IBM z/OS manual PKI Services, Firewall

Page 66

Support for IPv6 and 64-bit addressing

Peer-to-peer replication provides failover support for server availability. If a primary master server fails, there is now a backup master to which LDAP operations can be directed.

Large group support helps improve LDAP server perfor- mance when maintaining large access groups contain- ing many members.

ICSF

Integrated Cryptographic Service Facility (ICSF) is a part of z/OS which provides cryptographic functions for data security, data integrity, personal identifi cation, digital signatures, and the management of cryptographic keys. These functions are provided via APIs intended to deliver the highly scalable and available security features of z/OS and the zSeries servers. Together with cryptography fea- tures of zSeries servers, z/OS is designed to provide high performance SSL, which can benefi t applications that use System SSL, such as the z/OS HTTP Server and Web- Sphere, TN3270, and CICS Transaction Gateway server.

ICSF provides support for the z990 and z890 PCIX Cryp- tographic Coprocessor (PCIXCC), a replacement for the PCICC and the CMOS Cryptographic Coprocessor Facility that were found on the z900 and z800. All of the equivalent PCICC functions offered on the PCIXCC are expected to be implemented with higher performance. In addition, PCIXCC implements the functions on the CMOS Crypto- graphic Coprocessor Facility used by known applications. PCIXCC supports secure cryptographic functions, use of secure encrypted key values and user-defi ned extensions.

PKI Services

PKI Services is a z/OS component that provides a com- plete Certifi cate Authority (CA) package for full certifi cate life cycle management. Customers can be their own Cer- tifi cate Authority, with the scale and availability provided by z/OS. This can result in signifi cant savings over third party options.

User request driven via customizable Web pages for browser or server certifi cates

Automatic or administrator approval process adminis- tered via same Web interface

End user / administrator revocation process

Certifi cate validation service for z/OS applications

Firewall

Firewall Technologies provide sysplex-wide Security Association Support: This function is designed to enable VPN (virtual private network) security associations to be dynamically reestablished on a backup processor in a sysplex when a Dynamic Virtual IP Address (DVIPA) takeover occurs. When the Dynamic Virtual IP Address give-back occurs, the security association is designed to be reestablished on the original processor in the sysplex. When used in conjunction with z/OS Communi- cations Server’s TCP/IP DVIPA takeover/give-back capa- bility, this function provides customers with improved availability of IPSec security associations.

66

Page 65 Page 67
Image 66
Page 65 Page 67
Contents IBM zSeries 990 and z/OS Reference Guide Table of Contents ZSeries Overview What does an on demand company look like?To huge increases in user activity Tools for Managing e-businessArchitecture Architecture Operating System SupportIBM zSeries TionBase Ratio Z990 Design and Technology MultiChip Module is the technology cornerstone for Z990 Family Models Z990 ModelsZ990 and IBM On/Off Capacity on Demand Model Upgrades Z990 and z900 Performance Comparison Z990 I/O SubSystem Z990 Cage LayoutGreater than 15 Logical Partitions LP Physical Channel IDs PCHIDs SubSystemIC Channel Spanning Z990 Channels and I/O ConnectivityLogical Channel SubSystem Lcss Spanning Up to 1024 Escon ChannelsIntegrated Cluster Bus-3 ICB-3 InterSystem Channel-3 ISC-3Integrated Cluster Bus-2 ICB-2 Integrated Cluster Bus-4 ICB-4Performance Ficon Express Channel Card FeaturesFibre Channel Connectivity Flexibility Three channel types supportedShared infrastructure Native Ficon ChannelsFicon Connectivity Ficon CTC functionFicon Support for Cascaded Directors Ficon Bridge Channel FCP ChannelsOpen Systems Adapter-Express Features OSA-Express FCP Full fabric connectivityZ990 OSA-Express 1000BASE-T Ethernet OSA-Express Integrated Console ControllerQueued Direct Input/Output Qdio Z990 OSA-Express Gigabit EthernetNON-QDIO operational mode Z990 OSA-Express Token-RingServer to User connections Lpar Support of OSA-Express IPv6 SupportPerformance enhancements for virtual servers HiperSockets LCSS0 LCSS1HiperSockets Network Concentrator Cryptography ZSeries Security Certification Cryptography Z990 Capacity Upgrade on Demand CUoDAvailability Plan Ahead and Concurrent ConditioningZ990 Server Capacity BackUp CBU Advanced Availability Functions Z990 Server Customer Initiated Upgrade CIUConcurrent Maintenance Transparent SparingConcurrent Capacity Backup Downgrade CBU Undo Concurrent Memory UpgradeParallel Sysplex Cluster Technology Coupling Facility Configuration Alternatives System-Managed CF Structure Duplexing Parallel Sysplex Coupling Connectivity Z990 Theoretical Maximum Coupling Link Speed OptionsIntelligent Resource Director IRD ScopeLpar CPU Management Dynamic Channel Path ManagementChannel Subsystem Priority Queuing Page Geographically Dispersed Parallel Sysplex HyperSwap Geographically Dispersed Parallel Sysplex Gdps Enhancements Page Page Parallel Sysplex FacilitiesNo single point of failure Components and assumptionsZ990 Support for Linux Linux on zSeriesIBM Middleware Tivoli Access Manager for Operating Systems Version Integrated Facility for Linux IFL Linux Distribution PartnersVM Version 4 and Version OSA-Express Ethernet for LinuxHiperSockets Fibre Channel Protocol FCP channel Support for LinuxZSeries 990 Family Configuration Detail Cryptographic Support for LinuxLinux Support Processor Unit Assignments Cryptographic FeaturesOSA-Express Features Processor MemoryZ990 Frame and I/O Configuration Content Planning for I/O General InformationZ990 Dimensions Physical CharacteristicsZ990 Power/Heating/Cooling System Power Consumption kW System Cooling Air Flow Rate CFMCoupling Facility CF Level of Support Fiber-Optic Cabling and System ConnectivityFiber-optic jumper cabling package Integrated system services OS.e ZSeries Application Assist ProcessorOS Scalability Bit SupportAutomation Support System Services Sense and Respond with Workload ManagerWLM Improvements for WebSphere Data Management with DfsmsCICS/VSAM enabled for 24x7 availability System Management ServicesJES2 and JES3 Console Enhancements EnhancementsSecurity Services Advanced System AutomationRacf enhancements Multilevel SecurityLdap PKI Services FirewallNetwork Authentication Service Application Enablement ServicesLanguage Environment Java UnicodeDynamic Virtual IP Address Takeover Communication ServicesRexx Functions Sysplex DistributorIntrusion Detection Services IDS HiperSocketsOS Unix HighlightsUnix System Services benefits can include Distributed Computing ServicesZSeries File System zFS Distributed File Services DFS Server Message Block Internet ServicesPrint Services Infoprint CentralLibrary Center Integrated TestingSoftcopy Publications Support PublicationsOS 1.6 is supported on the following IBM servers Installation ConsiderationsOS 1.4 and 1.5 are supported on the following IBM servers Migration/CoexistenceMigration, installation and customization Enhancements ZSeries Bimodal Support for z/OSWizards Order z/OS through the InternetVM Version 3 VM Version 4 Exploiting New Technology Systems Management Application Enablement Networking with z/VMPage VM Version 5 Engine-based Value Unit PricingEnhancements in z/VM V5.1 include Network Virtualization and Security Technology ExploitationSystems Management Improvements To learn more
Top Page Image Contents