This IBM® RedpaperTM publication discusses security practices for running Linux on z Systems on the IBM z14. It examines the unique security and integrity features that the IBM Z platform brings to the enterprise. It also examines pervasive encryption and its role in protecting data at rest.
This IBM® RedpaperTM provides a broad understanding of the components necessary to secure your IBM z Systems environment. It provides an end-to-end architectural reference document for a use case that employs both mobile and analytics. It also provides an end to end explanation of security on z Systems from the systems of record through the systems of engagement. Security is described in terms of transactions, covering what happens after a transaction hits the system of engagement and what needs to be in place from that moment forward. The audience for this paper is IT architects and those planning to use z Systems for their mobile and analytics environments.
Discussions about server sprawl, rising software costs, going green, or moving data centers to reduce the cost of business are held in many meetings or conference calls in many organizations throughout the world. And many organizations are starting to turn toward System zTM and z/VM® after such discussions. The virtual machine operating system has over 40 years of experience as a hosting platform for servers, from the days of VM/SP, VM/XA, VM/ESA® and especially now with z/VM. With the consolidation of servers and conservative estimates that approximately seventy percent of all critical corporate data reside on System z, we find ourselves needing a highly secure environment for the support of this infrastructure. This document was written to assist z/VM support and security personnel in providing the enterprise with a safe, secure and manageable environment. This IBM® Redbooks® publication provides an overview of security and integrity provided by z/VM and the processes for the implementation and configuration of z/VM Security Server, z/VM LDAP Server, IBM Tivoli® Directory Server for z/OS®, and Linux® on System z with PAM for LDAP authentication. Sample scenarios with RACF® database sharing between z/VM and z/OS, or through Tivoli Directory Integrator to synchronize LDAP databases, are also discussed in this book. This book provides information about configuration and usage of Linux on System z with the System z Cryptographic features documenting their hardware and software configuration. The Consul zSecure Pro Suite is also part of this document: this product helps to control and audit security not only on one system, but can be used as a single point of enterprise wide security control. This document covers the installation and configuration of this product and detailed information is presented on how z/Consul can be used to collect and analyze z/VM security data and how it can be helpful in the administration of your audit data.
As workloads are being offloaded to IBM® z SystemsTM based cloud environments, it is important to ensure that these workloads and environments are secure. This IBM Redbooks® publication describes the necessary steps to secure your environment for all of the components that are involved in a z Systems cloud infrastructure that uses IBM z/VM® and Linux on z Systems. The audience for this book is IT architects and those planning to use z Systems for their cloud environments.
The ABCs of IBM® z/OS® System Programming is a 13-volume collection that provides an introduction to the z/OS operating system and the hardware architecture. Whether you are a beginner or an experienced system programmer, the ABCs collection provides the information that you need to start your research into z/OS and related subjects. Whether you want to become more familiar with z/OS in your current environment, or you are evaluating platforms to consolidate your online business applications, the ABCs collection will serve as a powerful technical tool. Volume 1 provides an updated understanding of the software and IBM zSeries architecture, and explains how it is used together with the z/OS operating system. This includes the main components of z/OS needed to customize and install the z/OS operating system. This edition has been significantly updated and revised.
As workloads are being offloaded to IBM® LinuxONE based cloud environments, it is important to ensure that these workloads and environments are secure. This IBM Redbooks® publication describes the necessary steps to secure your environment from the hardware level through all of the components that are involved in a LinuxONE cloud infrastructure that use Linux and IBM z/VM®. The audience for this book is IT architects, IT Specialists, and those users who plan to use LinuxONE for their cloud environments.
