IBM 890 manual Cryptography, HiperSockets Network Concentrator

Page 33

Cryptography

HiperSockets broadcast support for IPv4 packets – Linux, z/OS, z/VM: Internet Protocol Version 4 (IPv4) broadcast packets are now supported over HiperSockets internal LANs. TCP/IP applications that support IPv4 broadcast, such

as z/OS OMPROUTE when running Routing Information Protocol Version 1 (RIPv1), can send and receive broad- cast packets over HiperSockets interfaces. This support is exclusive to z890 and z990. Broadcast for IPv4 packets is supported by Linux for zSeries. Support is available in z/OS 1.5. Support is also offered in z/VM 4.4 and later.

HiperSockets Network Concentrator

HiperSockets Network Concentrator support, exclusive to z890 and z990, can simplify network addressing between HiperSockets and OSA-Express. You can now integrate HiperSockets-connected operating systems into external networks, without requiring intervening network routing overhead, thus helping to increase performance and sim- plify confi guration. With the HiperSockets Network Con- centrator support, you can confi gure a special purpose Linux operating system instance, which can transparently bridge traffi c between a HiperSockets internal LAN and an external OSA-Express network attachment, similar to a real Layer 2 switch which bridges between different network segments. This support can make the internal HiperSockets network address connection appear as if it were directly con- nected to the external network.

In the on demand era, security will be a strong require- ment. The zSeries products will continue to address secu- rity with announcements and deliveries of products and features.

The main focus in cryptography will continue to be very high and scalable performance for SSL algorithms, sec- ondly, to provide security-rich, symmetric performance for

nancial and banking applications using PIN/POS type encryption. As in the past zSeries will be designed to deliver seamless integration of the cryptography facilities through use of ICSF. Use of ICSF will enable applications to be designed to work without change regardless of how and where the cryptographic functions are implemented, and also assure that the cryptography work to be load bal- anced across the hardware resources. Finally we will be focused on required certifi cations and open standards.

The existing PCICA card feature will continue to be avail- able on the z890 and z990 – for SSL acceleration / clear key operations. To support the increased number of LPARs available on z890 and z990, the confi guration options

for the crypto PCICA adapter – introduced with the z900

will be extended to allow sharing of a PCICA over the whole range of LPARs with a max of 16 LPARs sharing one PCICA adapter.

In addition to the PCICA, a new crypto adapter (PCIXCC) is introduced as a functional replacement for the CMOS Cryptographic Coprocessor and the PCI Cryptographic Coprocessor. The PCIXCC adapter design introduces

a breakthrough concept which supports high security demanding applications requiring a FIPS 140-2 level 4 cer- tifi ed crypto module, and also as an execution environment for customer written programs and a high performance path for Public Key / SSL operations. The PCIXCC hardware

