IBM 890 manual Ldap, Icsf, a restriction where the private key had to reside in the RACF database

Page 71

z/OS SSL support includes the ability for applications to create multiple SSL environments within a single process. An application can now modify environment attributes without terminating any SSL sessions already underway.

IPv6 Support: This support allows System SSL to be used in an IPv6 network confi guration. It also enables System SSL to support both IPv4 and IPv6 Internet pro- tocol addresses.

Performance is improved with CRL Caching: Today, SSL supports certifi cate revocation lists (CRLs) stored in an LDAP server. Each time a certifi cate needs to be validated, a request is made to the LDAP server to get the list of CRLs. CRL Caching enables applications to request that the retrieved list of CRLs be cached for a defi ned length of time.

Support for the AES Symmetric Cipher for SSL V3 and TLS Connections: System SSL supports the Advanced Encryption Standard (AES), which provides data encryp- tion using 128-bit or 256-bit keys for SSL V3.0 and TLS V1.0 connections.

Support for DSS (Digital Signature Standard) Certifi cates: System SSL has been enhanced to support Digital Sig- nature Standard certifi cates defi ned by the FIPS (Federal Information Processing Standard) 186-1 Standard.

System SSL of RSA Private Keys Stored in ICSF: With z/OS 1.4, support is introduced that is designed to allow a certifi cate’s private key to reside in ICSF thus lifting

a restriction where the private key had to reside in the RACF database.

Failover LDAP provides greater availability: You can now specify a list of Security Server-LDAP servers to be used for storing certifi cate revocation lists (CRLs). When certifi cate validation is being performed, this list will be used to determine which LDAP server to connect to for the CRL information.

Simplifi ed administration with the ability to export and import certifi cate chains using PKCS#7 format fi les

LDAP

z/OS provides industry-standard Lightweight Directory Pro- tocol (LDAP) services supporting thousands of concurrent clients. Client access to information in multiple directories is supported with the LDAP protocol. The LDAP server supports thousands of concurrent clients, increasing the maximum number of concurrently connected clients by an order of magnitude.

Enhancements:

Mandatory Authentication Methods (required by IETF RFC 2829) are supported in z/OS 1.4: The CRAM-MD5 and DIGEST-MD5 authentication methods have been added. The methods avoid fl owing the user’s password over the connection to the server. The LDAP Server, the C/C++ APIs, and the utilities are updated with this sup- port. Interoperability is improved for any applications that make use of these methods.

TLS: z/OS LDAP now provides support for TLS (Trans- port Layer Security) as defi ned in IETF RFC 2830 as an alternative to SSL support. It also provides support, via an LDAP extended operation, that allows applications to selectively activate TLS for certain LDAP operations at the application’s discretion.

Support for IPv6 and 64-bit addressing

Peer-to-peer replication provides failover support for server availability. If a primary master server fails, there is now a backup master to which LDAP operations can be directed.

Large group support helps improve LDAP server perfor- mance when maintaining large access groups contain- ing many members.

ICSF

Integrated Cryptographic Service Facility (ICSF) is a part of z/OS which provides cryptographic functions for data security, data integrity, personal identifi cation, digital

