IBM Z10 BC manual Commitment to system integrity, z/VM

•Improved availability with Parallel Sysplex and Coupling Facility improvement

•Enhanced application development and integration with new System REXX™ facility, Metal C facility, and z/OS UNIX® System Services commands

•Enhanced Workload Manager in managing discretionary work and zIIP and zAAP workloads

Commitment to system integrity

First issued in 1973, IBM’s MVS™ System Integrity State- ment and subsequent statements for OS/390® and z/OS stand as a symbol of IBM’s confi dence and commitment to the z/OS operating system. Today, IBM reaffi rms its com- mitment to z/OS system integrity.

IBM’s commitment includes designs and development practices intended to prevent unauthorized application programs, subsystems, and users from bypassing z/OS security—that is, to prevent them from gaining access, circumventing, disabling, altering, or obtaining control of key z/OS system processes and resources unless allowed by the installation. Specifi cally, z/OS “System Integrity” is defi ned as the inability of any program not authorized by a mechanism under the installation’s control to circumvent or disable store or fetch protection, access a resource protected by the z/OS Security Server (RACF), or obtain control in an authorized state; that is, in supervisor state, with a protection key less than eight (8), or Authorized Program Facility (APF) authorized. In the event that an IBM System Integrity problem is reported, IBM will always take action to resolve it.

IBM’s long-term commitment to System Integrity is unique in the industry, and forms the basis of the z/OS industry leadership in system security. z/OS is designed to help you protect your system, data, transactions, and applications from accidental or malicious modifi cation. This is one of the many reasons System z remains the industry’s premier data server for mission-critical workloads.

z/VM

z/VM V5.4 is designed to extend its System z virtualization technology leadership by exploiting more capabilities of System z servers including:

•Greater fl exibility, with support for the new z/VM-mode logical partitions, allowing all System z processor-types (CPs, IFLs, zIIPs, zAAPs, and ICFs) to be defi ned in the same z/VM LPAR for use by various guest operating systems

•Capability to install Linux on System z as well as z/VM from the HMC on a System z10 that eliminates the need for any external network setup or a physical connection between an LPAR and the HMC

•Enhanced physical connectivity by exploiting all OSA- Express3 ports, helping service the network and reduc- ing the number of required resources

•Dynamic memory upgrade support that allows real memory to be added to a running z/VM system. With z/VM V5.4, memory can be added nondisruptively to individual guests that support the dynamic memory reconfi guration architecture. Systems can now be confi gured to reduce the need to re-IPL z/VM. Processors, channels, OSA adapters, and now memory can be dynamically added to both the z/VM system itself and to individual guests.

The operation and management of virtual machines has been enhanced with new systems management APIs, improvements to the algorithm for distributing a guest’s CPU share among virtual processors, and usability enhancements for managing a virtual network.

Security capabilities of z/VM V5.4 provide an upgraded LDAP server at the functional level of the z/OS V1.10 IBM Tivoli® Directory Server for z/OS and enhancements to the RACF Security Server to create LDAP change log entries in response to updates to RACF group and user profi les, including user passwords and password phrases. The z/VM SSL server now operates in a CMS environment, instead of requiring a Linux distribution, thus allowing encryption ser- vices to be deployed more quickly and helping to simplify installation, service, and release-to-release migration.