IBM Z10 BC manual Commitment to system integrity

Page 8

Improved availability with Parallel Sysplex and Coupling Facility improvement

Enhanced application development and integration with new System REXXfacility, Metal C facility, and z/OS UNIX® System Services commands

Enhanced Workload Manager in managing discretionary work and zIIP and zAAP workloads

Commitment to system integrity

First issued in 1973, IBM’s MVSSystem Integrity State- ment and subsequent statements for OS/390® and z/OS stand as a symbol of IBM’s confi dence and commitment to the z/OS operating system. Today, IBM reaffi rms its com- mitment to z/OS system integrity.

IBM’s commitment includes designs and development practices intended to prevent unauthorized application programs, subsystems, and users from bypassing z/OS security—that is, to prevent them from gaining access, circumventing, disabling, altering, or obtaining control of key z/OS system processes and resources unless allowed by the installation. Specifi cally, z/OS “System Integrity” is defi ned as the inability of any program not authorized by a mechanism under the installation’s control to circumvent or disable store or fetch protection, access a resource protected by the z/OS Security Server (RACF), or obtain control in an authorized state; that is, in supervisor state, with a protection key less than eight (8), or Authorized Program Facility (APF) authorized. In the event that an IBM System Integrity problem is reported, IBM will always take action to resolve it.

IBM’s long-term commitment to System Integrity is unique in the industry, and forms the basis of the z/OS industry leadership in system security. z/OS is designed to help you protect your system, data, transactions, and applications from accidental or malicious modifi cation. This is one of the many reasons System z remains the industry’s premier data server for mission-critical workloads.

z/VM

z/VM V5.4 is designed to extend its System z virtualization technology leadership by exploiting more capabilities of System z servers including:

Greater fl exibility, with support for the new z/VM-mode logical partitions, allowing all System z processor-types (CPs, IFLs, zIIPs, zAAPs, and ICFs) to be defi ned in the same z/VM LPAR for use by various guest operating systems

Capability to install Linux on System z as well as z/VM from the HMC on a System z10 that eliminates the need for any external network setup or a physical connection between an LPAR and the HMC

Enhanced physical connectivity by exploiting all OSA- Express3 ports, helping service the network and reduc- ing the number of required resources

Dynamic memory upgrade support that allows real memory to be added to a running z/VM system. With z/VM V5.4, memory can be added nondisruptively to individual guests that support the dynamic memory reconfi guration architecture. Systems can now be confi gured to reduce the need to re-IPL z/VM. Processors, channels, OSA adapters, and now memory can be dynamically added to both the z/VM system itself and to individual guests.

The operation and management of virtual machines has been enhanced with new systems management APIs, improvements to the algorithm for distributing a guest’s CPU share among virtual processors, and usability enhancements for managing a virtual network.

Security capabilities of z/VM V5.4 provide an upgraded LDAP server at the functional level of the z/OS V1.10 IBM Tivoli® Directory Server for z/OS and enhancements to the RACF Security Server to create LDAP change log entries in response to updates to RACF group and user profi les, including user passwords and password phrases. The z/VM SSL server now operates in a CMS environment, instead of requiring a Linux distribution, thus allowing encryption ser- vices to be deployed more quickly and helping to simplify installation, service, and release-to-release migration.

