IBM Z10 BC manual Enhancements to CP Assist for Cryptographic Func Tion Cpacf, Crypto Express2-1P

Page 37

Enhancements to CP Assist for Cryptographic Func-

tion (CPACF):

CPACF has been enhanced to include support of the fol- lowing on CPs and IFLs:

Advanced Encryption Standard (AES) for 192-bit keys and 256-bit keys

SHA-384 and SHA-512 bit for message digest

SHA-1, SHA-256, and SHA-512 are shipped enabled and do not require the enablement feature.

Support for CPACF is also available using the Integrated Cryptographic Service Facility (ICSF). ICSF is a com- ponent of z/OS, and is designed to transparently use the available cryptographic functions, whether CPACF or Crypto Express2, to balance the workload and help address the bandwidth requirements of your applications.

The enhancements to CPACF are exclusive to the System z10 and supported by z/OS, z/VM, z/VSE, and Linux on System z.

Configurable Crypto Express2

The Crypto Express2 feature has two PCI-X adapters. Each of the PCI-X adapters can be defi ned as either a Coprocessor or an Accelerator.

Crypto Express2 Coprocessor – for secure-key encrypted transactions (default) is:

Designed to support security-rich cryptographic func- tions, use of secure-encrypted-key values, and User Defi ned Extensions (UDX)

Designed to support secure and clear-key RSA opera- tions

The tamper-responding hardware and lower-level fi rm- ware layers are validated to U.S. Government FIPS 140- 2 standard: Security Requirements for Cryptographic Modules at Level 4

Crypto Express2 Accelerator – for Secure Sockets Layer (SSL) acceleration:

Is designed to support clear-key RSA operations

Offl oads compute-intensive RSA public-key and private- key cryptographic operations employed in the SSL pro- tocol Crypto Express2 features can be carried forward on an upgrade to the System z10 BC, so users may con- tinue to take advantage of the SSL performance and the confi guration capability

The confi gurable Crypto Express2 feature is supported by z/OS, z/VM, z/VSE, and Linux on System z. z/VSE offers support for clear-key operations only. Current versions of z/OS, z/VM, and Linux on System z offer support for both clear-key and secure-key operations.

Crypto Express2-1P

An option of one PCI-X adapter per feature, in addition to the current two PCI-X adapters per feature, is being offered for the z10 BC to help satisfy small and midrange security requirements while maintaining high performance.

The Crypto Express2-1P feature, with one PCI-X adapter, can continue to be defi ned as either a Coprocessor or an Accelerator. A minimum of two features must be ordered.

Additional cryptographic functions and features with Crypto Express2 and Crypto Express2-1P.

Key management – Added key management for remote loading of ATM and Point of Sale (POS) keys. The elimina- tion of manual key entry is designed to reduce downtime due to key entry errors, service calls, and key manage- ment costs.

