29
a method for key identifi cation, exchange, separation,
update, backup, and management. The TKE worksta-
tion and 4.0 code level are designed to provide a secure,
remote, and fl exible method of providing Master Key Entry
and to remotely manage PCIX Cryptographic Coprocessors.
zSeries Security Certifi cation
Cryptography
• z890/z990 PCIXCC:
– Designed for FIPS 140-2 level 4 certifi cation
• Logical Partitions
– z900 and z800 servers are the fi rst and only to receive
Common Criteria EAL5 certifi cation
• Operating Systems Common Criteria Certifi cation
– SUSE LINUX on zSeries
– SUSE SLES 8 has been certifi ed for Controlled
Access Protection Profi le (CAPP) EAL3+
• z/OS 1.6
– z/OS 1.6 is under evaluation for Controlled Access
Protection Profi le (CAPP) EAL3+ and Labeled Security
Protection Profi le (LSPP) EAL3+.
• z/VM
– z/VM has applied for Common Criteria (ISO/IEC
15408) certifi cation of z/VM V5.1 with the RACF
®
for
z/VM optional feature against the Controlled Access
Protection Profi le (CAPP) and the Labeled Security
Protection Profi le (LSPP), both at the EAL3+ assur-
ance level.
z990 Capacity Upgrade on Demand (CUoD)
Capacity Upgrade on Demand allows for the nondisruptive
addition of one or more Central Processors (CPs), Inter-
nal Coupling Facilities (ICFs), Integrated Facility for Linux
(IFLs), and IBM ^ zSeries Application Assist Pro-
cessor (zAAP). Capacity Upgrade on Demand can quickly
add processors up to the maximum number of available
inactive engines. This provides customers with the capac-
ity for much needed dynamic growth in an unpredictable
e-business world. The Capacity Upgrade on Demand
functions, combined with Parallel Sysplex technology, can
enable virtually unlimited capacity upgrade capability.
The CUoD functions are:
• Nondisruptive CP, ICF, IFL, and zAAP upgrades within
minutes
• Dynamic upgrade of all I/O cards in the I/O Cage
• Dynamic upgrade of spare installed memory
Plan Ahead and Concurrent Conditioning
Concurrent Conditioning confi gures a system for hot
plugging of I/O based on a future specifi ed target con-
fi guration. Concurrent Conditioning of the zSeries I/O is
minimized by the fact that all I/O cards plugging into the
zSeries I/O cage are hot pluggable. This means that the
only I/O to be conditioned is the I/O cage itself. The ques-
tion of whether or not to concurrently condition a cage is
a very important consideration, especially with the rapid
change in the IT environment (e-business) as well as the
technology. Migration to FICON Express or additional
OSA-Express networking is exceptionally easy and non-
disruptive with the appropriate microcode load and if the
cage space is available.
Availability