33

Page 32 Page 34
Image 33
Page 32 Page 34
Contents January IBM zSeries 890 and z/OS Reference GuideTable of Contents What does an on demand company look like? zSeries OverviewTools for Managing e-business The New zSeries from IBMz/Architecture Operating System Support z/ArchitectureOperating System IBM zSeriesz/Arch 31-bitBase Number of CPsEstimated Ratio z890 Design and Technology The z890 supports LPAR mode only basic mode is no longer supported z890 Family Models z890 Performance ComparisonIBM On/Off Capacity on Demand for z890 Page z800 to z890 and z890 Model Upgrades On/Off CoD Testz800 z890 z890 Performance Comparisons z890s Positioning in the zSeries Family z890 I/O Subsystemz890 Cage Layout CEC I/O CageUp to 30 Logical Partitions Greater than 15 Logical Partitions LPARsPhysical Channel IDs PCHIDs SubSystem Logical Channel SubSystem LCSS SpanningChannel Spanning z890 Channels and I/O ConnectivityUp to 420 ESCON Channels Up to 40 FICON Express ChannelsInterSystem Channel-3 ISC-3 Up to 80 FICON Express2 ChannelsIntegrated Cluster Bus-3 ICB-3 Integrated Cluster Bus-4 ICB-4Fibre Channel Connectivity Native FICON ChannelsFICON CTC function FICON Connectivity FICON Support for Cascaded DirectorsFCP Channels Preview - FCP LUN Access Control FCP Full fabric connectivityFICON Express enhancements for Storage Area Networks FICON purge path extended FICON Express2 Doubles the Channel Capacity A New Generation for SANs - FICON Express2FICON Express2 LX FICON Express2 SXContinued Support of Spanned Channels and LPARs Concurrent UpdateModes of Operation CascadingOSA-Express2 10 Gigabit Ethernet LR OSA-Express2 Gigabit EthernetConcurrent LIC update Layer Queued Direct Input/Output QDIO One port per featureImproved virtualization - now 640 TCP/IP stacks New functions in OSA-Express2Large send for TCP/IP traffic OSA-Express2 large send for the z/OS environment previewLayer 2 support - ideal for server consolidation OSA-Express2 concurrent LIC update - an availability enhancementOpen Systems Adapter-Express Features OSA-Express TCP/IP stack utilization improvement for OSA-Expressz890 OSA-Express 1000BASE-T Ethernet OSA-Integrated Console Controller Queued Direct Input/Output QDIOz890 OSA-Express Gigabit Ethernet NON-QDIO operational mode z890 OSA-Express Token-RingNote Statement of Direction LPAR Support of OSA-Express Server to User connectionsIPv6 Support Performance enhancements for virtual serversHiperSockets LCSS0 z/VMLCSS1 HiperSockets CHPIDHiperSockets Network Concentrator Cryptographyz890/z990 PCIXCC Designed for FIPS 140-2 level 4 certifi cation zSeries Security Certification CryptographyLogical Partitions Operating Systems Common Criteria Certifi cation SUSE LINUX on zSeriesThe Crypto Express2 feature supports the following Enabling use of less than 512-bit keys for clear key RSA operations Cryptographic support for 19-digit PANs2048-bit key RSA management for PCICC on z800, z900 TKE 4.2 code TKE 4.2 and Smart Card Reader Supportz890 Server Capacity BackUp CBU z890 Capacity Upgrade on Demand CUoDAvailability Plan Ahead and Concurrent Conditioningz890 Customer Initiated Upgrade CIU Automatic Enablement of CBU for GDPSOn/Off CoD Testing Order Staging for CIU-Express and On/Off CoDConcurrent Capacity BackUp Downgrade CBU Undo Concurrent MaintenanceAdvanced Availability Functions Transparent SparingParallel Sysplex Cluster Technology Coupling Facility Configuration Alternatives System-Managed CF Structure Duplexing GDPS/PPRC Cross Site Parallel Sysplex distance Extended to 100 km Parallel Sysplex Coupling ConnectivityRoute A Route Bz890 and z990 Theoretical Maximum Coupling Link Speed ConnectivityOptions zSeries IRD Scope Intelligent Resource DirectorLPAR CPU Management Dynamic Channel Path ManagementChannel Subsystem Priority Queuing Parallel Sysplex Professional ServicesGDPS GPDS/PPRC HyperSwap GDPS/PPRC Multiplatform Resiliency for zSeries GDPS/PPRC and GDPS/XRC FlashCopy SupportRe-IPL in place of failing operating system images Site takeover/failover of a complete production siteconfigurations Automatic Enablement of CBU for GDPSGDPS/Global Mirror - preview Performance enhancements for GDPS/PPRC and GDPS/XRCFacilities Continuous Availability Recommended Configuration for ParallelSysplex Components and assumptionsz890 Support for Linux Key attributes can includeLinux on zSeries IBM Middleware z/VM Version 4 and Version Linux Distribution PartnersIntegrated Facility for Linux IFL OSA-Express Ethernet for LinuxHiperSockets OSA-Express Enhancements for LinuxFibre Channel Protocol FCP channel Support for Linux Cryptographic Support for LinuxLinux Support Processor Unit Assignments zSeries 890 Family Configuration DetailProcessor Memory ChannelsOSA-Express Features Cryptographic Featuresz890 Frame and I/O Configuration Content Planning for I/O General Informationz890 Power/Heating/Cooling System Power Consumption 50/60 Hz, KVA Physical Characteristicsz890 Dimensions Coupling Facility - CF Level of SupportFiber-Optic Cabling and System Connectivity z/OS Integrated system servicesSupport for 64-bit real memory and 64-bit virtual storage z/OS.ez/OS Scalability zSeries Application Assist Processor64-bit Support LPAR CPU Management Dynamic Channel Path ManagementAutomation Support System Servicesz/OS Version 1 Release 6 optional priced features z/OS Version 1 Release 6 base elementsSense and Respond with Workload Manager WLM Improvements for WebSphereData Management with DFSMS CICS/VSAM enabled for 24x7 availability Parallel SysplexJES2 and JES3 System Management Services Console EnhancementsEnhancements SMP/E Security ServicesAdvanced System Automation RACFMultilevel Security RACF enhancementsLDAP ICSFa restriction where the private key had to reside in the RACF database PKI Services Network Authentication ServiceFirewall Application Enablement Services Language EnvironmentC/C++ Java Communication ServicesUnicode REXX FunctionsDynamic Virtual IP Address Takeover Intrusion Detection Services IDSSysplex Distributor IPv6z/OS UNIX HiperSocketsDistributed Computing Services UNIX System Services benefits can includeHighlights zSeries File System zFSInternet Services Distributed File Services DFS Server Message Block SMBInfoprint Central Print ServicesLibrary Center Integrated TestingSoftcopy Publications Support PublicationsInstallation Considerations z/OS 1.6 is supported on the following IBM serversMigration/Coexistence Migration, installation and customization enhancements zSeries Bimodal Support for z/OSWizards Order z/OS through the Internet z/VMz/VM Version 4 z/VM Version 3Exploiting New Technology New technological enhancements in z/VM V4.4 provide Systems ManagementNetworking with z/VM Application EnablementManagement and control of VLAN topology by the z/VM virtual switch C/C++ for z/VM Compiler 5654-A22z/VM Version 5 Enhancements in z/VM V5.1 include Engine-based Value Unit PricingVirtualization Technology and Linux Enablement Value Unit Pricing helps you toNetwork Virtualization and Security Technology Exploitation Systems Management ImprovementsFor further information see the z/VM Reference Guide, GM13-0137 VSE/ESA VSE/ESAz/VSE To learn more Endnotes
Related manuals
Manual 28 pages 54.75 Kb
Top Page Image Contents