IBM Z10 EC manual Commitment to system integrity

Page 8

With z/OS 1.9, IBM introduces:

A revised and expanded Statement of z/OS System Integrity

Large Page Support (1 MB)

Capacity Provisioning

Support for up to 64 engines in a single image (on z10 EC model only)

Simplifi ed and centralized policy-based networking

Expanded IBM Health Checker

Simplifi ed RACF® Administration

Hardware Decimal Floating Point

Parallel Sysplex support for Infi niband® Coupling Links

NTP Support for STP

HiperSockets Multiple Write Facility

OSA-Express3 support

Advancements in ease of use for both new and existing IT professionals coming to z/OS

Support for zIIP-Assisted IPSec, System Data Mover (SDM) offl oad to zIIP, and support for eligible portions of DB2 9 XML parsing workloads to be offl oaded to zAAP processors

Expanded options for AT-TLS and System SSL network security

Improved creation and management of digital certifi - cates with RACF, SAF, and z/OS PKI Services

Additional centralized ICSF encryption key management functions for applications

Improved availability with Parallel Sysplex and Coupling Facility improvement

Enhanced application development and integration with new System REXXfacility, Metal C facility, and z/OS UNIX® System Services commands

Enhanced Workload Manager in managing discretionary work and zIIP and zAAP workloads

Commitment to system integrity

First issued in 1973, IBM’s MVSSystem Integrity State- ment and subsequent statements for OS/390® and z/OS stand as a symbol of IBM’s confi dence and commitment to the z/OS operating system. Today, IBM reaffi rms its com- mitment to z/OS system integrity.

IBM’s commitment includes designs and development practices intended to prevent unauthorized application programs, subsystems, and users from bypassing z/OS security—that is, to prevent them from gaining access, circumventing, disabling, altering, or obtaining control of key z/OS system processes and resources unless allowed by the installation. Specifi cally, z/OS “System Integrity” is defi ned as the inability of any program not authorized by a mechanism under the installation’s control to circumvent or disable store or fetch protection, access a resource pro- tected by the z/OS Security Server (RACF), or obtain con- trol in an authorized state; that is, in supervisor state, with a protection key less than eight (8), or Authorized Program Facility (APF) authorized. In the event that an IBM System Integrity problem is reported, IBM will always take action to resolve it.

IBM’s long-term commitment to System Integrity is unique in the industry, and forms the basis of the z/OS industry leadership in system security. z/OS is designed to help you protect your system, data, transactions, and applications from accidental or malicious modifi cation. This is one of the many reasons System z remains the industry’s premier data server for mission-critical workloads.

8

Image 8
Contents IBM System z10 Enterprise Class z10 EC Reference Guide Table of Contents IBM System z10 Enterprise Class z10 EC Overview Just-in-time deployment of IT resources Specialty engines offer an attractive alternativeOrder of introduction Numerical computing on the chipArchitecture Liberating your assets with System zEvolving for your business Z10 EC ArchitecturePage Commitment to system integrity Page Linux on System z VSETPF Z10 EC Operating System ESA/390Page Page Z10 EC Design and Technology Z10 EC Model Z10 EC model upgrades Z10 EC Base and Sub-capacity OfferingsCPU Measurement Facility Z10 EC PerformanceLarge System Performance Reference Z10 EC I/O Subsystem System I/O Configuration AnalyzerZ10 EC Channels and I/O Connectivity Concurrent Update Ficon Express4 and Ficon Express2 PerformanceSupport of Spanned Channels and Logical Partitions Modes of OperationFCP increased performance for small block sizes Ficon Support for Cascaded DirectorsFCP Channels Scsi IPL now a base function FCP Full fabric connectivityFicon and FCP for connectivity to disk, tape, and printers Platform and name server registration in Ficon channelIt will register NPort ID Virtualization Program Directed re-IPLPort density or granularity Feature Infrastructure Ports perOSA-Express3 Ethernet features Summary of benefits Features OSA-Express2 availabilityPurpose/Traffic TypeOSA-Express3 10 Gigabit Ethernet SR OSA-Express3 Gigabit Ethernet LXOSA-Express3 Gigabit Ethernet SX Four-port exploitation on OSA-Express3 GbE SX and LXNetwork Traffic Analyzer Dynamic LAN idle for z/OSLink aggregation for z/VM in Layer 2 mode Layer 2 transport mode When would it be used?Direct Memory Access DMA OSA Layer 3 Virtual MAC for z/OSHardware data router IBM Communication Controller for Linux CCLOSA/SF Virtual MAC and Vlan id Display Capability OSA Integrated Console ControllerRemove L2/L3 LPAR-to-LPAR Restriction HiperSockets HiperSockets Enhancement for zIIP Exploitation CP Assist for Cryptographic Function Cpacf Security CryptographyCan Do IT securely Configurable Crypto Express2 Dynamically add crypto to a logical partition Secure Key AESTKE 5.3 workstation and support for Smart Card Reader Enhancement with TKE 5.3 LICTKE additional smart cards System z10 EC cryptographic migrationImproved Key Exchange With Non-CCA Cryptographic Systems Remote Loading of Initial ATM KeysRemote Key Loading Benefits On Demand Capabilities Capacity on Demand Temporary CapacityAmendment for CBU Tests Capacity Provisioning OS Capacity provisioning allows you to set up rules System z9 System z10Reliability, Availability, and Serviceability RAS RAS Design FocusEnhanced Book Availability Availability FunctionsHardware System Area HSA Concurrent Physical Memory Upgrade Concurrent Physical Memory ReplacementConcurrent Defective Book Replacement Enhanced Driver MaintenanceTransparent Sparing Plan Ahead MemoryService Enhancements Power MonitoringPower Estimation Tool Environmental EnhancementsParallel Sysplex Cluster Technology IBM Systems Director Active Energy ManagerImproved service time with Coupling Facility Duplex Coupling Facility Control Code Cfcc LevelParallel Sysplex Coupling Connectivity Coupling Facility Configuration AlternativesSystem-Managed CF Structure Duplexing Introducing long reach InfiniBand coupling links Coupling Connectivity for Parallel SysplexZ10 Coupling Link Options Z10 EC MaxPreview Improved STP System Management with Time synchronization and time accuracy on z10 ECServer Time Protocol STP Enhanced Network Time Protocol NTP client support Continuous availability of NTP servers used as ExterApplication Programming Interface API to automate Enhanced STP recovery when Internal Battery FeatureNTP server on Hardware Management Console HMC Internal Battery Feature Recommendation HMC System Support Family Machine TypeInternet Protocol, Version 6 IPv6 HMC/SE Console MessengerHMC z/VM Tower systems management enhancements Implementation Services for Parallel Sysplex GdpsFiber Quick Connect for Ficon LX Environments Z10 EC Physical Characteristics Z10 EC Configuration Detail Z10 EC Dimensions Z9 EC Number of Frames 2 FrameZ10 EC Environmentals Model O Cage Model O CageProcessor Unit Features Model OSA-Express3 and OSA-Express2 Features Min MaxCPs IFLs ICFsGeneral Information Coupling Facility CF Level of Support Z9 BCStatement of Direction Resource Link PublicationsFollowing Redbook publications are available now ZSO03018-USEN-02