IBM LinuxONE Emperor 4 helps you build a sustainable infrastructure

IBM Europe Hardware Announcement ZG22-0002
September 13, 2022

Table of contents
OverviewOverviewPublicationsPublications
Key requirementsKey requirementsTechnical informationTechnical information
Planned availability datePlanned availability dateTerms and conditionsTerms and conditions
DescriptionDescriptionPricesPrices
Statement of general directionStatement of general directionRegional availabilityRegional availability
Product numberProduct number


At a glance

Top rule

CEOs see sustainability as the number one challenge of the next two to three years and as their businesses continue their digital transformation. Improving IT efficiency is an opportunity for businesses as it is estimated that data centers globally already use 200 to 250 TW of electricity, about 1% of total electricity consumed.1 And as data and transaction volumes grow and as new cyber threats are addressed, those numbers will get bigger.

The new IBM® LinuxONE Emperor 4 is a uniquely architected design that is built to handle the multi-workload needs of a modern scalable digital business with the highest quality of service and the upmost efficiency. Powered by up to 200 high-performance Telum processors, the LinuxONE Emperor 4 delivers massive scalability to support multiple workloads in a single system. The Telum processor also features additional compute resources for dedicated workloads such as on-chip AI processing, and dedicated crypto processors deliver protection at speed and scale. So, what does LinuxONE Emperor 4 deliver for your business?

  • Reduce your carbon footprint and improve efficiency with an energy efficient system
  • Deliver consistent service with a system built for "7 9's" (99.99999%) application availability, built to execute proactive outage avoidance actions on demand to respond to the increasing rate of natural disasters and power outages
  • Manage data and transactions at massive scale with increased efficiency and respond to changing requirements on demand
  • Protect today's data against current and future threats with the quantum-safe system, new quantum-safe cryptography application programming interfaces (APIs), and crypto discovery tools
  • Build privacy by isolating workloads at scale and with granularity to protect the applications and data
  • Optimize decision-making with a new on-chip AI accelerator designed to deliver the speed and scale required to infuse AI inferencing into enterprise workloads while maintaining service level agreements (SLAs)
  • Reduce cost and keep up with new and changing regulations with a compliance solution that helps simplify and streamline compliance tasks

1IT sustainability beyond the data center



Back to topBack to top

Overview

Top rule

CEOs see sustainability as the number one challenge of the next two to three years as their businesses continue their digital transformation. Improving IT efficiency is an opportunity for businesses as it is estimated that data centers globally already use 200 to 250 TW of electricity, about 1% of total electricity consumed.1 As data and transaction volumes grow and as new cyber threats are addressed, those numbers will only get bigger.

Why? Because modern infrastructure has been largely commoditized. LinuxONE Emperor 4 is built at a cost point to deliver core functionality, which means whether you are trying to manage growth in data, growth in transactions, or deliver advanced functionality through new software, you can add more servers and that equals more energy. This model is simply not sustainable. A better approach is needed.

The new LinuxONE Emperor 4 delivers an optimized architecture built to handle the multi-workload needs of a modern scalable digital business with the highest quality of service and the utmost efficiency. Powered by up to 200 high-performance Telum processors, the LinuxONE Emperor 4 delivers massive scalability to support hundreds of workloads in a single system, doing the work of 2000 cores of the compared x86 servers.2 The Telum processor also features additional compute resources for dedicated workloads such as on-chip AI processing, and dedicated crypto processors that deliver protection at speed and scale. So, what does LinuxONE deliver for your business?

Support your sustainability ambitions with IT efficiency

The optimized architecture in LinuxONE enables you to grow workloads and add advanced IT functionality with a negligible increase in energy usage. It provides better performance with fast cores (5.2 GHz), larger caches, and more of them, on-chip accelerations, like compression, encryption, and AI, hardware optimizations for Java™, and specialized I/O processors. It also resolves complexity and optimizes queries by enabling big databases to be held on a single server without creating shards.

That's why many businesses, including those like Plastic Bank and Newlight Technologies that are known for sustainable practices, leverage LinuxONE at the core of their businesses

Deliver continuous service at scale

LinuxONE handles data and transactions at massive scale, with the ability to vary capacity on demand to reflect fluctuating business volumes and the ability to prioritize resources according to the business value of each workload.

Protect data and apps critical to business

LinuxONE features confidential computing that isolates hundreds of workloads in a single system to protect against internal and external threats and with pervasive encryption, including quantum-safe technologies, to protect data against current and future threats, in a system that can run over 20 billion secure transactions per day.3

Along with the opportunity created by quantum computing comes the threat to today's public key cryptography. Businesses must start now to prepare for the time when a quantum computer can break today's cryptography. In fact, today's data is at risk for future exposure through "harvest now, decrypt later" attacks.

  • With the new Crypto Express8S (CEX8S), LinuxONE Emperor 4 helps deliver quantum-safe APIs that will position businesses to begin using quantum-safe cryptography along with classical cryptography as they begin modernizing existing applications and building new applications.4
  • Discovering where and what kind of cryptography is being used is a key first step along the journey to quantum-safety. LinuxONE Emperor 4 provides new instrumentation that can be used to track cryptographic instruction execution in the CP Assist for Cryptographic Functions (CPACF).
  • The new IBM Z® Security and Compliance Center software product is designed to help simplify and streamline compliance tasks. This solution will help provide a centralized, interactive dashboard for a consolidated view of compliance posture and system-generated evidence in near real time. You can now check the regulatory posture of your systems on demand and more easily identify drift so that it can be remedied quickly.

For these reasons many businesses in the emerging digital assets market are turning to LinuxONE to protect their business and their customers. LinuxONE Emperor 4 is a quantum-safe system, protected by quantum-safe technology across multiple layers of firmware. Quantum-safe secure boot technology helps protect LinuxONE Emperor 4 firmware from quantum attacks through a built-in dual signature scheme with no configuration changes required for enablement.4

Predict and automate with on-chip AI acceleration

Decision velocity means delivering insights faster to make decisions to help identify new business opportunities, improve customer experience, and reduce operational risk.

  • The new on-chip LinuxONE Emperor 4 Integrated Accelerator for AI is designed for high-speed inferencing at scale. The on-chip AI acceleration is designed to add more than 6 TFLOPS of processing power shared by all cores on the chip. This centralized AI design is intended to provide extremely high performance and consistent low-latency inferencing for processing a mix of transactional and AI workloads at speed and scale. Now complex neural network inferencing that leverages real-time data can be executed and deliver insights within high-throughput enterprise workloads in real time while still meeting stringent SLAs.

Whether you are a start-up or one of the world's largest enterprises, now there is a LinuxONE solution for you, on premises or in the IBM Cloud®. LinuxONE can help you respond to the ever-changing demands of digital business, to protect against cyberattacks and help you move forward with your sustainability goals. And, as part of an open hybrid cloud platform, LinuxONE gives you more flexibility and choice as you optimize workload building and deployment to meet the needs of your business.

2 IBM internal tests show that when running IBM WebSphere® and Db2® workloads, IBM LinuxONE Emperor 4 requires 16 times fewer cores than the compared x86 servers. If you scale this up to a complete IT solution, this means when running this workload, the LinuxONE Emperor 4 Max 125 would be doing the work of about 2000 cores of the compared x86 servers.

DISCLAIMER: This is an IBM internal study designed to replicate a typical IBM customer workload usage in the marketplace. Results may vary. The core consolidation study targeted comparison of the following IBM LinuxONE and x86 servers: An IBM LinuxONE Emperor 4 Max 125 system consists of three CPC drawers containing 125 configurable processor units (IFLs or zIIPs) and two I/O drawers to support both network and external storage. Lenovo ThinkSystem SR650 (2U) with two 2nd Gen Intel™ ® Xeon ® Platinum processors 2.1 GHz, 16 cores per CPU. Both the x86-based and LinuxONE solutions had access to the same storage array. The workloads consisted of a transactional application running on WebSphere Application Server and IBM Db2 simulating core online banking functions. The actual test results were extrapolated to the stated above x86 servers using IDC QPI metrics and IBM sizing methodology using the following assumptions on a typical IT environment of a banking client using x86 servers. The production IT environment has 16 x86 servers running at 50% average utilization. There are 48 x86 servers in the nonproduction IT environments: development (4 environments with 2 servers each, 8 servers total), development test environment (4 servers), system integration test environment (8 servers), performance test environment (16 servers), user acceptance test environment (4 servers), production fix test environment (8 servers). A typical average CPU utilization is 7% across all nonproduction environments. An equivalent LinuxONE Emperor 4 solution requires a single Max 125 server running at 85% average utilization across all IT environments separated using LPAR technology.

3 With IBM LinuxONE Emperor 4, execute up to 20 billion HTTPS transactions per day with OLTP microservice applications running on Red Hat® OpenShift® Container Platform.

DISCLAIMER: Performance result is extrapolated from IBM internal tests running in an IBM LinuxONE Emperor 4 LPAR with 24 dedicated cores, 560 GB memory, and DASD storage the Acme Air microservice benchmark on Red Hat OpenShift Container Platform (RHOCP) 4.9 using RHEL 8.4 KVM. On 4 RHOCP Compute nodes, 4 Acme Air instances were running in parallel, each driven remotely from JMeter 5.2.1 with 384 parallel users. The KVM guests with RHOCP Compute nodes were configured with 12 vCPUs and 64 GB memory each. The KVM guests with RHOCP Management nodes and RHOCP Infrastructure nodes were configured with 4 vCPUs and 16 GB memory each. Results may vary.

