Table of Contents
Advertisement
1. Define the cryptographic facility for the LPAR in which z/VM runs through the
2. Define the cryptographic capability for each Linux virtual machine in the user
3. Have the z90crypt device driver integrated into the Linux operating system.
The user directory statement CRYPTO APVIRT provides access to the cryptographic
hardware and allows the z90crypt device driver to use cryptographic instructions.
z/VM manages a pool of hardware cryptographic queues that are shared among
all the guests using the cryptographic facility. You can create more guests that
share the cryptographic facility than the actual number of hardware queues
available. Even though the hardware queues are shared, the data remains isolated
and is not vulnerable or exposed to other Linux images.
"Steps for defining a master virtual machine for Linux" on page 71 shows you
how to add the CRYPTO APVIRT user directory statement to the master Linux virtual
machine, which means all replicas of this master have access to the cryptographic
facility. If you prefer, you can leave this statement out of the master Linux virtual
machine and add the user directory statement to individual Linux virtual machines
only.
z/VM provides CP commands to manage the cryptographic facility. See "Step for
managing real devices" on page 100, and "Virtual machine operation tasks" on
page 107.
Related information
v For more information about defining the cryptographic facility for the LPAR in
v For more information about z/VM's support for the cryptographic facility, see
v For information about setting up secure SSL communications, see "Configuring
v For information about the z90crypt device driver, see Linux on System z: Device
Planning for user management
To add a new user to z/VM, you must create a directory entry for a new virtual
machine. Through native facilities, you can update a file called USER DIRECT,
then run the DIRECTXA utility to compile the source file and place the new user
directory online. The USER DIRECT file is simply a CMS file containing various
directory statements. A virtual machine definition is a grouping of directory
statements beginning with a USER statement and ending with either the next
USER statement or the end of the file.
You can administer the user directory by editing the USER DIRECT file, then
placing the user directory online through the DIRECTXA command. However, such
a method of user management is cumbersome and error prone. Because the user
32
z/VM: Getting Started with Linux on System z
Hardware Configuration Definition.
directory.
Some distributions have the device driver integrated, while other distributions
require you to install it.
which z/VM runs, consult your hardware and Hardware Configuration
Definition documentation.
"Using a Cryptographic Coprocessor Facility" in z/VM: CP Planning and
Administration.
the SSL Server" in z/VM: TCP/IP Planning and Customization.
Drivers, Features, and Commands on the IBM developerWorks Linux on System z
Web site entitled "Documentation for Development stream" at:
http://www.ibm.com/developerworks/linux/linux390/documentation_dev.html
Advertisement
Table of Contents
