IBM 890 manual The Crypto Express2 feature supports the following

Page 35

A third generation Cryptographic feature – Crypto Express2

Crypto Express2 features support for on demand business in a security-rich environment.

Crypto Express2 provides the functions of PCICA and PCIXCC in a single feature that is expected to provide improved secure key and system throughput. Like its prede- cessors, the Crypto Express2 feature has been designed to satisfy the security requirements of an enterprise server.

The Integrated Cryptographic Service Facility (ICSF), a component of z/OS, is designed to transparently use the available cryptographic functions, the CP Assist for Cryptographic Function (CPACF) as well as the PCICA, PCIXCC, and Crypto Express2 features to balance the workload and satisfy the requirements of the applications.

The Crypto Express2 feature is designed for Federal Infor- mation Processing Standard (FIPS) 140-2 Level 4 Certifi ca- tion and has two coprocessors per feature for improved system throughput. A performance benefi t is expected with multitasking applications. A performance benefi t may not be realized with single-threaded applications, which can utilize only one of the two coprocessors.

The Crypto Express2 feature supports the following:

Consolidation and simplifi cation via a single crypto coprocessor feature on z890 and z990

Compute-intensive public key cryptographic functions designed to help reduce CP utilization and increase system throughput

Card Validation Value (CVV) generation and verifi cation services for 19-digit Personal Account Number (PANs)

Enabling use of less than 512-bit keys for clear key RSA operations

2048-bit key RSA management capability

Functions previously supported by the PCICA and PCIXCC features offered on z890 and z990 including:

Compute-intensive public key cryptographic func- tions to help reduce CP usage and increase system throughput

Hardware acceleration for Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols to help support security-rich on demand business applica- tions and transactions

SSL performance equivalent to the PCICA feature

The functional enhancements announced in April 2004, namely: PKE MRP support, PKD zero pad sup- port, TDES DUKPT, and EMV2000

User Defi ned Extension (UDX) Service Offering – pro- grammable to deploy standard functions and algorithms

Up to a maximum of eight features per server

The combined maximum number of Crypto Express2, PCICA, and PCIXCC features on a z890 and z990 cannot exceed eight features per server10

The z890 and z990 can support up to eight Crypto Express2 features (16 coprocessors)

The z890 and z990 can support up to six PCICA features (12 accelerators)

The z890 and z990 can support up to four PCIXCC features (four coprocessors)

With Crypto Express2, both the z890 and z990 can have up to sixteen secure key coprocessors in com- parison to the four coprocessors with the PCIXCC features. This is expected to translate into increased secure key and system throughput.

With Crypto Express2, both the z890 and z990 servers can utilize up to sixteen cryptographic coprocessors for clear key SSL acceleration in comparison to twelve accelerators with the PCICA features. The number

of SSL handshakes per second in a 16 CP z990 is expected to remain at over 11,000 when running the z/OS operating system*.