4 LinuxONE Emperor 4 with the Crypto Express8S card offers quantum-safe APIs that provide access to quantum-safe algorithms, which have been selected as finalists during the PQC standardization process conducted by NIST Information Technology Laboratory. Quantum-safe cryptography refers to efforts to identify algorithms that are resistant to attacks by both classical and quantum computers, to keep information assets secure even after a large-scale quantum computer has been built. Source: ETSI Quantum-Safe Cryptography (QSC).



Back to topBack to top

Key requirements

Top rule

See the Hardware requirements and Software requirements sections of this announcement.



Back to topBack to top

Planned availability date

Top rule

September 14, 2022

New build system:

  • IBM LinuxONE Emperor 4 Model LA1
  • Features and functions for the LinuxONE Emperor 4

MES orders for LinuxONE Emperor 4 that include the following features:

  • Field-installed features and conversions on LinuxONE Emperor 4 that are delivered solely through a modification to the machine's Licensed Internal Code (LIC)
  • HMA IBM Z HW Management Appliance (#0129) on LinuxONE Emperor 4
  • TKE Rack Mount (#0057) on LinuxONE Emperor 4
  • TKE Tower (#0058) on LinuxONE Emperor 4
  • TKE Rack KMM (#0156) on LinuxONE Emperor 4
  • TKE Table Top KMM (#0157) on LinuxONE Emperor 4
  • TKE 10.0 LIC (#0882) on LinuxONE Emperor 4
  • TKE additional smart cards (#0900) on LinuxONE Emperor 4
  • TKE smart card reader (#0891) on LinuxONE Emperor 4
December 12, 2022

  • All remaining MES orders for LinuxONE Emperor 4 Model LA1

Orders cannot be placed until September 27, 2022.

  • Bulk Power® Assembly (BPA, #0648)

Orders cannot be shipped until October 27, 2022.

  • Bulk Power Assembly (BPA, #0648)

Availability within a country is subject to local legal requirements.



Back to topBack to top

Description

Top rule

The newest member of the LinuxONE family, LinuxONE Emperor 4, will fit seamlessly in your data center with its industry-standard sizing, power, and networking. The system features the IBM Telum Processor with its dedicated on-chip accelerator for AI inference to enable real-time AI embedded directly in transactional workloads, as well as improvements for performance, security, and availability. The system is designed to enable you to flexibly scale up to four frames in a single system and integrate additional hardware appliances into an industry-standard form factor. Clients can easily consolidate down to fewer frames or scale-up for growth.

The new LinuxONE Emperor 4 delivers innovation and benefits in several key areas

Core system

  • LinuxONE Emperor 4 has a maximum of 200 client-configurable cores, which is an increase of 10 over IBM LinuxONE III. The LinuxONE Emperor 4 single processor capacity is designed to enable equal n-way at common client configurations, approximately 9% greater than on LinuxONE III with some variation based on workload and configuration.4
  • The largest LinuxONE Emperor 4 is expected to provide approximately 17% more total system capacity as compared to the largest LinuxONE III with some variation based on workload and configuration. Within each single drawer, LinuxONE Emperor 4 provides 25% greater capacity than LinuxONE III for standard models and 40% greater capacity on the maximum configuration model, enabling efficient scaling of partitions.4
  • LinuxONE Emperor 4 has a completely redesigned cache subsystem, consisting of semiprivate 32 MB Level-2 (L2) caches per core that are working in concert to provide up to 256 MB virtual Level-3 (L3) cache per chip and up to 2 GB virtual Level-4 (L4) cache per drawer. The result is that virtual L3 and L4 caches provide 1.5 times the cache capacity per core compared to LinuxONE III.
  • LinuxONE Emperor 4 supports up to 10 TB of main memory per drawer and 40 TB per system based on a newly designed memory buffer chip that provides up to DDR4-3200 memory speed, depending on memory size, delivering 50% more memory bandwidth per drawer than LinuxONE III. This is designed to improve overall workload performance, particularly for data-intensive analytics and AI applications. The new memory interface uses transparent memory encryption technology to protect all data leaving the processor chips before it's stored in the memory DIMMs.

Security and cryptography

  • LinuxONE Emperor 4 quantum-safe technology is designed to enable you to act now to help protect your business. LinuxONE Emperor 4 leverages quantum-safe technologies to help protect your business-critical infrastructure and data from potential quantum attacks.5
  • LinuxONE Emperor 4 secure boot technology protects system firmware integrity by using quantum-safe and classical digital signatures to perform a hardware-protected verification of the IML firmware components.5
  • IBM Secure Boot for Linux® allows validation of signed Linux kernels to prevent non-approved Linux kernels from booting, based on a previously validated root of trust established for the firmware Bootloader.
  • The new Crypto Express8S (CEX8S) is designed to meet the Federal Information Processing Standards (FIPS) 140-3 at Level 4 for cryptographic modules.
  • IBM's Common Cryptographic Architecture release 8.0 (CCA 8.0) is designed to be certified to meet the hardware security module (HSM) requirements from the Payment Card Industry Security Standards Council (PCI-SSC).
  • The CEX8S with Enterprise PKCS #11 (EP11) firmware offers enhancements that are designed to increase performance significantly in the areas of random number generation as well as message digest calculation.
  • The Trusted Key Entry (TKE) 10.0 level of the Licensed Internal Code (LIC) enables you to manage the CEX8S using the TKE.

Networking and I/O

  • OSA-Express7S 1.2 GbE, 10 GbE, 1000Base-T, and 25 GbE.
  • RoCE Express3 10 GbE and 25 GbE LR and SR, in support of the SMC-R and SMC-Rv2 protocols, as well as use by Linux on IBM Z for all networking communications protocols.
  • FICON® Express32S (#0461 and #0462) to help absorb large application and transaction spikes driven by large unpredictable AI and hybrid cloud workloads. FICON Express32S is also a key component of the IBM Fibre Channel Endpoint Security solution.
  • Crypto Express8S (CEX8S), which is available in 1 HSM (#0909) and 2 HSM (#0908) versions.

Systems management and infrastructure

  • IBM Hardware Management Console (HMC) 2.16.0 offers simplification updates designed to improve workspace and manage system time.
  • Dynamic Partition Manager (DPM) continues to enhance its capabilities. With LinuxONE Emperor 4, DPM is designed to provide a seamless experience to configure low-latency SMC-Dv2 network links between two or more logical partitions running on the same physical server, all through a single point of control. This enables system administrators and system programmers to accomplish time-consuming and potentially error-prone operations with an intuitive and guided user experience.

A flexible and standardized configuration

LinuxONE Emperor 4 provides offering simplification and enables you to flexibly scale up to four frames in a single system and integrate additional hardware appliances into an industry-standard form factor. This will benefit existing clients through potential consolidation down to fewer frames and allows an easier scale-up path for growth.

LinuxONE Emperor 4 sustainability

IBM has a longstanding commitment to building a more sustainable, equitable future. In 1971, IBM formalized its environmental programs and commitment to leadership with the issuance of its Corporate Policy on IBM's Environmental Responsibilities. This was a quarter century before the first International Organization for Standardization (ISO) 14001 environmental management systems standard was published. IBM's activities between then and 2021, when IBM committed to reaching net zero greenhouse gas emissions by 2030 in all 175 countries in which it operates, make it an ideal partner for the increasing number of businesses that consider sustainability a strategic direction. For more information, see the IBM Commits To Net Zero Greenhouse Gas Emissions By 2030 web page.

Continuing in that same spirit, LinuxONE, which is a separate brand built on the long and notable history of the IBM zSystems line of processors, is the ideal platform for achieving corporate sustainability goals. LinuxONE has inherited some of the best IBM zSystems features, including a focus on efficiency improvement that spans more than 20 years and a commitment to increasing system capacity per kW in every release. Continuing this long program history of improved sustainability factors, LinuxONE Emperor 4 is designed to enable even greater sustainability success for businesses.

LinuxONE Emperor 4 is built for the modern data center to optimize flexibility and sustainability. With the introduction of on-chip AI acceleration, LinuxONE Emperor 4 continues to deliver key architectural advantages to support your organization's sustainability goals, including:

  • Data center modularity and flexibility
  • Specialty engines to offload I/O processing and perform on-chip AI, encryption, and compression
  • Ability to sustain high CPU utilization
  • High reliability and availability, which increases the lifespan of the hardware

These key architectural advantages help make LinuxONE Emperor 4 a differentiator in your data center, especially when consolidating workloads from x86, when it comes to sustainability benefits.

