System z Crypto and TKE Update PDF Download

Are you looking for read ebook online? Search for your book and save it on your Kindle device, PC, phones or tablets. Download System z Crypto and TKE Update PDF full book. Access full book title System z Crypto and TKE Update by Karan Singh. Download full books in PDF and EPUB format.

System z Crypto and TKE Update

System z Crypto and TKE Update PDF Author: Karan Singh
Publisher: IBM Redbooks
ISBN: 0738435546
Category : Computers
Languages : en
Pages : 328

Book Description
This IBM® Redbooks® publication provides detailed information about the implementation of hardware cryptography in the System z10® server. We begin by summarizing the history of hardware cryptography on IBM Mainframe servers, introducing the cryptographic support available on the IBM System z10, introducing the Crypto Express3 feature, briefly comparing the functions provided by the hardware and software, and providing a high-level overview of the application programming interfaces available for invoking cryptographic support. This book then provides detailed information about the Crypto Express3 feature, discussing at length its physical design, its function and usage details, the services that it provides, and the API exposed to the programmer. This book also provides significant coverage of the CP Assist for Cryptographic Functions (CPACF). Details on the history and purpose of the CPACF are provided, along with an overview of cryptographic keys and CPACF usage details. A chapter on the configuration of the hardware cryptographic features is provided, which covers topics such as zeroizing domains and security settings. We examine the software support for the cryptographic functions available on the System z10 server. We look at the recent changes in the Integrated Cryptographic Service Facility (ICSF) introduced with level HCR7770 for the z/OS® operating system. A discussion of PKCS#11 support presents an overview of the standard and provides details on configuration and exploitation of PKCS#11 services available on the z/OS operating system. The Trusted Key Entry (TKE) Version 6.0 workstation updates are examined in detail and examples are presented on the configuration, usage, and exploitation of the new features. We discuss the cryptographic support available for Linux® on System z®, with a focus on the services available through the IBM Common Cryptographic Architecture (CCA) API. We also provide an overview on Elliptical Curve Cryptography (ECC), along with examples of exploiting ECC using ICSF PKCS#11 services. Sample Rexx and Assembler code is provided that demonstrate the capabilities of CPACF protected keys.

System z Crypto and TKE Update

System z Crypto and TKE Update PDF Author: Karan Singh
Publisher: IBM Redbooks
ISBN: 0738435546
Category : Computers
Languages : en
Pages : 328

Book Description
This IBM® Redbooks® publication provides detailed information about the implementation of hardware cryptography in the System z10® server. We begin by summarizing the history of hardware cryptography on IBM Mainframe servers, introducing the cryptographic support available on the IBM System z10, introducing the Crypto Express3 feature, briefly comparing the functions provided by the hardware and software, and providing a high-level overview of the application programming interfaces available for invoking cryptographic support. This book then provides detailed information about the Crypto Express3 feature, discussing at length its physical design, its function and usage details, the services that it provides, and the API exposed to the programmer. This book also provides significant coverage of the CP Assist for Cryptographic Functions (CPACF). Details on the history and purpose of the CPACF are provided, along with an overview of cryptographic keys and CPACF usage details. A chapter on the configuration of the hardware cryptographic features is provided, which covers topics such as zeroizing domains and security settings. We examine the software support for the cryptographic functions available on the System z10 server. We look at the recent changes in the Integrated Cryptographic Service Facility (ICSF) introduced with level HCR7770 for the z/OS® operating system. A discussion of PKCS#11 support presents an overview of the standard and provides details on configuration and exploitation of PKCS#11 services available on the z/OS operating system. The Trusted Key Entry (TKE) Version 6.0 workstation updates are examined in detail and examples are presented on the configuration, usage, and exploitation of the new features. We discuss the cryptographic support available for Linux® on System z®, with a focus on the services available through the IBM Common Cryptographic Architecture (CCA) API. We also provide an overview on Elliptical Curve Cryptography (ECC), along with examples of exploiting ECC using ICSF PKCS#11 services. Sample Rexx and Assembler code is provided that demonstrate the capabilities of CPACF protected keys.

