IBM Hyper Protect Data Controller 1.1, formerly IBM Data Privacy Passports, provides feature-rich data-centric protection to help keep your data secured, with improved performance and more flexibility with databases

IBM Latin America Software Announcement LP21-0191
May 11, 2021

Table of contents
OverviewOverviewTechnical informationTechnical information
Key requirementsKey requirementsOrdering informationOrdering information
Planned availability datePlanned availability dateTerms and conditionsTerms and conditions
DescriptionDescriptionPricesPrices
Program numberProgram numberLatin America distributionLatin America distribution
PublicationsPublications


At a glance

Top rule

IBM® Hyper Protect Data Controller 1.1 is designed to provide data-centric auditable protection by enabling expanded coverage across the enterprise as the data leaves the system of record. It can help meet clients’ compliance initiatives. Hyper Protect Data Controller 1.1 is designed to deliver the following core capabilities:

  • Build Encrypted Data Objects to protect data with Java™ Database Connectivity (JDBC)-based access or RESTful APIs, for better application integration.
  • Directly send SQL statements to a back-end database management system (DBMS) without parsing or altering the SQL.
  • Exploit IBM Z® features:
    • IBM CryptoExpress provides hardware protection of Data Controller metadata and key store and ensures the Data Controller can only be used within intended environments
    • IBM CP Assist for Cryptographic Function (CPACF) performs cryptographic operations for symmetric encryption and hashing.
    • Easier and faster configuration of Lightweight Directory Access Protocol (LDAP) by removal of confusing LDAP options and hardcoded naming patterns.
  • Reduced and simplified syntax for user policy creation
  • Faster access for applications using REST APIs for creating and opening Encrypted Data Objects


Back to topBack to top

Overview

Top rule

As digital technologies advance and the data explosion continues, the risk of security breaches grows. However, organizations have a need to share important data across internal business units and with external partners that might not share the same privacy protocols or policies.

Hyper Protect Data Controller 1.1 furthers the data protection journey by extending data protection throughout the enterprise and beyond by connecting to the data controller. Through policy enforcement, this protection stays with the data when it is leaving the system of record into distributed and hybrid cloud environments. Hyper Protect Data Controller 1.1 provides a data-centric auditable security solution that enables data to play an active role in its own protection.

Hyper Protect Data Controller 1.1 enables the protection of client data as it leaves the system of record and enables the utilization of data to its maximum potential. This can help reduce concerns about the security or privacy, even when the data is shared beyond the enterprise, such as with partners. Hyper Protect Data Controller 1.1 can selectively encrypt data that is reversible through a data controller, and can mask the fields irreversibly in tables based on the identified data sensitivity. It enables role-based access, depending on the need to know.

Hyper Protect Data Controller 1.1 enables clients to accrue the following benefits:

  • Revoke future data access at any time, which can be performed for all users by deleting the associated keys, or selectively by dynamically updating the policy for a set of users
  • Protect databases on public clouds through Encrypted Data Objects
  • Help meet regulatory compliance through encryption and centralized policy management
  • Remove the complexity of key management because this capability is included in Hyper Protect Data Controller 1.1

For more information, see IBM Hyper Protect Data Controller web page.

Join the IBM Z Security community to get access to a rich community of business and technical expert blogs and forums.

Learn how to maintain the highest levels of availability with personalized, proactive technical support for your IBM systems at the IBM hardware and software support web page.



Back to topBack to top

Key requirements

Top rule

Hyper Protect Data Controller 1.1 requires one of the following IBM servers:

Other hardware requirements include the following:

  • A logical partition (LPAR) configured in Secure Service Container (SSC) mode with one of the following configurations:
    • Small: 4 General Central Processors (GCPs) or 4 IBM Integrated Facility for Linux® (IFL) processors, 128 GB of memory, and 128 GB of disk storage
    • Medium: 8 GCPs or 8 IFLs, 256 GB memory, and 256 GB of disk storage
  • IBM Hyper Protect Virtual Servers 1.2.2 (5737-I09)

For additional details, see the Technical information section.



Back to topBack to top

Planned availability date

Top rule

June 25, 2021



Back to topBack to top

Description

Top rule

Hyper Protect Data Controller 1.1 extends IBM security leadership by helping to protect data beyond the system of record with data security capability that encompasses data-at-rest and data-in-motion.

