IBM z/OS manual Availability, ZSeries Security Certification Cryptography

a method for key identifi cation, exchange, separation, update, backup, and management. The TKE worksta- tion and 4.0 code level are designed to provide a secure, remote, and fl exible method of providing Master Key Entry and to remotely manage PCIX Cryptographic Coprocessors.

zSeries Security Certification

Cryptography

•z890/z990 PCIXCC:

–Designed for FIPS 140-2 level 4 certifi cation

•Logical Partitions

–z900 and z800 servers are the fi rst and only to receive Common Criteria EAL5 certifi cation

•Operating Systems Common Criteria Certifi cation

–SUSE LINUX on zSeries

–SUSE SLES 8 has been certifi ed for Controlled Access Protection Profi le (CAPP) EAL3+

•z/OS 1.6

–z/OS 1.6 is under evaluation for Controlled Access Protection Profi le (CAPP) EAL3+ and Labeled Security Protection Profi le (LSPP) EAL3+.

•z/VM

–z/VM has applied for Common Criteria (ISO/IEC 15408) certifi cation of z/VM V5.1 with the RACF® for z/VM optional feature against the Controlled Access Protection Profi le (CAPP) and the Labeled Security Protection Profi le (LSPP), both at the EAL3+ assur- ance level.

z990 Capacity Upgrade on Demand (CUoD)

Capacity Upgrade on Demand allows for the nondisruptive addition of one or more Central Processors (CPs), Inter- nal Coupling Facilities (ICFs), Integrated Facility for Linux (IFLs), and IBM ^zSeries Application Assist Pro- cessor (zAAP). Capacity Upgrade on Demand can quickly add processors up to the maximum number of available inactive engines. This provides customers with the capac- ity for much needed dynamic growth in an unpredictable e-business world. The Capacity Upgrade on Demand functions, combined with Parallel Sysplex technology, can enable virtually unlimited capacity upgrade capability.

The CUoD functions are:

•Nondisruptive CP, ICF, IFL, and zAAP upgrades within minutes

•Dynamic upgrade of all I/O cards in the I/O Cage

•Dynamic upgrade of spare installed memory

Plan Ahead and Concurrent Conditioning

Concurrent Conditioning confi gures a system for hot plugging of I/O based on a future specifi ed target con-

figuration. Concurrent Conditioning of the zSeries I/O is minimized by the fact that all I/O cards plugging into the zSeries I/O cage are hot pluggable. This means that the only I/O to be conditioned is the I/O cage itself. The ques- tion of whether or not to concurrently condition a cage is a very important consideration, especially with the rapid change in the IT environment (e-business) as well as the technology. Migration to FICON Express or additional OSA-Express networking is exceptionally easy and non- disruptive with the appropriate microcode load and if the cage space is available.