Getting Started with z/OS Data Set Encryption

Getting Started with z/OS Data Set Encryption PDF Author: Bill White
Publisher: IBM Redbooks
ISBN: 0738460222
Category : Computers
Languages : en
Pages : 274

Book Description
This IBM® Redpaper Redbooks® publication provides a broad explanation of data protection through encryption and IBM Z® pervasive encryption with a focus on IBM z/OS® data set encryption. It describes how the various hardware and software components interact in a z/OS data set encryption environment. In addition, this book concentrates on the planning and preparing of the environment and offers implementation, configuration, and operational examples that can be used in z/OS data set encryption environments. This publication is intended for IT architects, system programmer, and security administrators who plan for, deploy, and manage security on the Z platform. The reader is expected to have a basic understanding of IBM Z security concepts.

Key Management Deployment Guide: Using the IBM Enterprise Key Management Foundation

Key Management Deployment Guide: Using the IBM Enterprise Key Management Foundation PDF Author: Axel Buecker
Publisher: IBM Redbooks
ISBN: 0738439916
Category : Computers
Languages : en
Pages : 390

Book Description
In an increasingly interconnected world, data breaches grab headlines. The security of sensitive information is vital, and new requirements and regulatory bodies such as the Payment Card Industry Data Security Standard (PCI-DSS), Health Insurance Portability and Accountability Act (HIPAA), and Sarbanes-Oxley (SOX) create challenges for enterprises that use encryption to protect their information. As encryption becomes more widely adopted, organizations also must contend with an ever-growing set of encryption keys. Effective management of these keys is essential to ensure both the availability and security of the encrypted information. Centralized management of keys and certificates is necessary to perform the complex tasks that are related to key and certificate generation, renewal, and backup and recovery. The IBM® Enterprise Key Management Foundation (EKMF) is a flexible and highly secure key management system for the enterprise. It provides centralized key management on IBM zEnterprise® and distributed platforms for streamlined, efficient, and secure key and certificate management operations. This IBM Redbooks® publication introduces key concepts around a centralized key management infrastructure and depicts the proper planning, implementation, and management of such a system using the IBM Enterprise Key Management Foundation solution.

Security on IBM z/VSE

Security on IBM z/VSE PDF Author: Helmut Hellner
Publisher: IBM Redbooks
ISBN: 0738456918
Category : Computers
Languages : en
Pages : 472

Book Description
One of a firm's most valuable resources is its data: client lists, accounting data, employee information, and so on. This critical data must be securely managed and controlled, and simultaneously made available to those users authorized to see it. The IBM® z/VSE® system features extensive capabilities to simultaneously share the firm's data among multiple users and protect them. Threats to this data come from various sources. Insider threats and malicious hackers are not only difficult to detect and prevent, they might be using resources with the business being unaware. This IBM Redbooks® publication was written to assist z/VSE support and security personnel in providing the enterprise with a safe, secure and manageable environment. This book provides an overview of the security that is provided by z/VSE and the processes for the implementation and configuration of z/VSE security components, Basic Security Manager (BSM), IBM CICS® security, TCP/IP security, single sign-on using LDAP, and connector security.

Security on z/VM

Security on z/VM PDF Author: Paola Bari
Publisher: IBM Redbooks
ISBN: 0738488542
Category : Computers
Languages : en
Pages : 348