8

Page 7 Page 9
Image 8
Page 7 Page 9
Contents IBM System z10 Business Class z10 BC Reference Guide Table of Contents IBM System z10 Business Class z10 BC Overview Think Big, Virtually LimitlessMore Solutions, More Affordable Special workloads, Specialty engines, affordable technologyNew Face Of System z Architecture operating system support ArchitectureZ10 BC Architecture Page Commitment to system integrity VSE TPFLinux on System z Operating System ESA/390Z10 BC Page Page Z10 BC Design and Technology Memory Dimm sizes 2 GB and 4 GB Z10 BC ModelZ10 BC capacity identifiers Z10 BC model upgrades Z10 BC Model Capacity IDsCPU Measurement Facility Z10 BC PerformanceLarge System Performance Reference Z10 BC I/O Subsystem System I/O Configuration AnalyzerZ10 BC Channels and I/O Connectivity Modes of Operation Concurrent UpdateSupport of Spanned Channels and Logical Partitions Ficon Support for Cascaded Directors FCP ChannelsFCP increased performance for small block sizes Scsi IPL now a base functionFCP Full fabric connectivity High Performance Ficon improvement in performancePreplanning and setup of SAN for a System z10 environment Platform and name server registration in Ficon channelDistance Ficon Express enhancements for Storage Area NetworksNPort ID Virtualization Program Directed re-IPLServiceability Enhancements Feature Infrastructure Ports perFicon Link Incident Reporting OSA-Express3 the newest family of LAN adaptersOSA-Express3 Ethernet features Summary of benefits OSA-Express2 availabilityFeatures Purpose/TrafficType OSA-Express3 10 Gigabit Ethernet LROSA-Express3-2P Gigabit Ethernet SX Four-port exploitation on OSA-Express3 GbE SX and LXOSA-Express3 1000BASE-T Ethernet OSA-Express3-2P 1000BASE-T EthernetNetwork Traffic Analyzer Link aggregation for z/VM in Layer 2 mode Dynamic LAN idle for z/OSLayer 2 transport mode When would it be used? OSA Layer 3 Virtual MAC for z/OSDirect Memory Access DMA Hardware data routerIBM Communication Controller for Linux CCL OSA-Express3 and OSA-Express2 OSN OSA for NCPOSA/SF Virtual MAC and Vlan id Display Capability OSA Integrated Console ControllerRemove L2/L3 LPAR-to-LPAR Restriction HiperSockets HiperSockets Enhancement for zIIP Exploitation CP Assist for Cryptographic Function Cpacf Security CryptographyCan Do IT securely Crypto Express2-1P Enhancements to CP Assist for Cryptographic Func Tion CpacfConfigurable Crypto Express2 Support for ISO Support for RSA keys up to 4096 bitsDynamically add crypto to a logical partition Secure Key AESSupport for 13- thru 19-digit Personal Account Numbers TKE 5.3 workstationEnhancement with TKE 5.3 LIC Smart Card ReaderTKE additional smart cards new feature System z10 BC cryptographic migrationRemote Loading of Initial ATM Keys Remote Key Loading BenefitsOn Demand Capabilities Capacity on Demand Temporary CapacityAmendment for CBU Tests Capacity Provisioning OS Capacity provisioning allows you to set up rules System z9 System z10Reliability, Availability, and Serviceability RAS RAS Design FocusEnhanced Driver Maintenance Availability FunctionsHardware System Area HSA Redundant I/O InterconnectDynamic Oscillator Switchover Concurrent Memory UpgradeService Enhancements Transparent SparingPower Monitoring Power Estimation ToolEnvironmental Enhancements IBM Systems Director Active Energy ManagerCoupling Facility Control Code Cfcc Level Improved service time with Coupling Facility DuplexParallel Sysplex Cluster Technology Coupling Facility Configuration Alternatives System-Managed CF Structure DuplexingParallel Sysplex Coupling Connectivity Introducing long reach InfiniBand coupling linksCoupling Connectivity for Parallel Sysplex Z10 Coupling Link Options Time synchronization and time accuracy on z10 BCServer Time Protocol STP Server Time Protocol enhancementsPreview Improved STP System Management with Enhanced STP recovery when Internal Battery Feature Continuous Availability of NTP servers used as ExterInternal Battery Feature Recommendation Application Programming Interface API to automateHMC System Support Family Machine TypeInternet Protocol, Version 6 IPv6 HMC/SE Console MessengerEnhanced installation support for z/VM using the HMC HMC z/VM Tower System Management EnhancementsImplementation Services for Parallel Sysplex Fiber Quick Connect for Ficon LX Environments GdpsZ10 BC Physical Characteristics Z10 BC System PowerZ10 BC Highlights and Physical Dimensions Z9 BC Physical PlanningZ10 BC Configuration Detail Z10 BC Concurrent PU ConversionsZ10 BC Model Structure Z10 BC Minimum MaximumIBF Z10 BC IBF hold uptime Drawer DrawersCoupling Facility CF Level of Support Z890Statement of Direction Publications Following Redbook publications are available nowAvailable in the Library section of Resource Link Resource LinkZSO03021-USEN-02
Top Page Image Contents