37

Page 36 Page 38
Image 37
Page 36 Page 38
Contents IBM System z10 Business Class z10 BC Reference Guide Table of Contents Think Big, Virtually Limitless IBM System z10 Business Class z10 BC OverviewSpecial workloads, Specialty engines, affordable technology More Solutions, More AffordableNew Face Of System z Z10 BC Architecture ArchitectureArchitecture operating system support Page Commitment to system integrity TPF VSEOperating System ESA/390 Linux on System zZ10 BC Page Page Z10 BC Design and Technology Z10 BC capacity identifiers Z10 BC ModelMemory Dimm sizes 2 GB and 4 GB Z10 BC Model Capacity IDs Z10 BC model upgradesLarge System Performance Reference Z10 BC PerformanceCPU Measurement Facility System I/O Configuration Analyzer Z10 BC I/O SubsystemZ10 BC Channels and I/O Connectivity Support of Spanned Channels and Logical Partitions Concurrent UpdateModes of Operation FCP Channels Ficon Support for Cascaded DirectorsScsi IPL now a base function FCP increased performance for small block sizesFCP Full fabric connectivity High Performance Ficon improvement in performancePlatform and name server registration in Ficon channel Preplanning and setup of SAN for a System z10 environmentFicon Express enhancements for Storage Area Networks DistanceNPort ID Virtualization Program Directed re-IPLFeature Infrastructure Ports per Serviceability EnhancementsFicon Link Incident Reporting OSA-Express3 the newest family of LAN adaptersOSA-Express2 availability OSA-Express3 Ethernet features Summary of benefitsPurpose/Traffic FeaturesType OSA-Express3 10 Gigabit Ethernet LRFour-port exploitation on OSA-Express3 GbE SX and LX OSA-Express3-2P Gigabit Ethernet SXOSA-Express3 1000BASE-T Ethernet OSA-Express3-2P 1000BASE-T EthernetNetwork Traffic Analyzer Dynamic LAN idle for z/OS Link aggregation for z/VM in Layer 2 modeOSA Layer 3 Virtual MAC for z/OS Layer 2 transport mode When would it be used?Hardware data router Direct Memory Access DMAIBM Communication Controller for Linux CCL OSA-Express3 and OSA-Express2 OSN OSA for NCPRemove L2/L3 LPAR-to-LPAR Restriction OSA Integrated Console ControllerOSA/SF Virtual MAC and Vlan id Display Capability HiperSockets HiperSockets Enhancement for zIIP Exploitation Can Do IT securely Security CryptographyCP Assist for Cryptographic Function Cpacf Configurable Crypto Express2 Enhancements to CP Assist for Cryptographic Func Tion CpacfCrypto Express2-1P Support for RSA keys up to 4096 bits Support for ISODynamically add crypto to a logical partition Secure Key AESTKE 5.3 workstation Support for 13- thru 19-digit Personal Account NumbersEnhancement with TKE 5.3 LIC Smart Card ReaderSystem z10 BC cryptographic migration TKE additional smart cards new featureRemote Loading of Initial ATM Keys Remote Key Loading BenefitsCapacity on Demand Temporary Capacity On Demand CapabilitiesAmendment for CBU Tests Capacity Provisioning System z9 System z10 OS Capacity provisioning allows you to set up rulesRAS Design Focus Reliability, Availability, and Serviceability RASAvailability Functions Enhanced Driver MaintenanceHardware System Area HSA Redundant I/O InterconnectConcurrent Memory Upgrade Dynamic Oscillator SwitchoverService Enhancements Transparent SparingPower Estimation Tool Power MonitoringEnvironmental Enhancements IBM Systems Director Active Energy ManagerParallel Sysplex Cluster Technology Improved service time with Coupling Facility DuplexCoupling Facility Control Code Cfcc Level System-Managed CF Structure Duplexing Coupling Facility Configuration AlternativesIntroducing long reach InfiniBand coupling links Parallel Sysplex Coupling ConnectivityCoupling Connectivity for Parallel Sysplex Time synchronization and time accuracy on z10 BC Z10 Coupling Link OptionsServer Time Protocol STP Server Time Protocol enhancementsPreview Improved STP System Management with Continuous Availability of NTP servers used as Exter Enhanced STP recovery when Internal Battery FeatureApplication Programming Interface API to automate Internal Battery Feature RecommendationFamily Machine Type HMC System SupportInternet Protocol, Version 6 IPv6 HMC/SE Console MessengerHMC z/VM Tower System Management Enhancements Enhanced installation support for z/VM using the HMCImplementation Services for Parallel Sysplex Gdps Fiber Quick Connect for Ficon LX EnvironmentsZ10 BC System Power Z10 BC Physical CharacteristicsZ10 BC Highlights and Physical Dimensions Z9 BC Physical PlanningZ10 BC Concurrent PU Conversions Z10 BC Configuration DetailZ10 BC Minimum Maximum Z10 BC Model StructureIBF Z10 BC IBF hold uptime Drawer DrawersZ890 Coupling Facility CF Level of SupportStatement of Direction Following Redbook publications are available now PublicationsAvailable in the Library section of Resource Link Resource LinkZSO03021-USEN-02
Top Page Image Contents