Book Description
Discussions about server sprawl, rising software costs, going green, or moving data centers to reduce the cost of business are held in many meetings or conference calls in many organizations throughout the world. And many organizations are starting to turn toward System zTM and z/VM® after such discussions. The virtual machine operating system has over 40 years of experience as a hosting platform for servers, from the days of VM/SP, VM/XA, VM/ESA® and especially now with z/VM. With the consolidation of servers and conservative estimates that approximately seventy percent of all critical corporate data reside on System z, we find ourselves needing a highly secure environment for the support of this infrastructure. This document was written to assist z/VM support and security personnel in providing the enterprise with a safe, secure and manageable environment. This IBM® Redbooks® publication provides an overview of security and integrity provided by z/VM and the processes for the implementation and configuration of z/VM Security Server, z/VM LDAP Server, IBM Tivoli® Directory Server for z/OS®, and Linux® on System z with PAM for LDAP authentication. Sample scenarios with RACF® database sharing between z/VM and z/OS, or through Tivoli Directory Integrator to synchronize LDAP databases, are also discussed in this book. This book provides information about configuration and usage of Linux on System z with the System z Cryptographic features documenting their hardware and software configuration. The Consul zSecure Pro Suite is also part of this document: this product helps to control and audit security not only on one system, but can be used as a single point of enterprise wide security control. This document covers the installation and configuration of this product and detailed information is presented on how z/Consul can be used to collect and analyze z/VM security data and how it can be helpful in the administration of your audit data.

Reduce Risk and Improve Security on IBM Mainframes: Volume 1 Architecture and Platform Security

Reduce Risk and Improve Security on IBM Mainframes: Volume 1 Architecture and Platform Security PDF Author: Axel Buecker
Publisher: IBM Redbooks
ISBN: 0738440108
Category : Computers
Languages : en
Pages : 332

Book Description
This IBM® Redbooks® publication documents the strength and value of the IBM security strategy with IBM System z® hardware and software. In an age of increasing security consciousness, IBM System z provides the capabilities to address the needs of today's business security challenges. This publication explores how System z hardware is designed to provide integrity, process isolation, and cryptographic capability to help address security requirements. This book highlights the features of IBM z/OS® and other operating systems, which offer various customizable security elements under the Security Server and Communication Server components. This book describes z/OS and other operating systems and additional software that leverage the building blocks of System z hardware to provide solutions to business security needs. This publication's intended audience is technical architects, planners, and managers who are interested in exploring how the security design and features of System z, the z/OS operating system, and associated software address current issues, such as data encryption, authentication, authorization, network security, auditing, ease of security administration, and monitoring.

Leveraging Integrated Cryptographic Service Facility

Leveraging Integrated Cryptographic Service Facility PDF Author: Lydia Parziale
Publisher: IBM Redbooks
ISBN: 0738456551
Category : Computers
Languages : en
Pages : 38

Book Description
Integrated Cryptographic Service Facility (ICSF) is a part of the IBM® z/OS® operating system that provides cryptographic functions for data security, data integrity, personal identification, digital signatures, and the management of cryptographic keys. Together with the cryptography features of the IBM Z family, it provides secure, high-performance cryptographic functions (such as the loading of master key values) that enable the hardware features to be used by applications. This IBM RedpaperTM publication briefly describes ICSF and the key elements of z/OS that address different security needs. The audience for this publication is cryptographic administrators and security administrators, and those in charge of auditing security in an organization.

OSA-Express Implementation Guide

OSA-Express Implementation Guide PDF Author: Mike Ebbers
Publisher: IBM Redbooks
ISBN: 0738439436
Category : Computers
Languages : en
Pages : 290

Book Description
This IBM® Redbooks® publication will help you to install, tailor, and configure the Open Systems Adapter (OSA) features that are available on IBM zEnterprise® servers. It focuses on the hardware installation and the software definitions that are necessary to provide connectivity to LAN environments. This information will help you with planning and system setup. This book also includes helpful utilities and commands for monitoring and managing the OSA features. This information will be helpful to systems engineers, network administrators, and system programmers who plan for and install OSA features. The reader is expected to have a good understanding of IBM System z® hardware, Hardware Configuration Definition (HCD) or the input/output configuration program (IOCP), Open Systems Adapter Support Facility (OSA/SF), Systems Network Architecture/Advanced Peer-to-Peer Networking (SNA/APPN), and TCP/IP protocol.

