IBM z/OS manual Availability, ZSeries Security Certification Cryptography

Page 29

Availability

a method for key identifi cation, exchange, separation, update, backup, and management. The TKE worksta- tion and 4.0 code level are designed to provide a secure, remote, and fl exible method of providing Master Key Entry and to remotely manage PCIX Cryptographic Coprocessors.

zSeries Security Certification

Cryptography

z890/z990 PCIXCC:

Designed for FIPS 140-2 level 4 certifi cation

Logical Partitions

z900 and z800 servers are the fi rst and only to receive Common Criteria EAL5 certifi cation

Operating Systems Common Criteria Certifi cation

SUSE LINUX on zSeries

SUSE SLES 8 has been certifi ed for Controlled Access Protection Profi le (CAPP) EAL3+

z/OS 1.6

z/OS 1.6 is under evaluation for Controlled Access Protection Profi le (CAPP) EAL3+ and Labeled Security Protection Profi le (LSPP) EAL3+.

z/VM

z/VM has applied for Common Criteria (ISO/IEC 15408) certifi cation of z/VM V5.1 with the RACF® for z/VM optional feature against the Controlled Access Protection Profi le (CAPP) and the Labeled Security Protection Profi le (LSPP), both at the EAL3+ assur- ance level.

z990 Capacity Upgrade on Demand (CUoD)

Capacity Upgrade on Demand allows for the nondisruptive addition of one or more Central Processors (CPs), Inter- nal Coupling Facilities (ICFs), Integrated Facility for Linux (IFLs), and IBM ^zSeries Application Assist Pro- cessor (zAAP). Capacity Upgrade on Demand can quickly add processors up to the maximum number of available inactive engines. This provides customers with the capac- ity for much needed dynamic growth in an unpredictable e-business world. The Capacity Upgrade on Demand functions, combined with Parallel Sysplex technology, can enable virtually unlimited capacity upgrade capability.

The CUoD functions are:

Nondisruptive CP, ICF, IFL, and zAAP upgrades within minutes

Dynamic upgrade of all I/O cards in the I/O Cage

Dynamic upgrade of spare installed memory

Plan Ahead and Concurrent Conditioning

Concurrent Conditioning confi gures a system for hot plugging of I/O based on a future specifi ed target con-

guration. Concurrent Conditioning of the zSeries I/O is minimized by the fact that all I/O cards plugging into the zSeries I/O cage are hot pluggable. This means that the only I/O to be conditioned is the I/O cage itself. The ques- tion of whether or not to concurrently condition a cage is a very important consideration, especially with the rapid change in the IT environment (e-business) as well as the technology. Migration to FICON Express or additional OSA-Express networking is exceptionally easy and non- disruptive with the appropriate microcode load and if the cage space is available.