For example, consolidating Linux workloads on 5 LinuxONE Emperor4 systems instead of running them on compared x86 servers under similar conditions can reduce energy consumption by 75%, space by 50%, and the CO2e footprint by over 850 metric tons annually. This is equivalent to consuming about 362,000 fewer litres (95,600 gallons) of gasoline each year.6

IBM continues to focus on environmental design for its products and provides resources to help businesses quantify the impacts. LinuxONE Emperor 4 makes available product carbon footprint reports using the Product Attributes to Impact Algorithm (PAIA) to help businesses understand the lifecycle carbon sustainability of the LinuxONE hardware within their data centers. LinuxONE Emperor 4 provides telemetry information that is useful for the integration into modern data center infrastructure management (DCIM) systems through a set of secure, REST-based web service APIs. Emperor 4 environmental telemetry aligns with the latest ASHRAE Tier 1 DCIM Compliance.

IBM has focused on the environmental attributes of its product packaging and shipping since the late 1980s. IBM directly procures source paper and paper-based or wood-based packaging from forests that are sustainably managed and certified as such. It also collaborates with suppliers to use recycled and recyclable materials and to promote reuse. When LinuxONE systems are shipped, the use of virgin packaging materials is reduced by 60% thanks to the implementation of high-recycled-content polyethylene cushions. Even the wooden shipping crates are sustainable as they are reusable and typically last up to five shipments.

The combination of these LinuxONE Emperor 4 enhancements with existing LinuxONE sustainability benefits and IBM's overall commitment to sustainability means that having an LinuxONE Emperor 4 system in your data center will go a long way toward helping you meet your sustainability goals.

Quantum-safe protection

As quantum computing and the related rapidly developing ecosystem matures, the National Institute of Standards and Technology (NIST), as well as industry and academic institutions, are looking at the risk side of quantum technology. IBM recognizes that with any new technology, there are new threats, and as such, appropriate countermeasures may need to be taken.

Quantum technology can be used to unlock significant innovation, but in the hands of an adversary, it has the potential to weaken or break core cryptographic primitives that have previously been used to secure systems and communications. This leaves the foundation for digital security at risk. NIST initiated a process to solicit, evaluate, and standardize quantum-safe public-key cryptographic algorithms to address these issues. Quantum-safe cryptography aims to provide protection against attacks that can be initiated against classical and quantum computers.

IBM is a leader in the development of quantum-safe technology and the products that leverage this critical technology. LinuxONE Emperor 4 quantum-safe technology is designed to enable you to act now to help future-proof your business.4

At the infrastructure level, LinuxONE Emperor 4 offers secure boot technology that protects system firmware integrity by using quantum-safe and classical digital signatures to perform a hardware-protected verification of the Initial Machine Load (IML) firmware components during the system start-up process.4 This protection is anchored in a hardware-based root of trust for the firmware chain of trust.4 LinuxONE Emperor 4 quantum-safe technology is designed to provide a double layer of protection by using a dual signature scheme that employs classical and quantum-safe cryptographic algorithms to help ensure the server starts safely and securely by keeping unauthorized firmware (malware) from taking over your server during system startup.4 Also, Pervasive Encryption, a solution that enables data encryption at rest, has strengthened its internal key handling support by leveraging quantum-safe protections, including a hybrid key exchange mechanism using CRYSTALS-Kyber and ECDH and a dual signing scheme using CRYSTALS-Dilithium and ECDSA.

The Crypto Express8S adapter is supported by z/VM® as a dedicated or shared resource. Dedicated guests will be able to take advantage of all functionality available with the CEX8S adapters, including assorted new enhancements and use of quantum-safe APIs.

Now is the time to start planning for the replacement of hardware, software, and services that use public-key and weak symmetric key cryptography. LinuxONE Emperor 4 will enable future critical client use cases across many industries with the following capabilities:

  • Generation of Quantum-safe keys
  • Quantum-safe encryption
  • Quantum-safe key encapsulation mechanisms
  • Quantum-safe hybrid key exchange schemes
  • Quantum-safe dual digital signature schemes

Take advantage of the Pervasive Encryption support on LinuxONE Emperor 4 to protect your data at rest using quantum-safe encryption methods. This approach enables companies to encrypt all their data by default with little compute overhead. LinuxONE Emperor 4 enables you to begin using quantum-safe cryptography along with classical cryptography as you begin to modernize existing applications and build new applications.3

Cryptographic enhancements for CCA and Enterprise PKCS #11 (EP11)

CCA CEX8S enhancements

LinuxONE Emperor 4 delivers critical cryptographic capabilities that help address the ever-changing security requirements across the globe around key management and distribution, data management and compliance, and protecting enterprise data. The new CEX8S is designed to meet the FIPS 140-3 at Level 4 for cryptographic modules. IBM's Common Cryptographic Architecture (CCA) 8.0 is designed to be certified to meet the hardware security module (HSM) requirements from the PCI Security Standards Council (PCI SSC). Its unique design eases migration of applications and keys and expands to add new cryptographic algorithm support.

The CEX8S with CCA firmware is designed to further offer enhancements that increase performance for both application workloads and TKE workstation domain group administration. The CEX8S with CCA firmware also has a redesigned queueing model that adds fairness for heterogeneous workloads originating from different domains.

CEX8S with CCA firmware includes complete AES-based financial services processing with complete ISO 4 PIN® block format and AES-DUKPT support. This includes the new PIN Verify 2 service, which allows secure comparison of ISO 4 PIN blocks to other PIN blocks inside the HSM. The AES processing updates are useful for payment network participants that are upgrading security to newer AES-based security protocols. Signature scheme support is enhanced with EdDSA (Ed448 and Ed25519) and Elliptic Curve Schnorr Digital Signature Algorithm (EC-SDSA), including the secp256k1 curve. The enhanced Elliptic Curve support is useful for protocols that require certificates or signature support using these curves.

Data protection service is enhanced with X9.23 random pad for AES encryption services and format preserving encryption (FPE) support, including FF1, FF2, and FF2.1. The added FPE support is commonly used for communication of sensitive data between payment network participants, where the encrypted data must fit into fields and protocols that check the form and character set of the data. Key management is enhanced with X9 TR-31 support for HMAC keys, a PKCS#11 key export mechanism for CCA keys that allows interoperation with various cloud services, and X9 TR-34 remote key exchange enhancements that allow better interaction with unique devices. CCA firmware is further enhanced with the Australian financial services algorithm and protocol support for both issuer and acquirer workloads.

CCA quantum-safe cryptography enhancements

The CEX8S with CCA firmware has added secure key support for quantum-safe cryptography private keys for both signature and key encapsulation method (KEM) use cases. The CCA interface adds support for Cryptographic Suite for Algebraic Lattices (CRYSTALS) Dilithium secure private keys of sizes (6,5) and (8,7) for both round 2 and round 3 versions of CRYSTALS-Dilithium, usable for digital signature generation and verification. The CCA interface also adds support for round 2 of the CRYSTALS Kyber 1024 parameter set, a key encapsulation mechanism (KEM), which can be used to protect 32-byte values. These pieces are also combined with Elliptic-curve Diffie--Hellman (ECDH) support to offer clients a complete quantum-safe cryptography hybrid key agreement scheme, implemented with secure CCA private keys for all involved private keys. This is useful for scenarios where data needs enhanced authentication against future quantum computing attacks on conventional cryptography.

CCA - new TDES key block

CEX8S with CCA firmware contains enhancements also delivered for CEX7S after the IBM z15™ GA1 on September 23, 2019. This includes the first proprietary TDES key block, also known as a key token, to be independently reviewed and confirmed to be compliant with PCISSC PIN Security key block requirements as updated September 30, 2020. 7

The new TDES key block is backward compatible with existing applications and Cryptographic Key Data Set (CKDS). The new TDES key block was available for IBM z15, IBM z14®, and IBM z13® beginning July 2021 in the appropriate firmware drivers. The independent review is publicly posted.8 The new PCI PIN compliant CCA TDES key block is useful and required for applications that use TDES keys and cryptography in PCI PIN audited workflows.

EP11 CEX8S enhancements

CEX8S with Enterprise PKCS #11 (EP11) firmware offers enhancements that increase performance significantly in the areas of random number generation as well as message digest calculation. It adds support for using the Secure Hash Algorithm 2 (SHA-2) and Secure Hash Algorithm 3 (SHA-3) families in conjunction with the RSA-OAEP encryption scheme, which has also been made available for the CEX7S with EP11 firmware since version 4.7.14.

CEX8S with EP11 firmware also adds general support for EdDSA (Ed25519 and Ed448) and ECDH with Montgomery curves (X25519 and X448), which has also been made available for the CEX7S with EP11 firmware since version 4.7.15.

EP11 quantum-safe cryptography enhancements

CEX8S with EP11 firmware has enhanced support for digital signatures with CRYSTALS Dilithium. Additionally, to the already existing security level 4 from round 2, the following security levels are now supported for generating and verifying quantum-safe signatures: round 2 (8,7), round 3 (6,5), and round 3 (8,7).

It is also the first time that CRYSTALS Kyber for quantum-safe encryption and decryption as well as key encapsulation is supported with security levels 768 and 1024.

TKE 10.0 level of LIC

Important upgrade information: You can upgrade from TKE 9.x to TKE 10.0 with the purchase of a 4770 HSM for the TKE. However, you must update your workstation BIOS prior to the upgrade. To do that, you must install TKE 9.2 with the latest patches prior to installing the TKE 10.0 firmware.