This IBM® Redbooks® publication is volume one of five in a series of books entitled The Virtualization Cookbook for IBM Z. The series includes the following volumes: The Virtualization Cookbook for IBM z Systems® Volume 1: IBM z/VM® 7.2, SG24-8147 The Virtualization Cookbook for IBM Z Volume 2: Red Hat Enterprise Linux 8.2 Servers, SG24-8303 The Virtualization Cookbook for IBM z Systems Volume 3: SUSE Linux Enterprise Server 12, SG24-8890 The Virtualization Cookbook for IBM z Systems Volume 4: Ubuntu Server 16.04, SG24-8354 Virtualization Cookbook for IBM Z Volume 5: KVM, SG24-8463 It is recommended that you start with Volume 1 of this series because the IBM z/VM hypervisor is the foundation (or base "layer") for installing Linux on IBM Z®. This book series assumes that you are generally familiar with IBM Z technology and terminology. It does not assume an in-depth understanding of z/VM or Linux. It is written for individuals who want to start quickly with z/VM and Linux, and get virtual servers up and running in a short time (days, not weeks or months). Volume 1 starts with a solution orientation, discusses planning and security, and then, describes z/VM installation methods, configuration, hardening, automation, servicing, networking, optional features, and more. It adopts a "cookbook-style" format that provides a concise, repeatable set of procedures for installing, configuring, administering, and maintaining z/VM. This volume also includes a chapter on monitoring z/VM and the Linux virtual servers that are hosted. Volumes 2, 3, and 4 assume that you completed all of the steps that are described in Volume 1. From that common foundation, these volumes describe how to create your own Linux virtual servers on IBM Z hardware under IBM z/VM. The cookbook format continues with installing and customizing Linux. Volume 5 provides an explanation of the kernel-based virtual machine (KVM) on IBM Z and how it can use the z/Architecture®. It focuses on the planning of the environment and provides installation and configuration definitions that are necessary to build, manage, and monitor a KVM on Z environment. This publication applies to the supported Linux on Z distributions (Red Hat, SUSE, and Ubuntu).
LinuxONE® is a hardware system that is designed to support and use the Linux operating system based on the value of its unique underlying architecture. LinuxONE can be used within a private and multi-cloud environment to support a range of workloads and service various needs. On LinuxONE, security is built into the hardware and software. This IBM® Redpaper® publication gives a broad understanding of how to use the various security features that make the most of and complement the LinuxONE hardware security features, including the following examples: Hardware accelerated encryption of data, which is delivered with near-zero overhead by the on-chip Central Processor Assist for Cryptographic Function (CPACF) and a dedicated Crypto Express adapter. Virtualization and industry-leading isolation capabilities with PR/SM, EAL 5+ LPARs, DPM, KVM, and IBM z/VM®. The IBM Secure Service Container technology, which provides workload isolation, restricted administrator access, and tamper protection against internal threats, including from systems administrators. Other technologies that use LinuxONE security capabilities and practical use cases for these technologies. This publication was written for IT executives, architects, specialists, security administrators, and others who consider security for LinuxONE.
This textbook provides students with the background knowledge and skills necessary to begin using the basic functions and features of z/VM Version 5, Release 3. It is part of a series of textbooks designed to introduce students to mainframe concepts and help prepare them for a career in large systems computing. For optimal learning, students are assumed to be literate in personal computing and have some computer science or information systems background. Others who will benefit from this textbook include z/OS professionals who would like to expand their knowledge of other aspects of the mainframe computing environment. This course can be used as a prerequisite to understanding Linux on System z. After reading this textbook and working through the exercises, the student will have received a basic understanding of the following topics: The Series z Hardware concept and the history of the mainframe Virtualization technology in general and how it is exploited by z/VM Operating systems that can run as guest systems under z/VM z/VM components The z/VM control program and commands The interactive environment under z/VM, CMS and its commands z/VM planning and administration Implementing the networking capabilities of z/VM Tools to monitor the performance of z/VM systems and guest operating systems The REXX programming language and CMS pipelines Security issues when running z/VM
This IBM® Redbooks® publication is Volume 3 of a series of three books called The Virtualization Cookbook for IBM z Systems. The other two volumes are called: The Virtualization Cookbook for IBM z Systems Volume 1: IBM z/VM 6.3, SG24-8147 The Virtualization Cookbook for IBM z Systems Volume 2: Red Hat Enterprise Linux 7.1 Servers, SG24-8303 It is suggested that you start with Volume 1 of this series, because IBM z/VM® is the base "layer" when installing Linux on IBM z SystemsTM. Volume 1 starts with an introduction, describes planning, and then describes z/VM installation into a two-node, single system image (SSI) cluster, configuration, hardening, automation, and servicing. It adopts a cookbook format that provides a concise, repeatable set of procedures for installing and configuring z/VM using the SSI clustering feature. Volumes 2 and 3 describe how to roll your own Linux virtual servers on z Systems hardware under z/VM. The cookbook format continues with installing and customizing Linux. Volume 3 focuses on SUSE Linux Enterprise Server 12. It describes how to install and configure SUSE Linux Enterprise Server 12 onto the Linux administration system, which does the cloning and other tasks. It also explains how to use AutoYaST2, which enables you to automatically install Linux using a configuration file, and explains how to create and use appliances and bootable images from configuration files. In addition, it provides information about common tasks and tools available to service SUSE Linux Enterprise Server.