Today’s world mandates that your systems are secure and
available 24/7. The z10 EC employs some of the most
advanced security technologies in the industry—helping
you to meet rigid regulatory requirements that include
encryption solutions, access control management, and
extensive auditing features. It also provides disaster recov-
ery confi gurations and is designed to deliver 99.999%
application availability to help avoid the downside of
planned downtime, equipment failure, or the complete loss
of a data center.
When you need to be more secure, more resilient —
z Can Do IT. The z10 processor chip has on board cryp-
tographic functions. Standard clear key integrated crypto-
graphic coprocessors provide high speed cryptography
for protecting data in storage. CP Assist for Cryptographic
Function (CPACF) supports DES, TDES, Secure Hash
Algorithms (SHA) for up to 512 bits, Advanced Encryption
Standard (AES) for up to 256 bits and Pseudo Random
Number Generation (PRNG). Logging has been added to
the TKE workstation to enable better problem tracking.
System z is investing in accelerators that provide improved
performance for specialized functions. The Crypto
Express2 feature for cryptography is an example. The
Crypto Express2 feature can be confi gured as a secure
key coprocessor or for Secure Sockets Layer (SSL) accel-
eration. The feature includes support for 13, 14, 15, 16, 17,
18 and 19 digit Personal Account Numbers for stronger
protection of data. And the tamper-resistant cryptographic
coprocessor is certifi ed at FIPS 140-2 Level 4.
In 2008, the z10 EC received Common Criteria Evalua-
tion Assurance Level 5 (EAL5) certifi cation for security of
logical partitions. System z security is one of the many
reasons why the world’s top banks and retailers rely on the
IBM mainframe to help secure sensitive business transac-
tions.
z Can Do IT securely.
The z10 EC includes both standard cryptographic hard-
ware and optional cryptographic features for fl exibility and
growth capability. IBM has a long history of providing hard-
ware cryptographic solutions, from the development of
Data Encryption Standard (DES) in the 1970s to delivering
integrated cryptographic hardware in a server to achieve
the US Government’s highest FIPS 140-2 Level 4 rating for
secure cryptographic hardware.
The IBM System z10 EC cryptographic functions include
the full range of cryptographic operations needed for e-
business, e-commerce, and fi nancial institution applica-
tions. In addition, custom cryptographic functions can be
added to the set of functions that the z10 EC offers.
New integrated clear key encryption security features on
z10 EC include support for a higher advanced encryption
standard and more secure hashing algorithms. Performing
these functions in hardware is designed to contribute to
improved performance.
Enhancements to eliminate preplanning in the cryptogra-
phy area include the System z10 function to dynamically
add Crypto to a logical partition. Changes to image pro-
fi les, to support Crypto Express2 features, are available
without an outage to the logical partition. Crypto Express2
features can also be dynamically deleted or moved.
CP Assist for Cryptographic Function (CPACF)
CPACF supports clear-key encryption. All CPACF func-
tions can be invoked by problem state instructions defi ned
by an extension of System z architecture. The function is
activated using a no-charge enablement feature and offers
the following on every CPACF that is shared between two
Processor Units (PUs) and designated as CPs and/or Inte-
grated Facility for Linux (IFL):
• DES, TDES, AES-128, AES-192, AES-256
• SHA-1, SHA-224, SHA-256, SHA-384, SHA-512
• Pseudo Random Number Generation (PRNG)
34
Security Cryptography