Cryptographic support for 19-digit PANs | IBM 890 instruction

Image 36

IBM 890 manual Enabling use of less than 512-bit keys for clear key RSA operations, Cryptographic support for 19-digit PANs

Contents

IBM zSeries 890 and z/OS Reference Guide January Table of Contents zSeries Overview What does an on demand company look like? The New zSeries from IBM Tools for Managing e-business z/Architecture z/Architecture Operating System Support IBM zSeries Operating Systemz/Arch 31-bit Base Number of CPsEstimated Ratio z890 Design and Technology The z890 supports LPAR mode only basic mode is no longer supported z890 Family Models z890 Performance ComparisonIBM On/Off Capacity on Demand for z890 Page z800 to z890 and z890 Model Upgrades On/Off CoD Testz800 z890 z890 Performance Comparisons z890 I/O Subsystem z890s Positioning in the zSeries Familyz890 Cage Layout CEC I/O Cage Greater than 15 Logical Partitions LPARs Up to 30 Logical PartitionsPhysical Channel IDs PCHIDs SubSystem Logical Channel SubSystem LCSS Spanning z890 Channels and I/O Connectivity Channel SpanningUp to 420 ESCON Channels Up to 40 FICON Express Channels Up to 80 FICON Express2 Channels InterSystem Channel-3 ISC-3Integrated Cluster Bus-3 ICB-3 Integrated Cluster Bus-4 ICB-4 Fibre Channel Connectivity Native FICON ChannelsFICON CTC function FICON Connectivity FICON Support for Cascaded DirectorsFCP Channels Preview - FCP LUN Access Control FCP Full fabric connectivityFICON Express enhancements for Storage Area Networks FICON purge path extended A New Generation for SANs - FICON Express2 FICON Express2 Doubles the Channel CapacityFICON Express2 LX FICON Express2 SX Concurrent Update Continued Support of Spanned Channels and LPARsModes of Operation Cascading OSA-Express2 Gigabit Ethernet OSA-Express2 10 Gigabit Ethernet LRConcurrent LIC update Layer Queued Direct Input/Output QDIO One port per feature New functions in OSA-Express2 Improved virtualization - now 640 TCP/IP stacksLarge send for TCP/IP trafﬁc OSA-Express2 large send for the z/OS environment preview OSA-Express2 concurrent LIC update - an availability enhancement Layer 2 support - ideal for server consolidation Open Systems Adapter-Express Features OSA-Express TCP/IP stack utilization improvement for OSA-Expressz890 OSA-Express 1000BASE-T Ethernet OSA-Integrated Console Controller Queued Direct Input/Output QDIOz890 OSA-Express Gigabit Ethernet NON-QDIO operational mode z890 OSA-Express Token-RingNote Statement of Direction Server to User connections LPAR Support of OSA-ExpressIPv6 Support Performance enhancements for virtual servers HiperSockets z/VM LCSS0LCSS1 HiperSockets CHPID Cryptography HiperSockets Network Concentrator zSeries Security Certiﬁcation Cryptography z890/z990 PCIXCC Designed for FIPS 140-2 level 4 certiﬁ cationLogical Partitions Operating Systems Common Criteria Certiﬁ cation SUSE LINUX on zSeries The Crypto Express2 feature supports the following Enabling use of less than 512-bit keys for clear key RSA operations Cryptographic support for 19-digit PANs2048-bit key RSA management for PCICC on z800, z900 TKE 4.2 and Smart Card Reader Support TKE 4.2 code z890 Capacity Upgrade on Demand CUoD z890 Server Capacity BackUp CBUAvailability Plan Ahead and Concurrent Conditioning Automatic Enablement of CBU for GDPS z890 Customer Initiated Upgrade CIUOn/Off CoD Testing Order Staging for CIU-Express and On/Off CoD Concurrent Maintenance Concurrent Capacity BackUp Downgrade CBU UndoAdvanced Availability Functions Transparent Sparing Parallel Sysplex Cluster Technology Coupling Facility Conﬁguration Alternatives System-Managed CF Structure Duplexing Parallel Sysplex Coupling Connectivity