IBM z13s Technical Guide

IBM z13s Technical Guide PDF Author: Octavian Lascu
Publisher: IBM Redbooks
ISBN: 0738441678
Category : Computers
Languages : en
Pages : 588

Book Description
Digital business has been driving the transformation of underlying information technology (IT) infrastructure to be more efficient, secure, adaptive, and integrated. IT must be able to handle the explosive growth of mobile clients and employees. It also must be able to process enormous amounts of data to provide deep and real-time insights to help achieve the greatest business impact. This IBM® Redbooks® publication addresses the new IBM z SystemsTM single frame, the IBM z13s server. IBM z Systems servers are the trusted enterprise platform for integrating data, transactions, and insight. A data-centric infrastructure must always be available with a 99.999% or better availability, have flawless data integrity, and be secured from misuse. It needs to be an integrated infrastructure that can support new applications. It also needs to have integrated capabilities that can provide new mobile capabilities with real-time analytics delivered by a secure cloud infrastructure. IBM z13s servers are designed with improved scalability, performance, security, resiliency, availability, and virtualization. The superscalar design allows z13s servers to deliver a record level of capacity over the prior single frame z Systems server. In its maximum configuration, the z13s server is powered by up to 20 client characterizable microprocessors (cores) running at 4.3 GHz. This configuration can run more than 18,000 millions of instructions per second (MIPS) and up to 4 TB of client memory. The IBM z13s Model N20 is estimated to provide up to 100% more total system capacity than the IBM zEnterprise® BC12 Model H13. This book provides information about the IBM z13s server and its functions, features, and associated software support. Greater detail is offered in areas relevant to technical planning. It is intended for systems engineers, consultants, planners, and anyone who wants to understand the IBM z SystemsTM functions and plan for their usage. It is not intended as an introduction to mainframes. Readers are expected to be generally familiar with existing IBM z Systems technology and terminology.

IBM zEnterprise EC12 Technical Guide

IBM zEnterprise EC12 Technical Guide PDF Author: Octavian Lascu
Publisher: IBM Redbooks
ISBN: 0738438863
Category : Computers
Languages : en
Pages : 568

Book Description
The popularity of the Internet and the affordability of IT hardware and software have resulted in an explosion of applications, architectures, and platforms. Workloads have changed. Many applications, including mission-critical ones, are deployed on various platforms, and the IBM® System z® design has adapted to this change. It takes into account a wide range of factors, including compatibility and investment protection, to match the IT requirements of an enterprise. This IBM Redbooks® publication addresses the new IBM zEnterprise® System. This system consists of the IBM zEnterprise EC12 (zEC12), an updated IBM zEnterprise Unified Resource Manager, and the IBM zEnterprise BladeCenter® Extension (zBX) Model 003. The zEC12 is designed with improved scalability, performance, security, resiliency, availability, and virtualization. The superscalar design allows the zEC12 to deliver a record level of capacity over the prior System z servers. It is powered by 120 of the world's most powerful microprocessors. These microprocessors run at 5.5 GHz and are capable of running more than 75,000 millions of instructions per second (MIPS). The zEC12 Model HA1 is estimated to provide up to 50% more total system capacity than the IBM zEnterprise 196 (z196) Model M80. The zBX Model 003 infrastructure works with the zEC12 to enhance System z virtualization and management. It does so through an integrated hardware platform that spans mainframe, IBM POWER7®, and IBM System x® technologies. Through the Unified Resource Manager, the zEnterprise System is managed as a single pool of resources, integrating system and workload management across the environment. This book provides information about the zEnterprise System and its functions, features, and associated software support. Greater detail is offered in areas relevant to technical planning. It is intended for systems engineers, consultants, planners, and anyone who wants to understand the zEnterprise System functions and plan for their usage. It is not intended as an introduction to mainframes. Readers are expected to be generally familiar with existing IBM System z® technology and terminology.