71

Page 70 Page 72
Image 71
Page 70 Page 72
Contents January IBM zSeries 890 and z/OS Reference GuideTable of Contents What does an on demand company look like? zSeries OverviewTools for Managing e-business The New zSeries from IBMz/Architecture Operating System Support z/Architecture31-bit IBM zSeriesOperating System z/ArchEstimated Ratio BaseNumber of CPs z890 Design and Technology The z890 supports LPAR mode only basic mode is no longer supported IBM On/Off Capacity on Demand for z890 z890 Family Modelsz890 Performance Comparison Page z800 z890 z800 to z890 and z890 Model UpgradesOn/Off CoD Test z890 Performance Comparisons CEC I/O Cage z890 I/O Subsystemz890s Positioning in the zSeries Family z890 Cage LayoutLogical Channel SubSystem LCSS Spanning Greater than 15 Logical Partitions LPARsUp to 30 Logical Partitions Physical Channel IDs PCHIDs SubSystemUp to 40 FICON Express Channels z890 Channels and I/O ConnectivityChannel Spanning Up to 420 ESCON ChannelsIntegrated Cluster Bus-4 ICB-4 Up to 80 FICON Express2 ChannelsInterSystem Channel-3 ISC-3 Integrated Cluster Bus-3 ICB-3FICON CTC function Fibre Channel ConnectivityNative FICON Channels FCP Channels FICON ConnectivityFICON Support for Cascaded Directors FICON Express enhancements for Storage Area Networks Preview - FCP LUN Access ControlFCP Full fabric connectivity FICON purge path extended FICON Express2 SX A New Generation for SANs - FICON Express2FICON Express2 Doubles the Channel Capacity FICON Express2 LXCascading Concurrent UpdateContinued Support of Spanned Channels and LPARs Modes of OperationQueued Direct Input/Output QDIO One port per feature OSA-Express2 Gigabit EthernetOSA-Express2 10 Gigabit Ethernet LR Concurrent LIC update LayerOSA-Express2 large send for the z/OS environment preview New functions in OSA-Express2Improved virtualization - now 640 TCP/IP stacks Large send for TCP/IP trafficLayer 2 support - ideal for server consolidation OSA-Express2 concurrent LIC update - an availability enhancementz890 OSA-Express 1000BASE-T Ethernet Open Systems Adapter-Express Features OSA-ExpressTCP/IP stack utilization improvement for OSA-Express z890 OSA-Express Gigabit Ethernet OSA-Integrated Console ControllerQueued Direct Input/Output QDIO Note Statement of Direction NON-QDIO operational modez890 OSA-Express Token-Ring Performance enhancements for virtual servers Server to User connectionsLPAR Support of OSA-Express IPv6 SupportHiperSockets HiperSockets CHPID z/VMLCSS0 LCSS1HiperSockets Network Concentrator CryptographyOperating Systems Common Criteria Certifi cation SUSE LINUX on zSeries zSeries Security Certification Cryptographyz890/z990 PCIXCC Designed for FIPS 140-2 level 4 certifi cation Logical PartitionsThe Crypto Express2 feature supports the following 2048-bit key RSA management for PCICC on z800, z900 Enabling use of less than 512-bit keys for clear key RSA operationsCryptographic support for 19-digit PANs TKE 4.2 code TKE 4.2 and Smart Card Reader SupportPlan Ahead and Concurrent Conditioning z890 Capacity Upgrade on Demand CUoDz890 Server Capacity BackUp CBU AvailabilityOrder Staging for CIU-Express and On/Off CoD Automatic Enablement of CBU for GDPSz890 Customer Initiated Upgrade CIU On/Off CoD TestingTransparent Sparing Concurrent MaintenanceConcurrent Capacity BackUp Downgrade CBU Undo Advanced Availability FunctionsParallel Sysplex Cluster Technology Coupling Facility Configuration Alternatives System-Managed CF Structure Duplexing Route B Parallel Sysplex Coupling ConnectivityGDPS/PPRC Cross Site Parallel Sysplex distance Extended to 100 km Route AOptions z890 and z990 Theoretical Maximum Coupling Link SpeedConnectivity Dynamic Channel Path Management Intelligent Resource DirectorzSeries IRD Scope LPAR CPU ManagementChannel Subsystem Priority Queuing Parallel Sysplex Professional ServicesGDPS GPDS/PPRC HyperSwap Site takeover/failover of a complete production site GDPS/PPRC and GDPS/XRC FlashCopy SupportGDPS/PPRC Multiplatform Resiliency for zSeries Re-IPL in place of failing operating system imagesPerformance enhancements for GDPS/PPRC and GDPS/XRC Automatic Enablement of CBU for GDPSconfigurations GDPS/Global Mirror - previewComponents and assumptions Continuous Availability Recommended Configuration for ParallelFacilities SysplexLinux on zSeries z890 Support for LinuxKey attributes can include IBM Middleware OSA-Express Ethernet for Linux Linux Distribution Partnersz/VM Version 4 and Version Integrated Facility for Linux IFLHiperSockets OSA-Express Enhancements for LinuxLinux Support Fibre Channel Protocol FCP channel Support for LinuxCryptographic Support for Linux Channels zSeries 890 Family Configuration DetailProcessor Unit Assignments Processor MemoryGeneral Information Cryptographic FeaturesOSA-Express Features z890 Frame and I/O Configuration Content Planning for I/OCoupling Facility - CF Level of Support Physical Characteristicsz890 Power/Heating/Cooling System Power Consumption 50/60 Hz, KVA z890 DimensionsFiber-Optic Cabling and System Connectivity z/OS Integrated system servicesSupport for 64-bit real memory and 64-bit virtual storage z/OS.eLPAR CPU Management Dynamic Channel Path Management zSeries Application Assist Processorz/OS Scalability 64-bit Supportz/OS Version 1 Release 6 base elements System ServicesAutomation Support z/OS Version 1 Release 6 optional priced featuresData Management with DFSMS Sense and Respond with Workload ManagerWLM Improvements for WebSphere JES2 and JES3 CICS/VSAM enabled for 24x7 availabilityParallel Sysplex Enhancements System Management ServicesConsole Enhancements RACF Security ServicesSMP/E Advanced System AutomationMultilevel Security RACF enhancementsa restriction where the private key had to reside in the RACF database LDAPICSF Firewall PKI ServicesNetwork Authentication Service C/C++ Application Enablement ServicesLanguage Environment REXX Functions Communication ServicesJava UnicodeIPv6 Intrusion Detection Services IDSDynamic Virtual IP Address Takeover Sysplex Distributorz/OS UNIX HiperSocketszSeries File System zFS UNIX System Services benefits can includeDistributed Computing Services HighlightsInternet Services Distributed File Services DFS Server Message Block SMBInfoprint Central Print ServicesPublications Integrated TestingLibrary Center Softcopy Publications SupportMigration/Coexistence Installation Considerationsz/OS 1.6 is supported on the following IBM servers Wizards Migration, installation and customization enhancementszSeries Bimodal Support for z/OS Order z/OS through the Internet z/VMz/VM Version 4 z/VM Version 3Exploiting New Technology New technological enhancements in z/VM V4.4 provide Systems ManagementC/C++ for z/VM Compiler 5654-A22 Application EnablementNetworking with z/VM Management and control of VLAN topology by the z/VM virtual switchz/VM Version 5 Value Unit Pricing helps you to Engine-based Value Unit PricingEnhancements in z/VM V5.1 include Virtualization Technology and Linux EnablementNetwork Virtualization and Security For further information see the z/VM Reference Guide, GM13-0137 Technology ExploitationSystems Management Improvements z/VSE VSE/ESAVSE/ESA To learn more Endnotes
Related manuals
Manual 28 pages 54.75 Kb
Top Page Image Contents