GDPS/PPRC Cross Site Parallel Sysplex distance Extended to 100 kmRoute A Route B z890 and z990 Theoretical Maximum Coupling Link Speed ConnectivityOptions Intelligent Resource Director zSeries IRD ScopeLPAR CPU Management Dynamic Channel Path Management Parallel Sysplex Professional Services Channel Subsystem Priority Queuing GDPS GPDS/PPRC HyperSwap GDPS/PPRC and GDPS/XRC FlashCopy Support GDPS/PPRC Multiplatform Resiliency for zSeriesRe-IPL in place of failing operating system images Site takeover/failover of a complete production site Automatic Enablement of CBU for GDPS conﬁgurationsGDPS/Global Mirror - preview Performance enhancements for GDPS/PPRC and GDPS/XRC Continuous Availability Recommended Conﬁguration for Parallel FacilitiesSysplex Components and assumptions z890 Support for Linux Key attributes can includeLinux on zSeries IBM Middleware Linux Distribution Partners z/VM Version 4 and VersionIntegrated Facility for Linux IFL OSA-Express Ethernet for Linux OSA-Express Enhancements for Linux HiperSockets Fibre Channel Protocol FCP channel Support for Linux Cryptographic Support for LinuxLinux Support zSeries 890 Family Conﬁguration Detail Processor Unit AssignmentsProcessor Memory Channels Cryptographic Features OSA-Express Featuresz890 Frame and I/O Conﬁguration Content Planning for I/O General Information Physical Characteristics z890 Power/Heating/Cooling System Power Consumption 50/60 Hz, KVAz890 Dimensions Coupling Facility - CF Level of Support Fiber-Optic Cabling and System Connectivity Integrated system services z/OS z/OS.e Support for 64-bit real memory and 64-bit virtual storage zSeries Application Assist Processor z/OS Scalability64-bit Support LPAR CPU Management Dynamic Channel Path Management System Services Automation Supportz/OS Version 1 Release 6 optional priced features z/OS Version 1 Release 6 base elements Sense and Respond with Workload Manager WLM Improvements for WebSphereData Management with DFSMS CICS/VSAM enabled for 24x7 availability Parallel SysplexJES2 and JES3 System Management Services Console EnhancementsEnhancements Security Services SMP/EAdvanced System Automation RACF RACF enhancements Multilevel Security LDAP ICSFa restriction where the private key had to reside in the RACF database PKI Services Network Authentication ServiceFirewall Application Enablement Services Language EnvironmentC/C++ Communication Services JavaUnicode REXX Functions Intrusion Detection Services IDS Dynamic Virtual IP Address TakeoverSysplex Distributor IPv6 HiperSockets z/OS UNIX UNIX System Services beneﬁts can include Distributed Computing ServicesHighlights zSeries File System zFS Distributed File Services DFS Server Message Block SMB Internet Services Print Services Infoprint Central Integrated Testing Library CenterSoftcopy Publications Support Publications Installation Considerations z/OS 1.6 is supported on the following IBM serversMigration/Coexistence Migration, installation and customization enhancements zSeries Bimodal Support for z/OSWizards z/VM Order z/OS through the Internet z/VM Version 3 z/VM Version 4 Exploiting New Technology Systems Management New technological enhancements in z/VM V4.4 provide Application Enablement Networking with z/VMManagement and control of VLAN topology by the z/VM virtual switch C/C++ for z/VM Compiler 5654-A22 z/VM Version 5 Engine-based Value Unit Pricing Enhancements in z/VM V5.1 includeVirtualization Technology and Linux Enablement Value Unit Pricing helps you to Network Virtualization and Security Technology Exploitation Systems Management ImprovementsFor further information see the z/VM Reference Guide, GM13-0137 VSE/ESA VSE/ESAz/VSE To learn more Endnotes