Planning to implement encrypted transfers and evaluating the impact on CPU consumption and transfer time

1. Does the extra CPU resource required for the encryption/decryption use the standard CPU or the zIIP processor?
2. Is there any factor we can use, of how much extra CPU resource will be required?
3. Can we expect the transfer to take longer to complete than it does today?  Again, like the extra CPU resource, any indication of how much longer?

1. Does the extra CPU resource required for the encryption/decryption use the standard CPU or the zIIP processor?
   Per KB article XCOM capability to offload workload onto zIIP Processors section "Additional Information", XCOM does not support offloading SSL processing to zIIP.
   There is additional overhead when using secured transfers, but XCOM and SSL are independent of each other. If using SSL with XCOM, there will be more CPU usage, but that is not influenced by XCOM. Any CPU difference between the non-secured transfers and those that are secured is the responsibility of the SSL software. See related KB article: Does using SSL cause overhead for XCOM transfers
   Per article XCOM capability to offload workload onto zIIP Processors and the XCOM techdocs section for SSL/TLS Usage, because software-based data encryption is CPU-intensive, it is recommended to shift the workload to hardware data encryption using an IBM cryptographic processor (via the IBM ICSF interface). 
2. Is there any factor we can use, of how much extra CPU resource will be required?
   This is hard to answer because there are many factors that would be involved such as SSL software, workload, network, system resources, disk I/O.
3. Can we expect the transfer to take longer to complete than it does today?  Again, like the extra CPU resource, any indication of how much longer?     
   That all depends, make sure to use packing, be current with XCOM maintenance, then use that large MAXPACK value. In addition to that:
   - make sure to use the proper compression method if using one
   - make sure that checkpoint is either a high value of 9999 or 0. The latter turns it off.
   - make sure no tracing is taking place
   Related KB article: Improving Performance for TCP/IP Transfers with XCOM for z/OS

NOTE: As OpenSSL is now obsolete under the XCOM Data Transport for z/OS latest maintenance it is assumed that IBM System SSL is being used and also the SSL_VERSION parameter is deprecated. For further details please see: Release Notes > Obsolete Features