The TKE 10.0 level of LIC is required if you want to manage the CEX8S using the TKE. In addition, TKE 10.0 uses quantum-safe cryptography when the TKE authenticates CEX8S, derives Transport Keys between the TKE's HSM and the target CEX8S, and during the on-demand HSM dual validation check.

  • TKE 10.0 has a domain group limitation. All the HSMs in a TKE domain group must all contain quantum-safe cryptography support (that is, only include CEX8S), or all the HSMs must not contain quantum-safe cryptography support (that is, the HSMs can't include any CEX8S).
  • TKE 10.0 now supports one-time use MFA authentication on an open host.
  • TKE 10.0 contains Configuration Migration Tasks support to enable you to collect and apply data to and from CEX8S and collect data from a pre-CEX8S HSM and apply it to CEX8S HSMs.
  • TKE 10.0 supports a new default wrapping method for the CEX8S HSM.
  • TKE 10.0 added support for a new AES DUKPT key attribute when using TKE to create AES DKYGENKY parts.

TKE 10.0 added support for the EP11 Outbound Authentication (OA) Signature Policy. The EP11 firmware on a CEX8S HSM enables users to configure what OA signatures are returned on responses from the HSM. The TKE OA Signature Policy controls what configuration options you may select when managing the settings from the TKE.

LinuxONE Emperor 4 Integrated Accelerator for AI

The LinuxONE Emperor 4 Integrated Accelerator for AI is designed to provide machine learning acceleration with high throughput and low latency. IBM Telum has a centralized chip-based AI accelerator designed to support real-time computing at scale and provides a high data bandwidth interface to the cache and memory hierarchy optimized to deliver high inference throughput. This centralized AI design is intended to provide extremely high performance and consistent low-latency inferencing for processing transactional workloads leveraging AI at speed and scale. LinuxONE Emperor 4 Integrated Accelerator for AI is designed to meet demanding response time requirements of real-time workloads, for instance, in the banking and healthcare industry. For example, clients can benefit from the AI acceleration enabled by the LinuxONE Emperor 4 Integrated Accelerator for AI to detect fraud in real time to reduce revenue financial loss due to fraud and increase security.

Implemented as an architected memory-to-memory instruction accelerating the most heavily used high-level AI functions like matrix multiplication or convolution, the LinuxONE Emperor 4 Integrated Accelerator for AI has direct access to the application data, resulting in reduced data movement and improved performance. LinuxONE Emperor 4 Integrated Accelerator for AI is targeted to accelerate deep learning AI models, like recurrent neural networks (RNN) and convolutional neural networks (CNN), at a higher throughput rate and low latency. With LinuxONE, organizations can perform AI analysis near their data, addressing latency to deliver insights where and when they are needed.

There is an emerging industry need for organizations to work with existing infrastructure. Data scientists want to simplify operationalizing their existing AI investments when integrating them with LinuxONE. LinuxONE supports AI frameworks and tooling such as TensorFlow, SnapML, and the IBM Deep Learning Compiler (DLC), with optimizations that leverage the LinuxONE Architecture, including the AI accelerator. Models developed with other popular AI frameworks like PyTorch and Spark can leverage the AI accelerator using the Open Neural Network Exchange (ONNX) technology. With technologies and tooling such as ONNX, data scientists can develop and train their models with familiar tools and common platforms such as x86, IBM Power, IBM zSystems, and LinuxONE. They can then port their data science assets and deploy them on LinuxONE seamlessly to deliver more consistent, repeatable production qualities of service. By allowing clients to bring their own models for deployment on LinuxONE, organizations can leverage their existing investments in people, process , and infrastructure. By deploying AI on LinuxONE, you can benefit from the qualities of service such as scale, resiliency, and security to get the most out of your infrastructure investment.

IBM Deep Learning Compiler (DLC) enables deep learning models to be deployed on LinuxONE, exploiting the LinuxONE Emperor 4 Integrated Accelerator for AI. The DLC is included as part of ICR as ONNX-MLIR with enhanced capabilities and model management. It is also available in a community version.

IBM Z Deep Neural Network library (zDNN) is a software library that provides high-level C APIs, which enable simplified exploitation of the LinuxONE Emperor 4 Integrated Accelerator for AI by AI frameworks and libraries. Additionally, it has been made available through open source channels. The IBM zDNN library provides APIs for the deep learning and machine learning primitives that are accelerated by LinuxONE Emperor 4 Integrated Accelerator for AI. AI framework developers, AI compiler developers, and runtime providers can leverage the zDNN accelerated primitive APIs to drive the exploitation of the LinuxONE Emperor 4 Integrated Accelerator for AI through the new Neural Network Processor Assist (NNPA) facility instruction. The zDNN library enables high-level language exploitation of the optimized NNPA implementation for matrix multiplication, convolution, activation functions, and many other standard DNN primitives. The zDNN library is available for LinuxONE.

TensorFlow is a popular open source platform for AI. TensorFlow is enhanced to target supported operations to the LinuxONE Emperor 4 Integrated Accelerator for AI.

TensorFlow models, trained on any platform, can be deployed for inference on IBM zSystems and leverage the LinuxONE Emperor 4 Integrated Accelerator for AI. TensorFlow with support for the Integrated Accelerator for AI is planned to be available for use on LinuxONE. It will initially be available through the IBM LinuxONE Container Image Repository.

SnapML, a machine learning library developed by IBM Research®, provides high-speed training and inference of popular machine learning models on modern computing systems. SnapML is enhanced to exploit the LinuxONE Emperor 4 Integrated Accelerator for AI for types of tree-based traditional machine learning models.

  • SnapML on LinuxONE can be exploited to provide optimized execution of models created and trained in XGBOOST, LightGBM, and Scikit-Learn.
  • On LinuxONE, tree-based models such as gradient boosting and random forest exploit the AI accelerator for inference.
  • SnapML is available for install through PyPI on LinuxONE and as an available machine learning library in Cloud Pak for Data.

Cloud Pak for Data is a cloud-native data and AI platform that helps modernize data management, analytics, and AI to help your clients drive outcomes for their business faster. Built on Red Hat OpenShift, the Cloud Pak for Data platform delivers an open information architecture with integrated capabilities from IBM and IBM partners to help clients achieve their AI aspirations and confidently leverage their enterprise data within a secured, resilient private cloud infrastructure. For additional information, see the IBM Cloud Pak® for Data solution brief.

IBM Z Flexible Capacity for Cyber Resiliency

IBM Z Flexible Capacity for Cyber Resiliency is a new capacity on demand offering available on LinuxONE Emperor 4 machines, that allows processing capacity flexibility between primary site and alternate data centers.

IBM Z Flexible Capacity for Cyber Resiliency is designed to provide increased flexibility and control to organizations who want to shift production capacity between participating LinuxONE Emperor 4 machines at different sites. Capacity can be shifted up to 12 times a year and stay at the target machine for up to 12 months after the flexible capacity record activation on the target machine. Capacity shifts can be done under full client control without IBM intervention and can be fully automated using IBM GDPS® automation tools. Flexible Capacity for Cyber Resiliency can be combined with other IBM On-Demand offerings.

The IBM Z Flexible Capacity for Cyber Resiliency supports a broad set of use case scenarios:

  • Proactive Avoidance: Protect critical business services from natural disasters, get support when your resources are scarce during pandemic crisis, and avoid rolling power outages. Additionally, migrate critical workloads to an alternate site before the business gets impacted and run your work on the target machine for up to one year.
  • Compliance: Regulators around the globe are introducing more stringent policies in relation to business continuity and disaster recovery requiring more comprehensive and extended testing mandating clients switch over full production loads and operate for a period of from 30 days up to 6 months out of their secondary data center. IBM Z Flexible Capacity for Cyber Resiliency is designed to help to improve an organization's compliance posture to meet existing and evolving regulatory requirements requiring rapid restoration of production workloads.
  • DR and DR Testing: Transfer the capacity needed at the DR site to continue running production workloads. Automate and test recovery procedures for unplanned outages, including cyberattacks to provide near-continuous availability and disaster recovery.
  • Facility Maintenance: Run production workloads from an alternate site with all the capacity needed to perform maintenance at the source site with the capacity needed.

To accommodate the capacity shift, a new temporary capacity record, called Flexible Capacity Record, is introduced. The record will be installed on both, the LinuxONE Emperor 4 source and the LinuxONE Emperor 4 target systems.

Disclaimer: The LinuxONE Emperor 4 systems must be installed in different locations. GDPS Version 4.4 is needed for IBM provided automation. Necessary resiliency technology must be enabled, such as System Managed CF Structure Duplexing, Sysplex failure management, and Capacity Provisioning Manager. Other configurations may provide different availability characteristics. Clients may optionally use other third-party tools for automation purposes.

LinuxONE Virtual Servers and Bare Metal Servers

Clients' desire to adopt hybrid means that there needs to be additional deployment options when purchasing from IBM. There will always be a strong need for on-premises workloads, but clients are looking for new methods for things like Development and Testing or temporary additional capacity, such as during peak season. For that, they need an off-premises solution that provides the same chip architecture and platform that they are invested in.

