IBM 890 manual Smp/E, Advanced System Automation, Security Services, Racf

Page 69
SMP/E

SMP/E

SMP/E provides the ability to install software products and service either from DASD or tape, or directly from a network source, such as the Internet. By installing directly from a network source, SMP/E is enabling a more seam- less integration of electronic software delivery and instal- lation.

Advanced System Automation

The unique and rich functions of IBM Tivoli System Auto- mation for OS/390 (SA OS/390) Version 2.2 (separately orderable) can ease z/OS management, help reduce costs, and increase application availability. SA OS/390 automates I/O, processor, and system operations, and includes “canned” automation for IMS, CICS, Tivoli OPC, and DB2. Its focus is on Parallel Sysplex automation, including multi- and single-system confi gurations, and on integration with end-to-end Tivoli enterprise solutions. With the new patented manager/agent design, it is now pos- sible to automate applications distributed over a sysplex by virtually removing system boundaries for automation.

System Services benefi ts can include:

Increased system availability

Improved productivity of system programmers

A more consistent approach for confi guring z/OS com- ponents or products

System setup and automation using best practices which can greatly improve availability

Security Services

z/OS Version 1 Release 6 base elements and components

Integrated Security Services include:

-Public Key Infrastructure Services

-DCE Security Server

-Open Cryptographic Enhanced Plug-ins

-Firewall Technologies

-LDAP Services

-Network Authentifi cation Service

-Enterprise Identity Mapping

Cryptographic Services:

-Integrated Cryptographic Service Facility

-System SSL

-Open Cryptographic Services Facility

z/OS Version 1 Release 6 optional priced features

Security Server includes:

- RACF

z/OS Version 1 Release 6 optional no-charge features

z/OS Security Level 3 which includes:

-LDAP Security Level 3

-Network Authentication Service Level 3

-System SSL Security Level 3

-Open Cryptographic Services Facility Security Level 3

z/OS extends its robust mainframe security features to address the demands of on demand enterprises. Tech- nologies such as LDAP, Secure Sockets Layer (SSL), Kerberos V5, Public Key Infrastructure, and exploitation of zSeries cryptographic features are available in z/OS.

RACF

Resource Access Control Facility (RACF) provides the functions of authentication and access control for z/OS resources and data, including the ability to control access to DB2 objects using RACF profi les. Using an entity known as the RACF user ID, RACF can identify users requesting access to the system. The RACF user password (or valid substitute, such as a RACF PassTicket or a digital certifi - cate) authenticates the RACF user ID.

