Table of Contents
Advertisement
permitted types of key import and export which can help
to prevent uncontrolled key exchange that can open the
system to an increased threat of attack.
These enhancements are exclusive to System z10, and
System z9 and are supported by z/OS and z/VM for z/OS
guest exploitation.
ISO 16609 CBC Mode T-DES Enhancement
ISO 16609 CBC Mode T-DES MAC supports the require-
ments for Message Authentication, using symmetric
techniques. The Integrated Cryptographic Service Facility
(ICSF) will use the following callable services to access
the ISO 16609 CBC Mode T-DES MAC enhancement in the
Cryptographic coprocessor:
• MAC Generate (CSNBMGN)
• MAC Verify (CSNVMVR)
• Digital Signature Verify (CSNDDSV)
ISO 16609 CBC mode T-DES MAC is accessible through
ICSF function calls made in the Cryptographic Adapter
Segment 3 Common Cryptographic Architecture (CCA)
code. This enhancement is exclusive to System z10 and
System z9 and supported by z/OS 1.7 or higher.
System z10 Cryptographic migration
• The Crypto Express2 feature is supported on the System
z10 and can be carried forward on an upgrade to the
System z10.
• Customers must use TKE 5.2 workstations to control the
System z10.
• TKE 5.0 and 5.1 workstations (FC 0839) may be used to
control z9 EC, z9 BC, and z990 servers.
On Demand Capabilities
Capacity on Demand – Temporary Capacity
Just-in-time deployment of System z10 EC Capacity on
Demand (CoD) is a new approach from previous System z
and zSeries servers. This new architecture allows:
• Up to four temporary records to be installed on the CEC
and active at any given time
• Up to 200 temporary records to be staged on the SE
• Variability in the amount of resources that can be acti-
vated per record
• The ability to control and update records independent of
each other
• Improved query functions to monitor the state of each
record
• The ability to add capabilities to individual records con-
currently, eliminating the need for constant ordering of
new temporary records for different user scenarios
• Permanent LIC-CC upgrades to be performed while
temporary resources are active
These capabilities allow you to access and manage
processing capacity on a temporary basis, providing
increased flexibility for on demand environments. The CoD
offerings are built from a common Licensed Internal Code
– Configuration Code (LIC-CC) record structure. These
Temporary Entitlement Records (TERs) contain the infor-
mation necessary to control which type of resource can be
accessed and to what extent, how many times and for how
long, and under what condition – test or real workload.
Use of this information gives the different offerings their
personality.
31
Advertisement
Table of Contents
