Table of Contents
Advertisement
Enhanced Console Assisted Recovery
Console Assisted Recovery (CAR) support is designed to help a Backup Time Server (BTS)
determine whether the Primary Time Server is still up and running if Coupling traffic ceases.
The CAR process is initiated by the BTS if there is no communication between the Primary
and Backup Time Servers. The BTS queries the state of the Primary Time Server (PTS)/
Central TIme Server (CTS) SE by using the SE and HMC of the BTS. If the PTS is down, the
BTS initiates takeover
With the new Enhanced Console Assisted Recovery (ECAR), the process of BTS takeover is
faster. When the PTS encounters a check-stop condition, the CEC informs the SE and HMC
of the condition. The PTS SE recognizes the pending check-stop condition, and an ECAR
request is sent directly from the HMC to the BTS SE to start the takeover. The new ECAR
support is faster than the original support because there is almost no delay between the
system check-stop and the start of CAR processing. ECAR is only available on z13 GA2 and
z13s servers. In a mixed environment with previous generation machines, you should define a
z13 or z13s server as the PTS and CTS.
1.3.8 Special-purpose features
This section overviews several features that, although installed in the PCIe I/O drawer or in
the I/O drawer, provide specialized functions without performing I/O operations. No data is
moved between the CPC and externally attached devices.
Cryptography
Integrated cryptographic features provide industry leading cryptographic performance and
functions. The cryptographic solution that is implemented in z Systems has received the
9
highest standardized security certification (FIPS 140-2 Level 4
). In addition to the integrated
cryptographic features, the cryptographic features (Crypto Express5S, the only crypto-card
that is supported on z13s servers) allows adding or moving crypto-coprocessors to LPARs
without pre-planning.
z13s servers implement PKCS#11, one of the industry-accepted standards that are called
Public Key Cryptographic Standards (PKCS), which are provided by RSA Laboratories of
RSA, the security division of EMC Corporation. It also implements the IBM Common
Cryptographic Architecture (CCA) in its cryptographic features.
CP Assist for Cryptographic Function
The CP Assist for Cryptographic Function (CPACF) offers the full complement of the
Advanced Encryption Standard (AES) algorithm and Secure Hash Algorithm (SHA) with the
Data Encryption Standard (DES) algorithm. Support for CPACF is available through a group
of instructions that are known as the Message-Security Assist (MSA). z/OS Integrated
Cryptographic Service Facility (ICSF) callable services, and the z90crypt device driver running
on Linux on z Systems also start CPACF functions. ICSF is a base element of z/OS. It uses
the available cryptographic functions, CPACF, or PCIe cryptographic features to balance the
workload and help address the bandwidth requirements of your applications.
CPACF must be explicitly enabled by using a no-charge enablement feature (FC 3863),
except for the SHAs, which are included enabled with each server.
The enhancements to CPACF are exclusive to the z Systems servers, and are supported by
z/OS, z/VM, z/VSE, z/TPF, and Linux on z Systems.
9
Federal Information Processing Standard (FIPS) 140-2 Security Requirements for Cryptographic Modules
23
Chapter 1. Introducing IBM z13s servers
- Quick Links:
- Front Cover
Hide quick links:
Advertisement
Table of Contents
