responder in response to the authentication message. The responder sends an authentication done message to the initiator after sending the authentication message response to cause the initiator to activate using the security association and the key to encrypt and decrypt communication between the responder and initiator.

Abstract: A storage port is enabled for security. The storage port performs Input/Output (I/O) in plaintext on a path between the storage port and a host port, in response to determining that an audit mode indicator has been enabled to allow I/O even if authentication or security association negotiation between the storage port and the host port cannot be completed successfully. Concurrently with performing of I/O in plaintext on the path, the storage port enables encryption of data for I/O on the path.

Abstract: Provided are a computer program product, system and method embodiments for secure communication between an initiator and a responder over a network. The initiator sends a security association initialization message to the responder to establish a security association including key material used to generate a key for the security association. In response to receiving a security association initialization response to accept the security association, the initiator sends an authentication message to the responder to establish authentication between the responder and the initiator. In response to receiving an authentication message response to the authentication message, the initiator is programmed with the security association. An authentication done message is received from the responder after receiving the authentication message response.

Abstract: A first device transmits a first Fiber Channel frame with a first priority to a second device. The first device receives a second Fiber Channel frame from the second device, where the second Fiber Channel frame has a second priority indicated by the second device. The first device determines whether to adopt the second priority indicated by the second device or whether to continue to use the first priority for transmitting subsequent Fiber Channel frames to the second device.

Abstract: A first device transmits a first Fibre Channel frame with a first priority to a second device. The first device receives a second Fibre Channel frame from the second device, where the second Fibre Channel frame has a second priority indicated by the second device. The first device determines whether to adopt the second priority indicated by the second device or whether to continue to use the first priority for transmitting subsequent Fibre Channel frames to the second device.

Abstract: The health of a computing network is checked to determine whether there is a current fault in the network or a prediction of a potential fault in the network. The fault can be any type of fault, including a link failure, a failure in the transmitter of data over the link, a failure in the receiver of the data, or any other type of failure. If a fault or potential fault is indicated, a deterministic approach is provided for finding the source of the fault or potential fault within the network. The deterministic approach uses current values for selected operational parameters of components within the network, as well as historical data to determine the source.

Abstract: A computer program product for processing input/output (I/O) data is provided for performing a method that includes receiving a transport control word (TCW) including an indirect data address including a starting location of a transport mode indirect data address list (TIDAL) of storage addresses, the TIDAL including a plurality of entries configured as transport mode indirect data address words (TIDAWs). The method includes accessing an entry of the TIDAL, which includes: 1) based on the entry of the TIDAL indicating that the address is a data address, gathering data from a data storage location corresponding to the data address, and accessing a next entry of the TIDAL, and 2) based on the entry of the TIDAL indicating that the address is an address of a next entry of the TIDAL, obtaining the next entry of the TIDAL from another storage location that is located non-contiguously to the entry storage location.

Abstract: The health of a computing network is checked to determine whether there is a current fault in the network or a prediction of a potential fault in the network. The fault can be any type of fault, including a link failure, a failure in the transmitter of data over the link, a failure in the receiver of the data, or any other type of failure. If a fault or potential fault is indicated, a deterministic approach is provided for finding the source of the fault or potential fault within the network. The deterministic approach uses current values for selected operational parameters of components within the network, as well as historical data to determine the source.

Abstract: Processing of out-of-order data transfers is facilitated in computing environments that enable data to be directly transferred between a host bus adapter (or other adapter) and a system without first staging the data in hardware disposed between the host bus adapter and the system. An address to be used in the data transfer is determined, in real-time, by efficiently locating an entry in an address data structure that includes the address to be used in the data transfer.