For that, IBM offers both Virtual Servers and Bare Metal Servers built on the LinuxONE platform and deployed through the IBM Cloud catalog. These offerings unlock new use cases for the same workloads that run well on the LinuxONE platform, like databases with license consolidation. And, because the offerings are built using a private network, instances are protected from outsider access and no data flows over the public internet. It is a "best of both worlds" situation where clients have more flexibility than ever before with deciding how to build their solutions using LinuxONE.

LinuxONE Virtual Servers offers clients preconfigured profiles consistent with how Virtual Servers are offered both at IBM and at other vendors. There are instances where virtualization is managed by IBM and clients can simply start building their applications using s390x architecture. These instances are slices of a core, meaning that clients can deploy a fraction of a core to test a new application and pay hourly only while the instance is running, offering a much lower barrier to entry to the platform.

LinuxONE Bare Metal provides dedicated cores, without virtualization, for clients to simply rent compute power and have free reign to build from the ground up. It is an extension of the on-premises value proposition, with near identical performance so clients can take advantage of additional cores when they need them. Choose from a variety of profiles based on number of cores, with associated allocations of RAM and disk.

IBM Cloud Hyper Protect Services

The IBM Cloud Hyper Protect Services are a portfolio of products offered through the IBM Cloud catalog that provide security differentiation in the public cloud. They are built on LinuxONE technology such as secure execution that allows for a confidential computing solution. Products include IBM Cloud Hyper Protect Crypto Services, IBM Cloud Hyper Protect Virtual Servers, IBM Cloud Hyper Protect DBaaS for PostgreSQL, and IBM Cloud Hyper Protect for MongoDB, with more in development. Each provides a slice of IBM's technology for consumption in the public cloud, and each instance is provisioned inside a secure enclave protecting the data from internal and external threats.

With these products, the hardware is maintained by IBM in data centers around the world, but clients can provision instances according to the size that they need and are billed according to consumption. These offerings can be provisioned on their own or with any other combination of products from the IBM Cloud catalog. In this way, clients can build complete hybrid cloud solutions that use the best of on-premises and public cloud together.

Crypto Services is a combination of hardware security module (HSM) as well as a key management service. This two-in-one product offers Keep Your Own Key (KYOK) technology that provides the ability to maintain control of the entire key hierarchy.

Database-as-a-service is a managed database with two types: MongoDB and PostgreSQL. Day-to-day maintenance is handled by IBM, but clients gain security and high availability advantages by default without specialized skills.

Finally, Virtual Servers are an infrastructure-as-a-service offering that enables clients to build their applications in a confidential computing environment. It includes Secure Build, which is a protection against unauthorized code, such as malware, from being injected into a virtual server.

IBM Z Security and Compliance Center

In regulated industries, compliance is a top priority. But the process to collect evidence about security controls and demonstrate compliance to auditors and internal stakeholders is manual and time-consuming.

The IBM Z Security and Compliance Center helps centralize monitoring of compliance in near real time and provides an interactive view of compliance posture and severity around control deviations.

The IBM Z Security and Compliance Center is designed to simplify the compliance experience for LinuxONE through some key functionality designed around pain points in current compliance operations:

  • Automate collection and validation of relevant evidence from key areas of LinuxONE platforms, tracked over time with a browser-based dashboard.
  • Predefined profiles will identify potential deviations through built-in goal validation that help demonstrate to auditors the details around the severity of controls deviations from PCI-DSS and NIST SP800-53.

Enterprises using Linux distributions like Red Hat Enterprise Linux, SUSE Linux Enterprise Server, and Ubuntu Enterprise Server on IBM zSystems and LinuxONE will be able to use the IBM Z Security and Compliance Center dashboard to quickly and easily determine the extent to which their IBM zSystems and LinuxONE meet internal controls and certain industry standards. In addition to enterprise Linux evidence collection Linux support, the IBM Z Security and Compliance Center also collects and validates compliance evidence from Oracle Database and PostgreSQL Community Version and Fijitsu Enterprise PostgreSQL on IBM zSystems and LinuxONE.

For more information about IBM Z Security and Compliance Center, see Software Announcement ZP22-0005, dated April 5, 2022.

Leverage IBM LinuxONE Expert Care to maximize and accelerate value

IBM LinuxONE Expert Care provides a best-in-class support experience, offering a tiered approach to post-warranty maintenance and support, designed to keep the IBM LinuxONE system up to date for optimal performance and minimum downtime.

IBM LinuxONE Expert Care is a cost-effective way to maintain a resilient, high-performing enterprise system, with predicable maintenance costs, while freeing up in-house IT staff to pursue other strategic business initiatives.

Highlights include:

Tier 1: LinuxONE Expert Care Advanced provides post-warranty hardware maintenance coverage. Elements include:

  • Customizable length of coverage
  • Same-day 24x7 hardware service and parts replacement
  • Hardware firmware fixes and updates - remote or onsite
  • Installation, usage and configuration recommendations
  • Automated case creation and predictive issue alerts

Tier 2: LinuxONE Expert Care Premium will provide all elements of Tier 1 (Advanced), plus additional software support and services elements as follows:

  • 9x5 Software and OS Q&A / Usage support
  • Enhanced response times - 30 Minutes, severities 1 and 2
  • Dedicated Technical Account Manager (TAM) a critical product-based support role that will serve as the key client interface for in-scope hardware and software, delivering partnership and consultancy, as well as direct engagement on high-priority support cases.

Key tasks fulfilled by the TAM include:

  • Assists in Call Home enablement.
  • Assists in Predictive Support through Call Home Connect Cloud enablement.
  • Provides software roadmap and life cycle information.
  • Provides high impact pervasive (HIPER) information for client impact avoidance.
  • Provides best practices documentation.
  • Priority handling of Severity 1 and Severity 2 problems.
  • Engages the appropriate support resources and provides an escalation path as needed. Participates in managed escalations as required.
  • Delivers relationship management including welcome calls, support plan, monthly reporting, and quarterly meetings.
  • Facilitates change management by communicating planned events to appropriate support team.

Linux

Using open source Linux solutions is a smart way to run your IT and cloud services. LinuxONE Emperor 4 is designed to be an integral part of your hybrid IT, Linux, and cloud platforms. With LinuxONE Emperor 4, you can run and transform your IT environment with industry-leading levels of data privacy, security, and resiliency. LinuxONE Emperor 4 demonstrates a perfect infrastructure for all kinds of Linux solutions and cloud services. Linux based solutions are available from IBM, ISVs, and the open source community. The Linux based solutions can leverage LinuxONE Emperor 4 strengths such as the on-chip AI acceleration, encryption, and compression support, the high I/O bandwidth, the immense total server capacity, and high workload density. LinuxONE Emperor 4 provides:

  • Maximum scalability
  • High security levels with pervasive encryption for consumable data protection and ultimate security inside LinuxONE Emperor 4
  • Resilience and continuous availability without risk of downtime, providing high levels of security and governance
  • Agility and portability through tooling for cloud-native development
  • Open APIs to unleash and amplify core assets
  • Efficient operations with rapid deployment, configuration, and management of virtual Linux servers

Modernize for hybrid cloud

LinuxONE Emperor 4 delivers new technology innovation in AI, security, and resiliency on a flexible infrastructure designed for mission-critical workloads in a Linux and hybrid cloud environment. With LinuxONE Emperor 4 technology as an infrastructure cornerstone, you can accelerate your modernization as you integrate LinuxONE Emperor 4 seamlessly into your hybrid cloud.

LinuxONE Emperor 4 technology and its cloud solutions empower developers with the agility to accelerate the development of new cloud-native workloads and to accelerate the modernization of existing workloads that can be integrated with new digital services. LinuxONE Emperor 4 continues to deliver new and improved capabilities for Linux and cloud deployments. It cannot only be used as the enterprise Linux platform, but it can also be the foundation for application modernization and on-premises cloud as part of a hybrid cloud approach.

With the multiple virtualization technologies, LPARs, IBM z/VM, and KVM, LinuxONE Emperor 4 enables the deployment of more virtual servers, for both noncontainerized and cloud-native workloads, in a single server than any other platform through legendary scalability, system management, and performance.

  • The IBM Dynamic Partition Manager is designed to perform simplified configuration for Linux users, allowing them to quickly configure LPARs, as easily as other virtualized environments.
  • IBM z/VM delivers extremely high levels of security, scalability, and efficiency, providing a robust foundation for on-premises cloud computing using both containerized and noncontainerized workloads. z/VM based virtual machines support Linux distributions and the Red Hat OpenShift Container Platform. z/VM can host up to thousands of virtual servers on a single system.
  • KVM virtualization allows clients to make use of Linux administration skills. KVM is delivered with Linux distributions, enables the open virtualization ecosystem, and is optimized to benefit from Secure Execution as well as other LinuxONE Emperor 4 capabilities. KVM-based virtual machines support Linux distributions, and Red Hat Enterprise Linux KVM supports the Red Hat OpenShift Container Platform.