Key features and capabilities include the following:

  • Simplified and extended connections to a Lightweight LDAP server to manage access to Hyper Protect Data Controller, including the following:
    • Support for LDAP servers that require authentication before accepting a bind
    • Additional environment variables to simplify connecting Hyper Protect Data Controller to an LDAP server
    • Support for a custom LDAP configuration based on a client-created file containing the necessary configuration statements
  • Capability to list current configuration settings
  • Capability to list active certificate thumbprints
  • Improved logging, including:
    • Consolidated log files created by microservices that are stored in Hyper Protect Virtual Servers. These files could be forwarded to a Security Information and Event Management (SIEM) in a secure manner, using TLS.
    • Additional LDAP logging.
    • More granular timestamps.
    • Capability to download logs in administrative mode.
    • Capability to turn on additional granular logging when needed.
    • Additional logging in First Failure Data Capture (FFDC) container for easier debug of issues.
    • Capability to log during Hyper Protect Data Controller container startup.
    • Error messages for wrong policy setting, such as invalid options.
    • Informative error message for failed admin and policy file upload.
    • Resiliency features:
      • Ensure enough disk space is available to create backup
      • Capture Java Virtual Machine (JVM) heap memory dumps for additional containers
      • Improve serialization of request
      • Clean up orphans and protect connections
      • Include Iszcrypt command output in concurrent dump


Back to topBack to top

Reference information

Top rule

For additional information about Data Privacy Passports, see:

  • Software Announcement LP20-0082, dated March 10, 2020
  • Software Announcement LP19-0544, dated September 12, 2019

For information about z15, see:

  • Hardware Announcement LG21-0038, dated May 4, 2021
  • Hardware Announcement LG20-0098, dated August 4, 2020
  • Hardware Announcement LG20-0008, dated April 14, 2020
  • Hardware Announcement LG20-0018, dated January 14, 2020
  • Hardware Announcement LG19-0105, dated November 26, 2019
  • Hardware Announcement LG19-0037, dated September 12, 2019

For information about LinuxONE III, see:

  • Hardware Announcement LG21-0039, dated May 4, 2021
  • Hardware Announcement LG20-0098, dated August 4, 2020
  • Hardware Announcement LG20-0019, dated April 14, 2020
  • Hardware Announcement LG20-0018, dated January 14, 2020
  • Hardware Announcement LG19-0017, dated September 12, 2019

For information about z14, see:

  • Hardware Announcement LG18-0105, dated October 2, 2018
  • Hardware Announcement LG17-0124, dated November 28, 2017
  • Hardware Announcement LG17-0064, dated July 17, 2017

For information about LinuxONE II, see:

  • Hardware Announcement LG17-0124, dated November 28, 2017
  • Hardware Announcement LG17-0088, dated September 12, 2017

For information about z14 Model ZR1, see:

  • Hardware Announcement LG18-0105, dated October 2, 2018
  • Hardware Announcement LG18-0024, dated April 10, 2018

For information about LinuxONE Rockhopper II, see:

  • Hardware Announcement LG18-0107, dated October 2, 2018
  • Hardware Announcement LG18-0027, dated April 10, 2018



Back to topBack to top

Program number

Top rule

Program number VRM Program name
5737-K97 1.1.0 IBM Hyper Protect Data Controller


Back to topBack to top

Education support

Top rule

Education is a key component to ensuring software success. IBM creates a comprehensive portfolio of education material to help clients successfully deploy IBM software products to their maximum potential. The IBM education team is committed to providing the highest quality education content available to help your organization prosper in today's competitive marketplace.

The IBM education team works closely with IBM product developers and IBM services organizations to ensure that the courses that are offered provide the most current technical and product information. The courses place an emphasis on the advanced knowledge and insight that only these sources can provide. IBM draws from a deep pool of IBM technical experience in the development of our courses, and pass that knowledge on to our students. The courses emphasize hands on labs to develop comprehensive skills in using the product to solve business problems. The education offerings from IBM Training span the spectrum of skill needs, from introductory product overviews to advanced programming and product administration courses.

The delivery of IBM education is provided by IBM Global Training Partners.

