6947ch05.fm

Draft Document for Review April 7, 2004 6:15 pm

IBM Processor Resource/System Manager (PR/SM) fully supports the PCIX Cryptographic Coprocessor features to establish a logically partitioned environment in which multiple logical partitions can use the cryptographic functions. A 128-bit data-protection master key, and one 192-bit Public Key Algorithm (PKA) master keys are provided for each of 16 cryptographic domains.

Via the dynamic add/delete of a logical partition name, a logical partition can be renamed: its name can be changed from ’NAME1’ to ‘ * ’ and then changed again from ‘ * ’ to ‘NAME2’. In this case, the logical partition number and MIF ID are retained across the logical partition name change. However, the master keys in PCIXCC that were associated with the old logical partition ‘NAME1’ are retained. There is no explicit action taken against a cryptographic component for this dynamic change.

Note: Cryptographic cards are not tied to partition numbers or MIF IDs. They are set up with AP numbers and domain indices. These are assigned to a partition profile of a given name. The customer can assign them to the partitions and clear them if needed.

5.2.3 PCI Cryptographic Accelerator (PCICA) feature

The Peripheral Component Interconnect Cryptographic Accelerator (PCICA) is an orderable feature on z990. This optional feature is a reduced-function, performance-enhanced addition to the CPACF and the PCIX Cryptographic Coprocessor with reduced functional characteristics. It does not have FIPS 140-2 level 4 certification and is non-programmable.

The z990 also supports the optional PCICA. The PCICA feature is used for the acceleration of modular arithmetic operations, in particular the complex RSA cryptographic operations used with the SSL protocol.

This is a unique cryptographic feature for SSL encryption. It has a very fast cryptographic processor designed to provide leading-edge performance of the complex Rivest-Shamir-Adelman (RSA) cryptographic operations used in the SSL protocol. In essence it is for SSL acceleration rather than for specialized financial applications for secure, long-term storage of keys or secrets. SSL is an essential and widely used protocol in secure e-business applications.

Since the PCI Cryptographic Accelerator is only involved in clear key operations, it does not need the tamper-proof design of the PCIXCC feature.

The PCICA feature provides functions designed for maximum acceleration of the complex RSA cryptographic operations used with the SSL protocol, including:

￿High-speed RSA cryptographic accelerator

￿1024- and 2048-bit RSA operations for the Modulus Exponent (ME) and Chinese Remainder Theorem (CRT) formats.

The maximum number of SSL transactions per second that can be supported on a z990 by any combination of CPACF, and PCICA features is limited by the amount of cycles available to perform the software portion of the SSL transactions. An IBM 2084 model B16 with 16 CPs active and six PCICA features is designed to provide increased secure Web transaction performance by supporting greater than 11,000 SSL handshakes per second.

124IBM eServer zSeries 990 Technical Guide

Page 138
Image 138
IBM 990 manual PCI Cryptographic Accelerator Pcica feature

990 specifications

The IBM 990 series, often referred to in the context of IBM's pioneering efforts in the realm of mainframe computing, represents a unique chapter in the history of information technology. Introduced in the late 1960s, the IBM 990 series was designed as a powerful tool for enterprise-level data processing and scientific calculations, showcasing the company's commitment to advancing computing capabilities.

One of the main features of the IBM 990 was its architecture, which was built to support a wide range of applications, from business processing to complex scientific computations. The system employed a 32-bit word length, which was advanced for its time, allowing for more flexible and efficient data handling. CPUs in the IBM 990 series supported multiple instructions per cycle, which contributed significantly to the overall efficiency and processing power of the machines.

The technology behind the IBM 990 was also notable for its use of solid-state technology. This provided a shift away from vacuum tube systems that were prevalent in earlier computing systems, enhancing the reliability and longevity of the hardware. The IBM 990 series utilized core memory, which was faster and more reliable than the magnetic drum memory systems that had been standard up to that point.

Another defining characteristic of the IBM 990 was its extensibility. Organizations could configure the machine to suit their specific needs by adding memory, storage, and peripheral devices as required. This modular approach facilitated the growth of systems alongside the technological and operational demands of the business environments they served.

In terms of software, the IBM 990 series was compatible with a variety of operating systems and programming environments, including FORTRAN and COBOL, enabling users to access a broader array of applications. This versatility was a significant advantage, making the IBM 990 an appealing choice for educational institutions, research facilities, and enterprises alike.

Moreover, the IBM 990 was engineered to support multiprocessing, which allowed multiple processes to run simultaneously, further increasing its effectiveness in tackling complex computing tasks.

In summary, the IBM 990 series represents a significant advancement in computing technology during the late 20th century. With a robust architecture, versatile configuration options, and a focus on solid-state technology, the IBM 990 facilitated substantial improvements in data processing capabilities, making it a cornerstone for many businesses and academic institutions of its time. Its impact can still be seen today in the continued evolution of mainframe computing.