29

Page 28 Page 30
Image 29
Page 28 Page 30
Contents IBM zSeries 990 and z/OS Reference Guide Table of Contents What does an on demand company look like? ZSeries OverviewTools for Managing e-business To huge increases in user activityArchitecture Operating System Support ArchitectureTion IBM zSeriesBase Ratio Z990 Design and Technology MultiChip Module is the technology cornerstone for Z990 and IBM On/Off Capacity on Demand Z990 Family ModelsZ990 Models Model Upgrades Z990 and z900 Performance Comparison Z990 Cage Layout Z990 I/O SubSystemPhysical Channel IDs PCHIDs SubSystem Greater than 15 Logical Partitions LPLogical Channel SubSystem Lcss Spanning Z990 Channels and I/O ConnectivityIC Channel Spanning Up to 1024 Escon ChannelsIntegrated Cluster Bus-2 ICB-2 InterSystem Channel-3 ISC-3Integrated Cluster Bus-3 ICB-3 Integrated Cluster Bus-4 ICB-4Fibre Channel Connectivity Ficon Express Channel Card FeaturesPerformance Flexibility Three channel types supportedNative Ficon Channels Shared infrastructureFicon Support for Cascaded Directors Ficon ConnectivityFicon CTC function FCP Channels Ficon Bridge ChannelFCP Full fabric connectivity Open Systems Adapter-Express Features OSA-ExpressOSA-Express Integrated Console Controller Z990 OSA-Express 1000BASE-T EthernetZ990 OSA-Express Gigabit Ethernet Queued Direct Input/Output QdioServer to User connections NON-QDIO operational modeZ990 OSA-Express Token-Ring Performance enhancements for virtual servers Lpar Support of OSA-ExpressIPv6 Support LCSS0 LCSS1 HiperSocketsHiperSockets Network Concentrator Cryptography Availability Z990 Capacity Upgrade on Demand CUoDZSeries Security Certification Cryptography Plan Ahead and Concurrent ConditioningZ990 Server Capacity BackUp CBU Concurrent Maintenance Z990 Server Customer Initiated Upgrade CIUAdvanced Availability Functions Transparent SparingParallel Sysplex Cluster Technology Concurrent Capacity Backup Downgrade CBU UndoConcurrent Memory Upgrade Coupling Facility Configuration Alternatives System-Managed CF Structure Duplexing Parallel Sysplex Coupling Connectivity Options Z990 Theoretical Maximum Coupling Link SpeedIRD Scope Intelligent Resource DirectorChannel Subsystem Priority Queuing Lpar CPU ManagementDynamic Channel Path Management Page Geographically Dispersed Parallel Sysplex HyperSwap Geographically Dispersed Parallel Sysplex Gdps Enhancements Page Page Facilities Parallel SysplexComponents and assumptions No single point of failureIBM Middleware Z990 Support for LinuxLinux on zSeries Tivoli Access Manager for Operating Systems Version VM Version 4 and Version Linux Distribution PartnersIntegrated Facility for Linux IFL OSA-Express Ethernet for LinuxFibre Channel Protocol FCP channel Support for Linux HiperSocketsLinux Support ZSeries 990 Family Configuration DetailCryptographic Support for Linux OSA-Express Features Cryptographic FeaturesProcessor Unit Assignments Processor MemoryGeneral Information Z990 Frame and I/O Configuration Content Planning for I/OZ990 Power/Heating/Cooling System Power Consumption kW Physical CharacteristicsZ990 Dimensions System Cooling Air Flow Rate CFMFiber-Optic Cabling and System Connectivity Coupling Facility CF Level of SupportFiber-optic jumper cabling package Integrated system services ZSeries Application Assist Processor OS.eAutomation Support OS ScalabilityBit Support Sense and Respond with Workload Manager System ServicesData Management with Dfsms WLM Improvements for WebSphereJES2 and JES3 CICS/VSAM enabled for 24x7 availabilitySystem Management Services Enhancements Console EnhancementsAdvanced System Automation Security ServicesMultilevel Security Racf enhancementsLdap Firewall PKI ServicesLanguage Environment Network Authentication ServiceApplication Enablement Services Unicode JavaRexx Functions Communication ServicesDynamic Virtual IP Address Takeover Sysplex DistributorHiperSockets Intrusion Detection Services IDSHighlights OS UnixZSeries File System zFS Unix System Services benefits can includeDistributed Computing Services Internet Services Distributed File Services DFS Server Message BlockInfoprint Central Print ServicesSoftcopy Publications Support Integrated TestingLibrary Center PublicationsOS 1.4 and 1.5 are supported on the following IBM servers Installation ConsiderationsOS 1.6 is supported on the following IBM servers Migration/CoexistenceZSeries Bimodal Support for z/OS Migration, installation and customization EnhancementsOrder z/OS through the Internet WizardsVM Version 3 VM Version 4 Exploiting New Technology Systems Management Networking with z/VM Application EnablementPage Enhancements in z/VM V5.1 include VM Version 5Engine-based Value Unit Pricing Technology Exploitation Network Virtualization and SecuritySystems Management Improvements To learn more
Top Page Image Contents