For more information about available education offerings, refer to the IBM Skills Gateway website.



Back to topBack to top

Offering Information

Top rule

Product information is available on the IBM Offering Information website.

More information is also available on the Passport Advantage® and Passport Advantage Express website.



Back to topBack to top

Publications

Top rule

Documentation for Hyper Protect Data Controller will be available on June 25, 2021 in IBM Documentation.

Documentation for content solutions will be available on the IBM Hyper Protect Data Controller content solution web page.



Back to topBack to top

Technical information

Top rule

Specified operating environment

Hardware requirements

Hyper Protect Data Controller 1.1 requires one of the following IBM servers:

Other hardware requirements include the following:

  • A logical partition (LPAR) configured in Secure Service Container (SSC) mode with one of the following configurations:
    • Small: 4 General Central Processors (GCPs) or 4 IBM Integrated Facility for Linux (IFL) processors, 128 GB of memory, and 128 GB of disk storage
    • Medium: 8 GCPs or 8 IFLs, 256 GB memory, and 256 GB of disk storage
Software requirements

Hyper Protect Data Controller requires Hyper Protect Virtual Servers 1.2.2 (5737-I09).

For additional information about Hyper Protect Virtual Servers 1.2, see the IBM Hyper Protect Virtual Servers web page and Software Announcement LP20-0050, dated February 25, 2020.

For information about what was delivered beyond Hyper Protect Virtual Servers 1.2, see IBM Documentation.

IBM Support

IBM Support is your gateway to technical support tools and resources that are designed to help you save time and simplify support. IBM Support can help you find answers to questions, download fixes, troubleshoot, submit and track problem cases, and build skills. Learn and stay informed about the transformation of IBM Support, including new tools, new processes, and new capabilities, by going to the IBM Support Insider.

Planning information

Packaging

This offering is delivered through the internet as an electronic download. There is no physical media.

Security, auditability, and control

Hyper Protect Data Controller uses Hyper Protect Virtual Servers support for deployment, providing added privacy and protection from internal and external threats.

The client is responsible for evaluation, selection, and implementation of security features, administrative procedures, and appropriate controls in application systems and communication facilities.



Back to topBack to top

Ordering information

Top rule

For ordering information, consult your IBM representative or IBM Business Partner, or go to the Passport Advantage website.

This program is only available through Passport Advantage. It is not available as shrinkwrap.

These products may only be sold directly by IBM or by IBM Business Partners.

To locate IBM Business Partners in your geography, see the Find a Business Partner page.


Passport Advantage

IBM Hyper Protect Data Controller (5737-K97)

There is no new ordering information in this release. However, they have been renamed to the new program name.

Program name/Description Part number
IBM Hyper Protect Data Controller Virtual Processor Core License + SW Subscription & Support 12 Months D27TILL
IBM Hyper Protect Data Controller Virtual Processor Core Monthly License D27TMLL
IBM Hyper Protect Data Controller Virtual Processor Core Annual SW Subscription & Support Renewal E0QYALL
IBM Hyper Protect Data Controller Virtual Processor Core SW Subscription & Support Reinstatement 12 Months D27TJLL


Cross-platform product for use on IBM Z Systems Integrated Facility for Linux (IFL) engines

Order the part numbers that follow when the product is intended to run on the Linux operating system on IBM Z IFL engines. If the product is not intended to run in these environments, order from the other set of part numbers in this announcement. This set of part numbers provides the identical supply and authorization as the other set in this announcement.

There is no new ordering information in this release. However, they have been renamed to the new program name.

Program name/Description Part number
IBM Hyper Protect Data Controller for Linux on IBM Z Virtual Processor Core License + SW Subscription & Support 12 Months D27TKLL
IBM Hyper Protect Data Controller for Linux on IBM Z Virtual Processor Core Monthly License D27TNLL
IBM Hyper Protect Data Controller for Linux on IBM Z Virtual Processor Core Annual SW Subscription & Support Renewal E0QYBLL
IBM Hyper Protect Data Controller for Linux on IBM Z Virtual Processor Core SW Subscription & Support Reinstatement 12 Months D27TLLL

Charge metric

The charge metrics for this licensed program can be found in the following License Information document:

Program identifier License Information document title License Information document number
5737-K97 IBM Hyper Protect Data Controller 1.1 L--SBAE-C2BNAJ

Select your language of choice and scroll down to the Charge Metrics section.