Virtualization is foundational to delivering infrastructure as a service (IaaS), a basic building block for cloud computing. IBM Cloud Infrastructure Center is a ready-to-use IaaS management solution, and together with z/VM and KVM, it can provide a consistent, industry-standard user experience for defining, instantiating, and managing the lifecycle of virtual infrastructure. Cloud Infrastructure Center provides simplified infrastructure management, deployment capabilities for Linux images for noncontainerized workloads, support to simplify and automate Red Hat OpenShift clusters deployment, and industry-standard-based integration with cloud management tools using OpenStack-compatible APIs across the enterprise.

The Linux operating system on LinuxONE Emperor 4 provides an impressive Linux and private cloud environment. Linux is the base to run all kind of workloads, especially for workloads that require high levels of resilience, flexibility, and security. Noncontainerized Linux workloads, running in virtual machines, such as MongoDB, can be easily managed and integrated into hybrid cloud by using IBM Cloud Infrastructure Center.

Container technologies are available from the Linux distribution partners and from the open source community to be deployed on a Linux distribution. Red Hat's OpenShift Container Platform comes with an included operating system and is running in z/VM and Red Hat KVM-based virtual machines. Finally, the Red Hat OpenShift Container Platform and IBM Cloud Paks running on LinuxONE Emperor 4 provide the combination of infrastructure, hybrid cloud container platform, and middleware to modernize existing applications and develop cloud-native applications that integrate, extend, and supply data and workloads from LinuxONE Emperor 4 across the hybrid cloud. Red Hat's OpenShift comes with its included operating system and is running in z/VM and Red Hat KVM-based virtual machines. Also, other container technologies are available from the Linux distribution partners and from the open source community to be deployed on a LinuxONE Emperor 4 distribution.

Modernizing applications through IBM Cloud Paks

Building containerized applications from scratch requires a significant investment in cloud resources, talent, and management tools. With a known shortage of cloud-native skills and short project timelines, IBM clients are seeking enterprise-grade and preintegrated software to accelerate digital transformation and innovation. IBM Cloud Paks are AI-powered software designed for the hybrid cloud landscape. Clients are automating, predicting, and optimizing business processes and modernizing business models at a faster pace without compromising capabilities, security, and resiliency.

LinuxONE helps clients meet their sustainability goals while enabling teams to consistently develop, deploy, and orchestrate cloud-native applications, while taking advantage of the security, resiliency, and scalability of LinuxONE infrastructure.

Why LinuxONE for Digital Asset Custody

The adoption of digital assets, like cryptocurrencies, is rapidly accelerating as the technology matures and regulations become clearer. With an overall market value of over $2T, digital assets have emerged as a disruptive new asset class, attracting the interest of startups, FinTech platforms, and institutional finance organizations looking to leverage higher yields and greater efficiencies and to gain access to untapped markets. As regulations permit, financial institutions are looking to provide their clients access to new forms of liquidity, lending, borrowing, trading, and transactional services. Digital asset custody is the foundation for these use cases that will unlock future market opportunities.

All stakeholders in the digital asset industry are exposed to some degree of risk when it comes to managing private keys used to sign transactions. Control over private keys is synonymous with control over digital assets; if you control the private key, you control the asset. Maintaining control over private keys at enterprise scale is extremely challenging and poses a major risk when managing millions of wallets. Enterprise institutional digital asset custody requires infrastructure with higher levels of protection and trusted processes to create scalable solutions that establish confidence in end customers.

IBM Digital Asset Infrastructure, powered by LinuxONE, provides the building blocks to create end-to-end solutions for storing and transferring large quantities of digital assets in highly secure wallets, providing technology to create a warm wallet solution with the security of cold storage. Through partnership with leading custody platforms, IBM Digital Asset Infrastructure is designed to enable clients of all sizes to execute a strategy that supports agility to trade, compliance with regulations, and leverages hardware-based security to provide additional assurances that help reduce overall risk profile.

IBM Digital Asset Infrastructure benefits include:

  • Scale to millions of wallets.

    Unlike solutions that require key storage in an HSM, on LinuxONE, private keys are protected using envelope encryption with a master key stored in an HSM designed to meet the Federal Information Processing Standards (FIPS) 140-3 at Level 4, the highest level of certification commercially available. This capability enables a single HSM to scale to millions of wallets with no physical limits on key storage.

  • Secure critical platform components in highly isolated hardware-protected Trusted Execution Environments.

    When architecting a digital asset solution involving the exchange of funds, it is important to consider the exploitation of sensitive data by both insider and external threats. Exploitation of applications, data, and policies can lead to irreversible loss of funds as well as loss of confidence from end customers.

    Deploying applications and databases in IBM Secure Execution for Linux Trusted Execution Environments isolate workloads to restrict access to data.

  • Remove operational risks such as unauthorized policy rule manipulation or malicious code insertion.

    When deploying wallets and databases with keys, it is crucial to verify that an insider cannot deploy malware or backdoors in the deployment process and to confirm the correct software image was deployed. The Secure Build Server creates a trusted CI/CD pipeline by providing audit-as-deploy processes to reduce the risk of malicious code being deployed into production.

  • Migrate seeds off-chain without fees, whitelisting, or revealing to blockchain explorers or end users.

    Often financial institutions begin their journey into digital assets working with a third-party custodian. Institutions can have multiple custodians and need future flexibility to bring these assets in-house to retain ownership of the keys and assets. How can they migrate wallets and seeds, which can be responsible for millions of dollars, between providers?

  • "Bring-Your-Own-Seed" enables clients to avoid on-chain transaction fees and provides a flexible and secure methodology to prevent vendor lock-in, IBM included.
  • Transact directly from offline, air-gapped cold storage.

    Cold storage is used to keep assets secured offline and typically without internet access, requiring a high level of isolation, typically implemented using air-gapped servers. This type of implementation poses challenges when moving from cold to warm storage, often involving USB sticks and manual key transit, leading to both operational and security risks.

    Only LinuxONE provides partitions that are certified with Common Criteria EAL 5+ isolation. This certification demonstrates a higher level of isolation than air-gapped servers.

z/VM support for IBM LinuxONE Emperor 4

The z/VM 7.1 and z/VM 7.2 PTFs for APAR VM66532 provide support to enable guests to exploit function on IBM LinuxONE Emperor 4, including:

  • Imbedded AI acceleration designed to reduce the overall time required to execute CPU operations for neural networking processing functions and to help support real-time applications like fraud detection.
  • Compliance-ready CPACF counter support, which provides a means for guests to track cryptographic compliance and instruction use.
  • Breaking Event Address Register (BEAR) enhancement facility designed to improve the ability to debug wild branches.
  • Vector packed decimal enhancements 2, which deliver new instructions intended to provide performance improvements.
  • Reset DAT Protection facility designed to provide a more efficient way to disable DAT protection, such as during copy-on-write or page change tracking operations.
  • Support for the consolidated boot loader designed to provide guest IPL from a SCSI LUN. Note that guest IPL from SCSI, with or without the DUMP option, will now require a minimum guest virtual memory size of 768 MB.
  • RoCE Express3 adapter, enabling guests to exploit Routable RoCE, Zero Touch RoCE, and SMC-R V2 support.
  • CEX8S adapter supported as a dedicated or shared resource. Dedicated guests will be able to take advantage of all functionality available with the CEX8S adapters, including assorted new enhancements and use of quantum-safe APIs.

The PTFs for APAR VM66532 also support CPU/Core topology location information that will be included in z/VM monitor data, providing a better picture of the system for diagnostic and tuning purposes.

The following infrastructure support must be installed on all members within a z/VM Single System Image (SSI) cluster before any member of the cluster is IPLed on LinuxONE Emperor 4:

  • z/VM 7.2 with the PTF for APAR VM66504
  • z/VM 7.1 with the PTFs for APARs VM66206 and VM66504

All IBM LinuxONE Emperor 4 compatibility support will be in the base of z/VM 7.3. For additional information about z/VM 7.3, see Software Announcement ZP22-0116, dated April 5, 2022.

For further details, see the z/VM service required for the IBM z16™ website and the hardware PSP bucket 3911DEVICE z/VM subset.

z/VM new function portal

The z/VM Continuous Delivery News web page is the primary vehicle used by IBM to describe new functions that are planned for z/VM. It is the recommended way to keep track of future development and support plans for the z/VM product. z/VM clients should consider subscribing to this page. For instructions, see the VM Site File Change Notification web page.

Select z/VM 7.2 enhancements delivered during 2021

The following z/VM V7.2 enhancements were delivered during 2021 and provide additional LinuxONE Emperor 4 benefits for z/VM workloads:

  • 4 TB real memory support: With the PTF for APAR VM66173, z/VM delivers support for up to 4 TB of real memory, allowing z/VM systems to address a full 4 TB of first-level (real) memory, doubling the previous supported limit of 2 TB.
  • Dynamic Memory Downgrade support: With the PTF for APAR VM66271, Dynamic Memory Downgrade extends the real storage dynamic management characteristics of z/VM by allowing up to 50% of the real memory to be removed from a running z/VM system. A minimum hardware bundle level is required to avoid a possible downgrade stall. For additional details, see Dynamic Memory Downgrade information.
  • Improved Live Guest Relocation for shared cryptography users: With the PTF for APAR VM66496, Live Guest Relocation for APVIRT cryptographic environments is enabled when the type of shared cryptographic resource on the source system does not match the type on the target system.
  • z/XC support: With the PTFs for APARs VM66201 (CP), VM66425 (CMS), and VM66489 (Perfkit), z/Architecture® Extended Configuration (z/XC) support is provided. Conversational Monitor System (CMS) applications that run in z/Architecture can use multiple address spaces. Programs can use z/Architecture instructions and registers, within the limits of z/CMS support, and can use VM data spaces in the same CMS session.
  • IBM LinuxONE Emperor 4 requires z/CMS and z/XC support to be configured within guest virtual machines that exploit z/VM HCD support. In addition, once applied, the PTF for IOCP APAR VM66549 will require z/CMS support on any LinuxONE server. IOCP support is in the base of z/VM 7.3 and requires z/CMS.
  • Direct-to-Host Service Download support: With the PTF for APAR VM66540, z/VM 7.2 provides an optional way to download service to your z/VM system. A web interface simplifies the downloading of z/VM service that was ordered through IBM Shopz. The service files can be transferred through direct-to-host connection.