Abstract: A computer program product for processing input/output (I/O) data is provided for performing a method that includes receiving a transport control word (TCW) including an indirect data address including a starting location of a transport mode indirect data address list (TIDAL) of storage addresses, the TIDAL including a plurality of entries configured as transport mode indirect data address words (TIDAWs). The method includes accessing an entry of the TIDAL, which includes: 1) based on the entry of the TIDAL indicating that the address is a data address, gathering data from a data storage location corresponding to the data address, and accessing a next entry of the TIDAL, and 2) based on the entry of the TIDAL indicating that the address is an address of a next entry of the TIDAL, obtaining the next entry of the TIDAL from another storage location that is located non-contiguously to the entry storage location.

Abstract: Articles of manufacture, apparatuses, and methods for processing communication data in a ships passing condition are disclosed. Embodiments include a computer program product for performing a method including: obtaining a Transport Command Control Block (TCCB) from a location in memory specified by a Transport Command Control Block address of a Transport Control Word; opening a first exchange and sending, by a channel subsystem, the TCCB in the first exchange to a control unit; receiving, by the channel subsystem, an unsolicited first message in a second exchange from the control unit, the unsolicited first message opening the second exchange, the second exchange being a different exchange than the first exchange; and sending, by the channel subsystem, a second message to the control unit in a third exchange, the second message comprising a status of the first message, the second message configured to open and close the third exchange.

Abstract: A computer program product for processing input/output (I/O) data is provided for performing a method, which includes receiving a control word having an indirect data address including a starting location of a list of storage addresses, gathering the data and transmitting gathered data to a control unit in the I/O processing system. Gathering includes accessing an entry of the list, the entry located at an entry storage location and including an address. Based on the entry of the list indicating that the address is a data address, data is gathered from a data storage location, and a next entry of the list is accessed. Based on the entry of the list indicating that the address is an address of a next entry of the list, the next entry of the list is obtained from another storage location that is located non-contiguously to the entry storage location.

Abstract: The health of a computing network is checked to determine whether there is a current fault in the network or a prediction of a potential fault in the network. The fault can be any type of fault, including a link failure, a failure in the transmitter of data over the link, a failure in the receiver of the data, or any other type of failure. If a fault or potential fault is indicated, a deterministic approach is provided for finding the source of the fault or potential fault within the network. The deterministic approach uses current values for selected operational parameters of components within the network, as well as historical data to determine the source.

Abstract: The health of a computing network is checked to determine whether there is a current fault in the network or a prediction of a potential fault in the network. The fault can be any type of fault, including a link failure, a failure in the transmitter of data over the link, a failure in the receiver of the data, or any other type of failure. If a fault or potential fault is indicated, a deterministic approach is provided for finding the source of the fault or potential fault within the network. The deterministic approach uses current values for selected operational parameters of components within the network, as well as historical data to determine the source.

Abstract: Error checking in a computing environment at an input/output (I/O) level is facilitated by associating a cyclic redundancy check (CRC) control element (CCE) with an input/output (I/O) operation based on a command to perform the I/O operation of the computing environment. The CRC control element is used in accumulating during performance of the I/O operation an accumulated CRC value for the I/O operation to facilitate error checking of the I/O operation. By way of example, the associating and the accumulating of the accumulated CRC value may be performed within an I/O hub of the computing environment, and where data of the I/O operation is transferred in data fragments, the CRC control element is updated for each data fragment during the accumulating of the CRC context for the I/O operation.

Abstract: Error-handling in a computing environment at an input/output (I/O) level is facilitated by associating a control element with an input/output (I/O) operation based on a command to perform the I/O operation between an adapter and memory. Based on detection of an error for the I/O operation, the control element is updated to indicate an error state, and completion of any uncompleted I/O request for the I/O operation is blocked, while other I/O requests for one or more other I/O operations are allowed to proceed between the adapter (or adapter function) and the memory. By way of example, the control element may be a cyclic redundancy check (CRC) control element used, for instance, by an I/O hub of the computing environment to accumulate during performance of the I/O operation an accumulated CRC value for the I/O operation to facilitate error checking of the operation.