Server Reference Guide

ManualsBrandsIBM ManualsServerz/OS

a method for key identiﬁ cation, exchange, separation,

update, backup, and management. The TKE worksta-

tion and 4.0 code level are designed to provide a secure,

remote, and ﬂ exible method of providing Master Key Entry

and to remotely manage PCIX Cryptographic Coprocessors.

zSeries Security Certiﬁ cation

Cryptography

• z890/z990 PCIXCC:

– Designed for FIPS 140-2 level 4 certiﬁ cation

• Logical Partitions

– z900 and z800 servers are the ﬁ rst and only to receive

Common Criteria EAL5 certiﬁ cation

• Operating Systems Common Criteria Certiﬁ cation

– SUSE LINUX on zSeries

– SUSE SLES 8 has been certiﬁ ed for Controlled

Access Protection Proﬁ le (CAPP) EAL3+

• z/OS 1.6

– z/OS 1.6 is under evaluation for Controlled Access

Protection Proﬁ le (CAPP) EAL3+ and Labeled Security

Protection Proﬁ le (LSPP) EAL3+.

• z/VM

– z/VM has applied for Common Criteria (ISO/IEC

15408) certiﬁ cation of z/VM V5.1 with the RACF

for

z/VM optional feature against the Controlled Access

Protection Proﬁ le (CAPP) and the Labeled Security

Protection Proﬁ le (LSPP), both at the EAL3+ assur-

ance level.

z990 Capacity Upgrade on Demand (CUoD)

Capacity Upgrade on Demand allows for the nondisruptive

addition of one or more Central Processors (CPs), Inter-

nal Coupling Facilities (ICFs), Integrated Facility for Linux

(IFLs), and IBM ^ zSeries Application Assist Pro-

cessor (zAAP). Capacity Upgrade on Demand can quickly

add processors up to the maximum number of available

inactive engines. This provides customers with the capac-

ity for much needed dynamic growth in an unpredictable

e-business world. The Capacity Upgrade on Demand

functions, combined with Parallel Sysplex technology, can

enable virtually unlimited capacity upgrade capability.

The CUoD functions are:

• Nondisruptive CP, ICF, IFL, and zAAP upgrades within

minutes

• Dynamic upgrade of all I/O cards in the I/O Cage

• Dynamic upgrade of spare installed memory

Plan Ahead and Concurrent Conditioning

Concurrent Conditioning conﬁ gures a system for hot

plugging of I/O based on a future speciﬁ ed target con-

ﬁ guration. Concurrent Conditioning of the zSeries I/O is

minimized by the fact that all I/O cards plugging into the

zSeries I/O cage are hot pluggable. This means that the

only I/O to be conditioned is the I/O cage itself. The ques-

tion of whether or not to concurrently condition a cage is

a very important consideration, especially with the rapid

change in the IT environment (e-business) as well as the

technology. Migration to FICON Express or additional

OSA-Express networking is exceptionally easy and non-

disruptive with the appropriate microcode load and if the

cage space is available.

Availability