IBM 890 manual Cryptography, HiperSockets Network Concentrator

HiperSockets broadcast support for IPv4 packets – Linux, z/OS, z/VM: Internet Protocol Version 4 (IPv4) broadcast packets are now supported over HiperSockets internal LANs. TCP/IP applications that support IPv4 broadcast, such

as z/OS OMPROUTE when running Routing Information Protocol Version 1 (RIPv1), can send and receive broad- cast packets over HiperSockets interfaces. This support is exclusive to z890 and z990. Broadcast for IPv4 packets is supported by Linux for zSeries. Support is available in z/OS 1.5. Support is also offered in z/VM 4.4 and later.

HiperSockets Network Concentrator

HiperSockets Network Concentrator support, exclusive to z890 and z990, can simplify network addressing between HiperSockets and OSA-Express. You can now integrate HiperSockets-connected operating systems into external networks, without requiring intervening network routing overhead, thus helping to increase performance and sim- plify confi guration. With the HiperSockets Network Con- centrator support, you can confi gure a special purpose Linux operating system instance, which can transparently bridge traffi c between a HiperSockets internal LAN and an external OSA-Express network attachment, similar to a real Layer 2 switch which bridges between different network segments. This support can make the internal HiperSockets network address connection appear as if it were directly con- nected to the external network.

In the on demand era, security will be a strong require- ment. The zSeries products will continue to address secu- rity with announcements and deliveries of products and features.

The main focus in cryptography will continue to be very high and scalable performance for SSL algorithms, sec- ondly, to provide security-rich, symmetric performance for

financial and banking applications using PIN/POS type encryption. As in the past zSeries will be designed to deliver seamless integration of the cryptography facilities through use of ICSF. Use of ICSF will enable applications to be designed to work without change regardless of how and where the cryptographic functions are implemented, and also assure that the cryptography work to be load bal- anced across the hardware resources. Finally we will be focused on required certifi cations and open standards.

The existing PCICA card feature will continue to be avail- able on the z890 and z990 – for SSL acceleration / clear key operations. To support the increased number of LPARs available on z890 and z990, the confi guration options

for the crypto PCICA adapter – introduced with the z900

–will be extended to allow sharing of a PCICA over the whole range of LPARs with a max of 16 LPARs sharing one PCICA adapter.

In addition to the PCICA, a new crypto adapter (PCIXCC) is introduced as a functional replacement for the CMOS Cryptographic Coprocessor and the PCI Cryptographic Coprocessor. The PCIXCC adapter design introduces

a breakthrough concept which supports high security demanding applications requiring a FIPS 140-2 level 4 cer- tifi ed crypto module, and also as an execution environment for customer written programs and a high performance path for Public Key / SSL operations. The PCIXCC hardware