69

Page 68 Page 70
Image 69
Page 68 Page 70
Contents January IBM zSeries 890 and z/OS Reference GuideTable of Contents What does an on demand company look like? zSeries OverviewTools for Managing e-business The New zSeries from IBMz/Architecture Operating System Support z/ArchitectureOperating System IBM zSeriesz/Arch 31-bitBase Number of CPsEstimated Ratio z890 Design and Technology The z890 supports LPAR mode only basic mode is no longer supported z890 Family Models z890 Performance ComparisonIBM On/Off Capacity on Demand for z890 Page z800 to z890 and z890 Model Upgrades On/Off CoD Testz800 z890 z890 Performance Comparisons z890s Positioning in the zSeries Family z890 I/O Subsystemz890 Cage Layout CEC I/O CageUp to 30 Logical Partitions Greater than 15 Logical Partitions LPARsPhysical Channel IDs PCHIDs SubSystem Logical Channel SubSystem LCSS SpanningChannel Spanning z890 Channels and I/O ConnectivityUp to 420 ESCON Channels Up to 40 FICON Express ChannelsInterSystem Channel-3 ISC-3 Up to 80 FICON Express2 ChannelsIntegrated Cluster Bus-3 ICB-3 Integrated Cluster Bus-4 ICB-4Fibre Channel Connectivity Native FICON ChannelsFICON CTC function FICON Connectivity FICON Support for Cascaded DirectorsFCP Channels Preview - FCP LUN Access Control FCP Full fabric connectivityFICON Express enhancements for Storage Area Networks FICON purge path extended FICON Express2 Doubles the Channel Capacity A New Generation for SANs - FICON Express2FICON Express2 LX FICON Express2 SXContinued Support of Spanned Channels and LPARs Concurrent UpdateModes of Operation CascadingOSA-Express2 10 Gigabit Ethernet LR OSA-Express2 Gigabit EthernetConcurrent LIC update Layer Queued Direct Input/Output QDIO One port per featureImproved virtualization - now 640 TCP/IP stacks New functions in OSA-Express2Large send for TCP/IP traffic OSA-Express2 large send for the z/OS environment previewLayer 2 support - ideal for server consolidation OSA-Express2 concurrent LIC update - an availability enhancementOpen Systems Adapter-Express Features OSA-Express TCP/IP stack utilization improvement for OSA-Expressz890 OSA-Express 1000BASE-T Ethernet OSA-Integrated Console Controller Queued Direct Input/Output QDIOz890 OSA-Express Gigabit Ethernet NON-QDIO operational mode z890 OSA-Express Token-RingNote Statement of Direction LPAR Support of OSA-Express Server to User connectionsIPv6 Support Performance enhancements for virtual serversHiperSockets LCSS0 z/VMLCSS1 HiperSockets CHPIDHiperSockets Network Concentrator Cryptographyz890/z990 PCIXCC Designed for FIPS 140-2 level 4 certifi cation zSeries Security Certification CryptographyLogical Partitions Operating Systems Common Criteria Certifi cation SUSE LINUX on zSeriesThe Crypto Express2 feature supports the following Enabling use of less than 512-bit keys for clear key RSA operations Cryptographic support for 19-digit PANs2048-bit key RSA management for PCICC on z800, z900 TKE 4.2 code TKE 4.2 and Smart Card Reader Supportz890 Server Capacity BackUp CBU z890 Capacity Upgrade on Demand CUoDAvailability Plan Ahead and Concurrent Conditioningz890 Customer Initiated Upgrade CIU Automatic Enablement of CBU for GDPSOn/Off CoD Testing Order Staging for CIU-Express and On/Off CoDConcurrent Capacity BackUp Downgrade CBU Undo Concurrent MaintenanceAdvanced Availability Functions Transparent SparingParallel Sysplex Cluster Technology Coupling Facility Configuration Alternatives System-Managed CF Structure Duplexing GDPS/PPRC Cross Site Parallel Sysplex distance Extended to 100 km Parallel Sysplex Coupling ConnectivityRoute A Route Bz890 and z990 Theoretical Maximum Coupling Link Speed ConnectivityOptions zSeries IRD Scope Intelligent Resource DirectorLPAR CPU Management Dynamic Channel Path ManagementChannel Subsystem Priority Queuing Parallel Sysplex Professional ServicesGDPS GPDS/PPRC HyperSwap GDPS/PPRC Multiplatform Resiliency for zSeries GDPS/PPRC and GDPS/XRC FlashCopy SupportRe-IPL in place of failing operating system images Site takeover/failover of a complete production siteconfigurations Automatic Enablement of CBU for GDPSGDPS/Global Mirror - preview Performance enhancements for GDPS/PPRC and GDPS/XRCFacilities Continuous Availability Recommended Configuration for ParallelSysplex Components and assumptionsz890 Support for Linux Key attributes can includeLinux on zSeries IBM Middleware z/VM Version 4 and Version Linux Distribution PartnersIntegrated Facility for Linux IFL OSA-Express Ethernet for LinuxHiperSockets OSA-Express Enhancements for LinuxFibre Channel Protocol FCP channel Support for Linux Cryptographic Support for LinuxLinux Support Processor Unit Assignments zSeries 890 Family Configuration DetailProcessor Memory ChannelsOSA-Express Features Cryptographic Featuresz890 Frame and I/O Configuration Content Planning for I/O General Informationz890 Power/Heating/Cooling System Power Consumption 50/60 Hz, KVA Physical Characteristicsz890 Dimensions Coupling Facility - CF Level of SupportFiber-Optic Cabling and System Connectivity z/OS Integrated system servicesSupport for 64-bit real memory and 64-bit virtual storage z/OS.ez/OS Scalability zSeries Application Assist Processor64-bit Support LPAR CPU Management Dynamic Channel Path ManagementAutomation Support System Servicesz/OS Version 1 Release 6 optional priced features z/OS Version 1 Release 6 base elementsSense and Respond with Workload Manager WLM Improvements for WebSphereData Management with DFSMS CICS/VSAM enabled for 24x7 availability Parallel SysplexJES2 and JES3 System Management Services Console EnhancementsEnhancements SMP/E Security ServicesAdvanced System Automation RACFMultilevel Security RACF enhancementsLDAP ICSFa restriction where the private key had to reside in the RACF database PKI Services Network Authentication ServiceFirewall Application Enablement Services Language EnvironmentC/C++ Java Communication ServicesUnicode REXX FunctionsDynamic Virtual IP Address Takeover Intrusion Detection Services IDSSysplex Distributor IPv6z/OS UNIX HiperSocketsDistributed Computing Services UNIX System Services benefits can includeHighlights zSeries File System zFSInternet Services Distributed File Services DFS Server Message Block SMBInfoprint Central Print ServicesLibrary Center Integrated TestingSoftcopy Publications Support PublicationsInstallation Considerations z/OS 1.6 is supported on the following IBM serversMigration/Coexistence Migration, installation and customization enhancements zSeries Bimodal Support for z/OSWizards Order z/OS through the Internet z/VMz/VM Version 4 z/VM Version 3Exploiting New Technology New technological enhancements in z/VM V4.4 provide Systems ManagementNetworking with z/VM Application EnablementManagement and control of VLAN topology by the z/VM virtual switch C/C++ for z/VM Compiler 5654-A22z/VM Version 5 Enhancements in z/VM V5.1 include Engine-based Value Unit PricingVirtualization Technology and Linux Enablement Value Unit Pricing helps you toNetwork Virtualization and Security Technology Exploitation Systems Management ImprovementsFor further information see the z/VM Reference Guide, GM13-0137 VSE/ESA VSE/ESAz/VSE To learn more Endnotes
Related manuals
Manual 28 pages 54.75 Kb
Top Page Image Contents