35

Page 34 Page 36
Image 35
Page 34 Page 36
Contents January IBM zSeries 890 and z/OS Reference GuideTable of Contents What does an on demand company look like? zSeries OverviewTools for Managing e-business The New zSeries from IBMz/Architecture Operating System Support z/Architecture31-bit IBM zSeriesOperating System z/ArchEstimated Ratio BaseNumber of CPs z890 Design and Technology The z890 supports LPAR mode only basic mode is no longer supported IBM On/Off Capacity on Demand for z890 z890 Family Modelsz890 Performance Comparison Page z800 z890 z800 to z890 and z890 Model UpgradesOn/Off CoD Test z890 Performance Comparisons CEC I/O Cage z890 I/O Subsystemz890s Positioning in the zSeries Family z890 Cage LayoutLogical Channel SubSystem LCSS Spanning Greater than 15 Logical Partitions LPARsUp to 30 Logical Partitions Physical Channel IDs PCHIDs SubSystemUp to 40 FICON Express Channels z890 Channels and I/O ConnectivityChannel Spanning Up to 420 ESCON ChannelsIntegrated Cluster Bus-4 ICB-4 Up to 80 FICON Express2 ChannelsInterSystem Channel-3 ISC-3 Integrated Cluster Bus-3 ICB-3FICON CTC function Fibre Channel ConnectivityNative FICON Channels FCP Channels FICON ConnectivityFICON Support for Cascaded Directors FICON Express enhancements for Storage Area Networks Preview - FCP LUN Access ControlFCP Full fabric connectivity FICON purge path extended FICON Express2 SX A New Generation for SANs - FICON Express2FICON Express2 Doubles the Channel Capacity FICON Express2 LXCascading Concurrent UpdateContinued Support of Spanned Channels and LPARs Modes of OperationQueued Direct Input/Output QDIO One port per feature OSA-Express2 Gigabit EthernetOSA-Express2 10 Gigabit Ethernet LR Concurrent LIC update LayerOSA-Express2 large send for the z/OS environment preview New functions in OSA-Express2Improved virtualization - now 640 TCP/IP stacks Large send for TCP/IP trafficLayer 2 support - ideal for server consolidation OSA-Express2 concurrent LIC update - an availability enhancementz890 OSA-Express 1000BASE-T Ethernet Open Systems Adapter-Express Features OSA-ExpressTCP/IP stack utilization improvement for OSA-Express z890 OSA-Express Gigabit Ethernet OSA-Integrated Console ControllerQueued Direct Input/Output QDIO Note Statement of Direction NON-QDIO operational modez890 OSA-Express Token-Ring Performance enhancements for virtual servers Server to User connectionsLPAR Support of OSA-Express IPv6 SupportHiperSockets HiperSockets CHPID z/VMLCSS0 LCSS1HiperSockets Network Concentrator CryptographyOperating Systems Common Criteria Certifi cation SUSE LINUX on zSeries zSeries Security Certification Cryptographyz890/z990 PCIXCC Designed for FIPS 140-2 level 4 certifi cation Logical PartitionsThe Crypto Express2 feature supports the following 2048-bit key RSA management for PCICC on z800, z900 Enabling use of less than 512-bit keys for clear key RSA operationsCryptographic support for 19-digit PANs TKE 4.2 code TKE 4.2 and Smart Card Reader SupportPlan Ahead and Concurrent Conditioning z890 Capacity Upgrade on Demand CUoDz890 Server Capacity BackUp CBU AvailabilityOrder Staging for CIU-Express and On/Off CoD Automatic Enablement of CBU for GDPSz890 Customer Initiated Upgrade CIU On/Off CoD TestingTransparent Sparing Concurrent MaintenanceConcurrent Capacity BackUp Downgrade CBU Undo Advanced Availability FunctionsParallel Sysplex Cluster Technology Coupling Facility Configuration Alternatives System-Managed CF Structure Duplexing Route B Parallel Sysplex Coupling ConnectivityGDPS/PPRC Cross Site Parallel Sysplex distance Extended to 100 km Route AOptions z890 and z990 Theoretical Maximum Coupling Link SpeedConnectivity Dynamic Channel Path Management Intelligent Resource DirectorzSeries IRD Scope LPAR CPU ManagementChannel Subsystem Priority Queuing Parallel Sysplex Professional ServicesGDPS GPDS/PPRC HyperSwap Site takeover/failover of a complete production site GDPS/PPRC and GDPS/XRC FlashCopy SupportGDPS/PPRC Multiplatform Resiliency for zSeries Re-IPL in place of failing operating system imagesPerformance enhancements for GDPS/PPRC and GDPS/XRC Automatic Enablement of CBU for GDPSconfigurations GDPS/Global Mirror - previewComponents and assumptions Continuous Availability Recommended Configuration for ParallelFacilities SysplexLinux on zSeries z890 Support for LinuxKey attributes can include IBM Middleware OSA-Express Ethernet for Linux Linux Distribution Partnersz/VM Version 4 and Version Integrated Facility for Linux IFLHiperSockets OSA-Express Enhancements for LinuxLinux Support Fibre Channel Protocol FCP channel Support for LinuxCryptographic Support for Linux Channels zSeries 890 Family Configuration DetailProcessor Unit Assignments Processor MemoryGeneral Information Cryptographic FeaturesOSA-Express Features z890 Frame and I/O Configuration Content Planning for I/OCoupling Facility - CF Level of Support Physical Characteristicsz890 Power/Heating/Cooling System Power Consumption 50/60 Hz, KVA z890 DimensionsFiber-Optic Cabling and System Connectivity z/OS Integrated system servicesSupport for 64-bit real memory and 64-bit virtual storage z/OS.eLPAR CPU Management Dynamic Channel Path Management zSeries Application Assist Processorz/OS Scalability 64-bit Supportz/OS Version 1 Release 6 base elements System ServicesAutomation Support z/OS Version 1 Release 6 optional priced featuresData Management with DFSMS Sense and Respond with Workload ManagerWLM Improvements for WebSphere JES2 and JES3 CICS/VSAM enabled for 24x7 availabilityParallel Sysplex Enhancements System Management ServicesConsole Enhancements RACF Security ServicesSMP/E Advanced System AutomationMultilevel Security RACF enhancementsa restriction where the private key had to reside in the RACF database LDAPICSF Firewall PKI ServicesNetwork Authentication Service C/C++ Application Enablement ServicesLanguage Environment REXX Functions Communication ServicesJava UnicodeIPv6 Intrusion Detection Services IDSDynamic Virtual IP Address Takeover Sysplex Distributorz/OS UNIX HiperSocketszSeries File System zFS UNIX System Services benefits can includeDistributed Computing Services HighlightsInternet Services Distributed File Services DFS Server Message Block SMBInfoprint Central Print ServicesPublications Integrated TestingLibrary Center Softcopy Publications SupportMigration/Coexistence Installation Considerationsz/OS 1.6 is supported on the following IBM servers Wizards Migration, installation and customization enhancementszSeries Bimodal Support for z/OS Order z/OS through the Internet z/VMz/VM Version 4 z/VM Version 3Exploiting New Technology New technological enhancements in z/VM V4.4 provide Systems ManagementC/C++ for z/VM Compiler 5654-A22 Application EnablementNetworking with z/VM Management and control of VLAN topology by the z/VM virtual switchz/VM Version 5 Value Unit Pricing helps you to Engine-based Value Unit PricingEnhancements in z/VM V5.1 include Virtualization Technology and Linux EnablementNetwork Virtualization and Security For further information see the z/VM Reference Guide, GM13-0137 Technology ExploitationSystems Management Improvements z/VSE VSE/ESAVSE/ESA To learn more Endnotes
Related manuals
Manual 28 pages 54.75 Kb
Top Page Image Contents