Back to topBack to top

Terms and conditions

Top rule

The information provided in this announcement letter is for reference and convenience purposes only. The terms and conditions that govern any transaction with IBM are contained in the applicable contract documents such as the IBM International Program License Agreement, IBM International Passport Advantage Agreement, and the IBM Agreement for Acquisition of Software Maintenance.

This product is only available through Passport Advantage.

Licensing

IBM International Program License Agreement including the License Information document and Proof of Entitlement (PoE) govern your use of the program. PoEs are required for all authorized use. Part number products only, offered outside of Passport Advantage, where applicable, are license only and do not include Software Maintenance.

This software license includes Software Subscription and Support (also referred to as Software Maintenance).

Software Maintenance

Licenses under the IBM International Program License Agreement (IPLA) provide for support with ongoing access to releases and versions of the program. IBM includes one year of Software Subscription and Support (also referred to as Software Maintenance) with the initial license acquisition of each program acquired. The initial period of Software Subscription and Support can be extended by the purchase of a renewal option, if available. Two charges apply: a one-time license charge for use of the program and an annual renewable charge for the enhanced support that includes telephone assistance (voice support for defects during normal business hours), as well as access to updates, releases, and versions of the program as long as support is in effect.

License Information number

The following License Information document applies to the offering in this announcement:

Program identifier License Information document title License Information document number
5737-K97 IBM Hyper Protect Data Controller 1.1 L--SBAE-C2BNAJ

Follow-on releases, if any, may have updated terms. See the License Information documents website for more information.

Limited warranty applies

Yes

Limited warranty

IBM warrants that when the program is used in the specified operating environment, it will conform to its specifications. The warranty applies only to the unmodified portion of the program. IBM does not warrant uninterrupted or error-free operation of the program or that IBM will correct all program defects. You are responsible for the results obtained from the use of the program.

IBM provides you with access to IBM databases containing information on known program defects, defect corrections, restrictions, and bypasses at no additional charge. For further information, see the IBM Support Guide.

IBM will maintain this information for at least one year after the original licensee acquires the program (warranty period).

Program technical support

Technical support of a program product version or release will be available for a minimum of two years from the planned availability date, as long as your Software Subscription and Support (also referred to as Software Maintenance) is in effect.

This technical support allows you to obtain assistance (by telephone or electronic means) from IBM for product-specific, task-oriented questions regarding the installation and operation of the program product. Software Subscription and Support (Software Maintenance) also provides you with access to versions, releases, and updates (CD releases, Long Term Support Releases or fixes) of the program. You will be notified, through an announcement letter, of discontinuance of support with 12 months' notice.

If you require additional technical support from IBM, including an extension of support beyond the discontinuance date, contact your IBM representative or IBM Business Partner. This extension may be available for a fee.

For additional information on the IBM Software Support Lifecycle Policy, see the IBM Continuous Delivery Support Lifecycle Policy website.

Money-back guarantee

If for any reason you are dissatisfied with the program and you are the original licensee, you may obtain a refund of the amount you paid for it, if within 30 days of your invoice date you return the program and its PoE to the party from whom you obtained it. If you downloaded the program, you may contact the party from whom you acquired it for instructions on how to obtain the refund.

For clarification, note that (1) for programs acquired under the IBM International Passport Advantage offering, this term applies only to your first acquisition of the program and (2) for programs acquired under any of IBM's On/Off Capacity on Demand (On/Off CoD) software offerings, this term does not apply since these offerings apply to programs already acquired and in use by you.

Volume orders (IVO)

No

Passport Advantage applies

Yes, information is available on the Passport Advantage and Passport Advantage Express website.

Usage restrictions

Yes

For any usage restrictions, see the License Information document listed in this Terms and conditions section.

Software Subscription and Support applies

Yes. Software Subscription and Support, also referred to as Software Maintenance, is included with licenses purchased through Passport Advantage and Passport Advantage Express. Product upgrades and Technical Support are provided by the Software Subscription and Support offering as described in the Agreements. Product upgrades provide the latest versions and releases to entitled software, and Technical Support provides voice and electronic access to IBM support organizations, worldwide.

