IBM eserver zSeries 990 (z990) cryptography implementation

IBM eserver zSeries 990 (z990) cryptography implementation

The IBM z990 includes both standard cryptographic hardware and optional cryptographic features, to give flexibility and growth capability. IBM has a long history of providing hardware cryptographic solutions, from the development of Data Encryption Standard (DES) in the 1970's to delivering the...

Descripción completa

Detalles Bibliográficos
Autor Corporativo: International Business Machines Corporation. International Technical Support Organization (-)
Otros Autores: Rayns, Chris (-)
Formato: Libro electrónico
Idioma:Inglés
Publicado: Poughkeepsie, NY : IBM, International Technical Support Organization 2004.
Edición:1st ed
Colección:IBM redbooks.
Materias:
IBM computers.
Computer security.
Cryptography.
Ver en Biblioteca Universitat Ramon Llull:https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009627159406719
Tabla de Contenidos:
  • Front cover
  • Contents
  • Notices
  • Trademarks
  • Preface
  • The team that wrote this redbook
  • Become a published author
  • Comments welcome
  • Chapter 1. Introduction
  • 1.1 Cryptographic function support
  • 1.1.1 Cryptographic Synchronous functions
  • 1.1.2 Cryptographic Asynchronous functions
  • 1.2 z990 Cryptographic processors
  • 1.2.1 CP Assist for Cryptographic Function (CPACF)
  • 1.2.2 PCI Extended Cryptographic Coprocessor (PCIXCC)
  • 1.2.3 PCI Cryptographic Accelerator (PCICA) feature
  • 1.3 Cryptographic hardware features
  • 1.3.1 PCIX Cryptographic Coprocessor feature
  • 1.3.2 The PCICA feature
  • 1.3.3 Configuration rules
  • 1.3.4 z990 cryptographic feature codes
  • 1.4 Integrated Cryptographic Services Facility
  • 1.4.1 CKDS and PKDS
  • 1.4.2 TKE workstation feature
  • 1.5 Cryptographic features comparison
  • 1.6 Software requirements
  • Chapter 2. CPACF, PCICA, and PCIXCC product overview
  • 2.1 Description of hardware
  • 2.1.1 Definitions
  • 2.1.2 Hardware implementation
  • 2.1.3 Introduction to the z990 PCIXCC, PCICA and CPACF
  • 2.1.4 PCXICC card: physical security, handling, and shipping
  • 2.2 Adjunct Processor (AP) management
  • 2.2.1 Introduction to Adjunct Processor architecture
  • 2.2.2 AP management and PCIXCC initialization
  • 2.3 PCIXCC microcode load
  • 2.3.1 The IBM 4758 CCA application
  • 2.3.2 The software hierarchy in the coprocessor
  • 2.3.3 Software requirements: cryptographic functions and hardware
  • 2.3.4 The TKE V4 workstation
  • Chapter 3. Planning and hardware installation
  • 3.1 Hardware requirements
  • 3.1.1 Hardware required for z990
  • 3.2 Feature codes
  • 3.3 Concurrent PCIXCC/PCICA installation tasks
  • 3.3.1 Concurrent Install on z990
  • 3.3.2 Removing one PCIXCC
  • 3.4 Planning list items
  • Chapter 4. PCIXCC using TKE V4
  • 4.1 Introduction to the TKE V4 Workstation
  • 4.1.1 Major changes.
  • 4.1.2 Before using the new TKE
  • 4.1.3 The TKE V4 software
  • 4.1.4 TKE workstation installation - general information
  • 4.1.5 TKE definitions
  • 4.2 TKE workstation TCP/IP setup
  • 4.2.1 TKE workstation 4758 setup
  • 4.2.2 TKE access control administration
  • 4.2.3 Starting the TKE application
  • 4.3 TKE application: managing host Crypto coprocessors
  • 4.3.1 Managing modules
  • 4.3.2 PCIXCC setup on the TKE workstation
  • 4.3.3 Manage and update the Crypto module notebook on TKE
  • 4.3.4 PCIXCC module notebook
  • 4.3.5 Backing up the TKE files
  • 4.4 4753 Key Token Migration facility
  • Chapter 5. ICSF support for CPACF, PCIXCC, and PCICA
  • 5.1 CP Assist for Cryptographic Functions (CPACF) feature
  • 5.2 LPAR setup
  • 5.2.1 Planning considerations
  • 5.2.2 The image profile processor page
  • 5.2.3 The PCI Crypto page
  • 5.2.4 Viewing LPAR Cryptographic Controls
  • 5.3 PCIXCC and PCICA feature installation
  • 5.3.1 PCIXCC and PCICA enablement
  • 5.3.2 Configuring and monitoring the status of PCIXCC and PCICA
  • 5.3.3 Security issues with the PCI Cryptographic cards
  • 5.4 Integrated Cryptographic Services Facility (ICSF) setup
  • 5.4.1 Changes from previous release
  • 5.4.2 Started task and the first time start
  • 5.4.3 Master Keys
  • 5.4.4 Initial Master Key entry with the pass phrase initialization utility
  • 5.4.5 Installation of a new PCIXCC or PCICA card
  • 5.4.6 PKDS initialization
  • Chapter 6. Performance and monitoring
  • 6.1 z990 Crypto hardware performance considerations
  • 6.2 Monitoring and reporting
  • 6.2.1 RMF reporting
  • 6.2.2 ICSF SMF records
  • 6.2.3 Example using RMF and SMF data
  • Appendix A. Exploiters
  • A.1 The APIs
  • A.2 Overview of the IBM exploiters
  • A.2.1 z/OS Open Cryptographic Services Facility (OCSF)
  • A.2.2 IBM HTTP Server for z/OS
  • A.2.3 z/OS LDAP server and client.
  • A.2.4 CICS Transaction Server and CICS Transaction Gateway
  • A.2.5 z/OS TN3270 server
  • A.2.6 z/OS Firewall Technologies
  • A.2.7 GSKKYMAN
  • A.2.8 z/OS DCE
  • A.2.9 z/OS Network Authentication Service (Kerberos)
  • A.2.10 Payment processing products
  • A.2.11 VTAM Session Level Encryption
  • A.2.12 RACF
  • A.2.13 z/OS Public Key Infrastructure (PKI) services
  • A.2.14 Crypto Based Transactions (CBT) banking solution
  • A.2.15 Java cryptography
  • Related publications
  • IBM Redbooks
  • Other publications
  • Online resources
  • How to get IBM Redbooks
  • Help from IBM
  • Index
  • Back cover.

Ejemplares similares