KVM support for LinuxONE Emperor 4

  • Newer versions of KVM provide a CPU model to enable guests to exploit function on LinuxONE Emperor 4, including:
    • Imbedded AI acceleration designed to reduce the overall time required to execute CPU operations for neural networking processing functions and to help support real-time applications like fraud detection.
    • Compliance-ready CPACF counter support, which provides a means for guests to track cryptographic compliance and instruction use.
    • Breaking Event Address Register (BEAR) enhancement facility designed to improve the ability to debug several classes of programming errors.
    • Vector packed decimal enhancements 2, which deliver new instructions intended to provide performance improvements.
    • Reset DAT Protection facility designed to provide a more efficient way to handle page table changes in several scenarios.
    • CEX8S adapter supported with dedicated crypto domains. Dedicated crypto domains in the guests will be able to take advantage of all functionality available with the CEX8S adapters, including assorted new enhancements and use of quantum-safe APIs.
    • To exploit those features in a KVM guest, the CPU model for LinuxONE Emperor 4 must be available on the KVM host and is part of RHEL 8.5 Advanced Virtualization and later, SLES 15 SP4 and later, and Ubuntu 21.10 and later.

FICON Express32S

FICON Express32S supports a link data rate of 32 Gbps and auto-negotiation to 16 Gbps and 8 Gbps for synergy with current-generation switches, directors, and storage devices. With support for native FICON, High Performance FICON for zSystems (zHPF), and Fibre Channel Protocol (FCP), the LinuxONE Emperor 4 server is designed to enable an end-to-end 32 Gbps infrastructure to meet the lower latency and increased bandwidth demands of your applications.

The FICON Express32S adapter will work with your existing fiber optic cabling environment, both single-mode and multimode optical cables. The FICON Express32S feature running at end-to-end 32 Gbps link speeds will provide reduced latency for large read and write operations and increased bandwidth compared to the FICON Express16SA and FICON Express16S+ features.

Throughput for the FCP protocol

A FICON Express32S adapter, when defined as CHPID type FCP, conforms to the FCP standard to support attachment of Small Computer Systems Interface (SCSI) devices, to complement the classical storage attachment supported by FICON and zHPF channels.

  • In laboratory measurements using the FCP protocol, LinuxONE Emperor 4 FICON Express32S delivers up to 600,000 IOPS per port for small data block (4 KB) read operations, a 52% increase over LinuxONE III FICON Express16SA. Performance results are based on laboratory measurements on LinuxONE Emperor 4 using an internal microbenchmark to execute FCP I/O operations on FICON Express32S. The FICON Express32S port operated at a 32 Gbps link data rate. The workload consisted of 4 KB read-only data transfer I/O operations. Note: Results may vary.
  • In laboratory measurements using the FCP protocol, a single LinuxONE Emperor 4 FICON Express32S port delivers up to 6,400 MB/s for a mix of large data block (64 KB) read/write operations, 2 times the throughput of an LinuxONE III FICON Express16SA port.
  • Performance results are based on laboratory measurements done on LinuxONE Emperor 4 using an internal microbenchmark to execute FCP I/O operations on a single FICON Express32S port. The FICON Express32S port operated at a 32 Gbps link data rate. The workload consisted of an even mix of 64 KB read/write data transfer I/O operations. Note: Results may vary.
  • In laboratory measurements using the FCP protocol, both ports on LinuxONE Emperor 4 FICON Express32S deliver a total combined throughput of up to 9,700 MB/s for a mix of large data block (64 KB) read/write operations, a 54% increase over the total throughput of LinuxONE III FICON Express16SA. Performance results are based on laboratory measurements done on LinuxONE Emperor 4 using an internal LinuxONE microbenchmark to execute FCP I/O operations on both ports available on FICON Express32S. Both FICON Express32S ports operated at a 32 Gbps link data rate. The workload consisted of an even mix of 64 KB read/write data transfer I/O operations. Note: Results may vary.

The FCP protocol is supported by z/VM and the various Linux distribution. See the Software requirements section for more information.

HMC 2.16.0 highlighted feature enhancements

HMC security enhancements:

  • Additional MFA-supported types and support of additional environments.

    Previously, the HMC provided support for MFA types of Time-based One-Time Password (TOTP) and RSA SecurID. HMC 2.16.0 will now provide support for additional MFA types of the following, using a server connection to the IBM Z MFA component running in an IBM zSystems operating system: Generic RADIUS enables support of all various Remote Authentication Dial-In User Service (RADIUS) factor types; Certificates - Personal Identity Verification (PIV) and Common Access Card (CAC).

    The HMC 2.16.0 supports connections to the IBM Z MFA component running in z/VM and LinuxONE.

  • PCI-DSS compliance for HMC logon.

    HMC 2.16.0 logon controls are being enhanced to address security standards for PCI-DSS.

  • TLS 1.3 support.

    HMC 2.16.0 will support TLS 1.3 as well as TLS 1.2. Clients can choose to only support TLS 1.3 for HMC/SE, but prior to doing so, clients must ensure that all services or servers connecting through the TLS to the HMC/SE support TLS 1.3. These include remote browsing workstations, LDAP authentication servers, Web Services API connections, Fibre Channel End Point Security, FTPS servers, and Single Object Operations.

    Note: TLS 1.0 and TLS 1.1 support will be removed for 2.16.0 HMCs/SEs. Clients must ensure all connecting servers support TLS 1.2 or TLS 1.3.

  • Reduction of default users shipped with HMC/SE, all default users password change.

    In 2020, California instituted an IoT password law requiring any default-shipped passwords to be changed on installation or unique per device shipped. This same type of requirement is expanding worldwide, and starting with LinuxONE Emperor 4, HMC/SE will require new LinuxONE systems default user password changes for all LinuxONE Emperor 4 systems.

    To help manage this requirement, the HMC/SE will limit default user IDs or requirement to ACSADMIN and SERVICE.

    ADVANCED, OPERATOR, STORAGEADMIN, and SYSPROG default users will no longer be shipped.

    Default user roles for ADVANCED, OPERATOR, STORAGEADMIN, and SYSPROG will be shipped, and user IDs can be created from those. Any default user IDs that are part of a previous HMC level can be carried forward to new HMC levels as part of an MES Upgrade or through the selection of User Profile Data for the Save/Restore Customizable Console Data or Configure Data Replication tasks.

    As part of the LinuxONE Emperor 4 installation, HMC/SE ACSADMIN and SERVICE users will be required to make a password logon change on their first user logon.

    Clients are responsible for maintaining passwords, and they especially need to establish a plan for service users.

    Clients should be ready to provide the user ID and password to an IBM Service Support Representative (SSR) upon arrival to the IBM system when servicing the LinuxONE after the initial installation.

    Note that IBM recommends that clients maintain a list of unique service IDs and passwords to accommodate different SSRs servicing the system and avoid sharing user IDs. It is imperative to establish a user ID and password-handling process to avoid any delay of service.

  • Changed default certificate expiration.

    Newly created HMC/SE certificates will now have a default expiration of 398 days, which is being driven by industry security requirements. Clients have the option to modify that expiration time.

    HMC/SE enhancements have been made to notify clients by a hardware message starting at 90 days and other subsequent various days prior to expiration.

    Client certificates managed by the HMC/SE include uses for browser, WS APIs, IBM HMC Mobile, remote syslog server, Fibre Channel End Point Security, Remote Support Facility (RSF) proxy, and MFA.

HMC workspace enhancements:

  • The HMC dashboard replaces the HMC Home tab's Welcome node.

    The toolbar at the top will contain the Helpful link and HMC information. In addition, that HMC dashboard will contain the following HMC widgets, which provide optional and simplified views of previous actions without a significant overhaul of the entire HMC user experience:

    • What's new
    • Systems health
    • Hardware messages
    • Frequently used tasks

    Additional widgets are expected to be added in the future.

  • n-mode Power STP Imminent Disruption Signal option.

    On LinuxONE, losing a Preferred Time Server (PTS) has significant consequences to the timing network and the overall workload execution environment of the IBM zSystems sysplex or to the Linux systems operating in the coordinated timing network. The LinuxONE and the HMC have had longtime automated failover protection for various cases that can arise.