IBM includes one year of Software Subscription and Support with each program license acquired. The initial period of Software Subscription and Support can be extended by the purchase of a renewal option, if available.

While your Software Subscription and Support is in effect, IBM provides you assistance for your routine, short duration installation and usage (how-to) questions, and code-related questions. IBM provides assistance by telephone and, if available, electronic access, only to your information systems (IS) technical support personnel during the normal business hours (published prime shift hours) of your IBM support center. (This assistance is not available to your users.) IBM provides Severity 1 assistance 24 hours a day, 7 days a week. For additional details, see the IBM Support Guide. Software Subscription and Support does not include assistance for the design and development of applications, your use of programs in other than their specified operating environment, or failures caused by products for which IBM is not responsible under the applicable agreements.

Unless specified otherwise in a written agreement with you, IBM does not provide support for third-party products that were not provided by IBM. Ensure that when contacting IBM for covered support, you follow problem determination and other instructions that IBM provides, including in the IBM Support Guide.

For additional information about the International Passport Advantage Agreement and the IBM International Passport Advantage Express Agreement, go to the Passport Advantage and Passport Advantage Express website.

Variable charges apply

No

Educational allowance available

Not applicable.



Back to topBack to top

Statement of good security practices

Top rule

IT system security involves protecting systems and information through intrusion prevention, detection, and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, or misappropriated or can result in misuse of your systems to attack others. Without a comprehensive approach to security, no IT system or product should be considered completely secure and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to be part of a regulatory compliant, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products, or services to be most effective.

Important: IBM does not warrant that any systems, products, or services are immune from, or will make your enterprise immune from, the malicious or illegal conduct of any party.



Back to topBack to top

Prices

Top rule

For all local charges, contact your local IBM representative or IBM Business Partner.


Business Partner information

If you are an IBM Business Partner acquiring products from IBM, you may link to Passport Advantage Online for resellers where you can obtain Business Partner pricing information. An IBMid and password are required to access the IBM Passport Advantage or IBM PartnerWorld® website.


Passport Advantage

For Passport Advantage information and charges, contact your IBM representative or IBM Business Partner. Additional information is also available on the Passport Advantage and Passport Advantage Express website.

IBM Global Financing

IBM Global Financing offers competitive financing to credit-qualified clients to assist them in acquiring IT solutions. Offerings include financing for IT acquisition, including hardware, software, and services, from both IBM and other manufacturers or vendors. Offerings (for all client segments: small, medium, and large enterprise), rates, terms, and availability can vary by country. Contact your local IBM Global Financing organization or go to the IBM Global Financing website for more information.

IBM Global Financing offerings are provided through IBM Credit LLC in the United States, and other IBM subsidiaries and divisions worldwide to qualified commercial and government clients. Rates are based on a client's credit rating, financing terms, offering type, equipment type, and options, and may vary by country. Other restrictions may apply. Rates and offerings are subject to change, extension, or withdrawal without notice.

Financing from IBM Global Financing helps you preserve cash and credit lines, enables more technology acquisition within current budget limits, can help accelerate implementation of economically attractive new technologies, offers payment and term flexibility, and can help match project costs to projected benefits. Financing is available worldwide for credit-qualified clients.



Back to topBack to top

Latin America distribution

Top rule

All Latin American countries except Cuba.

Trademarks

z15 is a trademark of IBM Corporation in the United States, other countries, or both.

IBM, IBM Z, PartnerWorld and Passport Advantage are registered trademarks of IBM Corporation in the United States, other countries, or both.

Oracle and Java are trademarks of Oracle and/or its affiliates in the United States, other countries, or both.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.

Other company, product, and service names may be trademarks or service marks of others.

Terms of use

IBM products and services which are announced and available in your country can be ordered under the applicable standard agreements, terms, conditions, and prices in effect at the time. IBM reserves the right to modify or withdraw this announcement at any time without notice. This announcement is provided for your information only. Reference to other products in this announcement does not necessarily imply those products are announced, or intend to be announced, in your country. Additional terms of use are located at

Terms of use

For the most current information regarding IBM products, consult your IBM representative or reseller, or go to the IBM worldwide contacts page

IBM Directory of worldwide contacts