    However, for LinuxONE Emperor 4, because there is no longer an integrated battery facility, support was added by the HMC to allow the client to configure an option to monitor for n-mode power conditions (wall power or line cord loss), and if detected, an automated failover will occur to the Backup Time Server (BTS). Note: You should provide some backup power method to hold power for 60 seconds on the PTS to allow failover to successfully complete.

    There are also Manage System Time user interface controls to manage to failback to the PTS when the full power state is restored. There are also HMC System Events for client awareness through user interface or automation.

  • Base Control Program internal interface (BCPii) enhancements.

    HMC support of BCPii is being enhanced to provide suspend and resume notifications to the operating system side of BCPii when the SE is rebooted for a firmware update, as well as other rarer recovery conditions of when an SE reboot could occur. GDPS will utilize these notifications to generally eliminate BCPii requests while the SE is away. System Automation Processor Operations (SA Proc Ops) and the client's own BCPii automation can also utilize these new notifications.

    The HMC is also adding resiliency for BCPii communication by monitoring for additional conditions of early warning of potential communication issues and executing methods of automatic recovery.

  • HMC Data Replication enhancements.

    The HMC Data Replication support provides an underlying communication framework to allow you to configure user management and associated activation profiles, monitor system event notifications, and access other various controls on a single HMC, and then replicate that to other HMCs so that users only must do the configuration or customization actions once.

    The HMC 2.16.0 has been enhanced to ensure when replication is active, that replication data can only be customized by the user on a primary or peer HMC. Replication data can no longer be changed by a user or automation on a replica HMC other than by the HMC Data Replication framework.

    In addition, the HMC Configure Data Replication task is enhanced to have a panel design like other HMC wizard tasks, which guide the user step-by-step through configuration with an underlying focus on the defined role of an HMC as either a primary, replica, or peer.

  • Remote Code Load (RCL) enhancements.

    LinuxONE Emperor III includes the RCL option for LinuxONE firmware, enabling IBM to upgrade the LinuxONE system remotely through an IBM Z Remote Support Facility (zRSF) using only the outbound connection from the HMC. Clients can choose what and when to be updated, and IBM monitors the entire process remotely and notifies the client upon completion.

    LinuxONE Emperor 4 has incorporated feedback from that LinuxONE III experience, and the following LinuxONE Emperor 4 enhancements are included:

    • HMC 2.16.0 provides the capability for an HMC to do data replication of the RCL authorization token, allowing it to be used on any HMC in the enterprise.
    • IBM Resource Link® provides the capability to reschedule an RCL, such as changing the time or date of the load or the bundle level, without requiring the client to do an HMC RCL Cancel.
    • HMC Mobile provides the ability to generate the HMC authorization and view and cancel scheduled updates.
    • The ability to do a single HMA HMC Remote Code schedule, which ensures both HMCs on the HMAs are updated, including the required action of primary/alternate switch.

IBM HMC Mobile enhancements

HMC Mobile 4.0 provides enhanced logon support for the new HMC 2.16.0 Multi-Factor Authentication types of Generic RADIUS and certificates as well as support for PCI-DSS compliance.

HMC Mobile 4.0 additionally provides support for RCL HMC authorization token generation as well as the ability to view and cancel scheduled updates.

HMC YouTube videos

General documentation on the HMC can be found on HMC Online Help and on IBM Resource Link.

There is additional information about HMC through YouTube videos, which include subject areas like HMC Overview and Management, Access and Security, HMC Mobile, Manage System Time, and Dynamic Partition Manager.

For current videos, see the IBM Z Hardware Management Console Videos website. Monitor the website for videos being added to the IBM HMC playlist, which will include some of the new HMC 2.16.0 features and enhancements.

For HMC 2.16.0, there will no longer be support to configure NTP with Autokey because Autokey is known to not be secure.

On HMCs prior to 2.16.0, access to NTP used to have MD5 as the only supported hashing algorithm. MD5 is no longer secure, official support for MD5 has been withdrawn, and its use is discouraged. For HMC 2.16.0, SHA-512 will be the default hashing algorithm to be selected for new defines. MD5 will be allowed because both the server and client must match, and this change needs to be communicated with external NTP server owners.

5 Based on internal measurements. Results may vary by client based on individual workload, configuration, and software levels. See the website for more details.

6 Consolidating Linux workloads on 5 IBM LinuxONE systems instead of running them on compared x86 servers under similar conditions can reduce energy consumption by 75%, space by 50%, and the CO2e footprint by over 850 metric tons annually.

DISCLAIMER: Compared 5 IBM Machine Type 3931 Max 125 model consists of three CPC drawers containing 125 configurable cores (CPs, zIIPs, or IFLs) and two I/O drawers to support both network and external storage versus 192 x86 systems with a total of 10364 cores. IBM Machine Type 3931 power consumption was based on inputs to the IBM Machine Type 3931 IBM Power Estimation Tool for a memo configuration. x86 power consumption was based on March 2022 IDC QPI power values for 7 Cascade Lake and 5 Ice Lake server models, with 32 to 112 cores per server. All compared x86 servers were 2 or 4 socket servers. IBM Z and x86 are running 24x7x365 with production and nonproduction workloads. Savings assumes a Power Usage Effectiveness (PUE) ratio of 1.57 to calculate additional power for data center cooling. PUE is based on the Uptime Institute 2021 Global Data Center Survey. CO2e and other equivalencies that are based on the EPA GHG calculator use US National weighted averages. Results may vary based on client-specific usage and location.

7(PCI HSM) :CERTIFICATION for CEX7S: 7.3 (cert# 4-20358)

8(PCI-HSM) :CERTIFICATION for CCA 6.6/CEX6S (3w review) (WRAPENH3) (cert# 4-20333)



Back to topBack to top

Statement of general direction

Top rule

Removal of support for OSE CHPID type: IBM LinuxONE Emperor 4 will be the last LinuxONE server to support OSE networking channels. IBM zSystems support for the Systems Network Architecture (SNA) protocol being transported natively out of the server using OSA-Express 1000BASE-T adapters configured as channel type OSE will be eliminated after LinuxONE Emperor 4. Client applications that rely on the SNA protocol and use OSE networking channels as the transport, as opposed to FICON® CTC, must either migrate to TCP/IP, or the networking configuration of the operating system image must be updated to make use of some form of SNA over IP technology.

Removal of support for OSA-Express 1000BASE-T hardware adapters: LinuxONE Emperor 4 will be the last LinuxONE server to support OSA-Express 1000BASE-T hardware adapters (#0426, #0446, and #0458). Definition of all valid OSA CHPID types will be allowed only on OSA-Express GbE adapters, and potentially higher bandwidth fiber Ethernet adapters on future servers.

Transition to PCIe-based adapters like RoCE Express as the strategic adapter for LinuxONE: In the future, IBM plans to shift from OSA-Express to PCIe-based networking devices like RoCE Express as the target strategic adapter type for direct access networking connection to Linux® operating systems on IBM LinuxONE. MES updates between generations are planned to be supported. Clients using z/VM® to provide connectivity through the z/VM Virtual Switch on LinuxONE will be unaffected by this change. Linux on LinuxONE networking currently supports two Ethernet networking connectivity options: the OSA-Express adapter family and the RoCE Express adapter family. Use of PCIe-based networking devices as provided by the RoCE Express adapter family is aligned with the deployment model for Linux on other architectural platforms, facilitates use of broader existing Linux ecosystem tooling, and eases the effort to enable exploitation of industry hardware optimizations and integrate into industry software-defined networking models and tools, including Red Hat OpenShift Container Platform (OCP). Clients are strongly encouraged to plan accordingly for their adoption of RoCE Express adapters for Linux on LinuxONE networking connectivity. IBM plans to continue to work toward common networking adapters for all operating systems on LinuxONE.

Capacity on demand (CoD) legacy automation: LinuxONE Emperor 4 is planned to be the last LinuxONE server to support Legacy CoD unique record type automation interfaces. Clients should begin migrating to the new CoD flexible record structure interface. Prior to IBM z10, automation interfaces for CoD were unique for each record type. The IBM z10 server introduced new automation interfaces for CoD, which used flexible record structures that could apply to any CoD temporary record, and attributes of temporary capacity records are returned as an XML structure.

Firmware update process: LinuxONE Emperor 4 is planned to be the last LinuxONE server to support IBM service support representatives (SSRs) onsite performing firmware updates without an additional premium service contract. The IBM zSystems Remote Code Load (RCL) option, which was introduced on IBM z15™ and LinuxONE III, is available without an additional premium service contract. With LinuxONE III, and now LinuxONE Emperor 4, clients can request a remote code load or they can choose the SSR onsite method for their firmware update. IBM recommends that clients try the RCL option on LinuxONE III or LinuxONE Emperor 4 to see for themselves that IBM provides the same quality service through RCL.

Statements by IBM regarding its plans, directions, and intent are subject to change or withdrawal without notice at the sole discretion of IBM. Information regarding potential future products is intended to outline general product direction and should not be relied on in making a purchasing decision. The information mentioned regarding potential future products is not a commitment, promise, or legal obligation to deliver any material, code, or functionality. Information about potential future products may not be incorporated into any contract. The development, release, and timing of any future features or functionality described for IBM products remain at the sole discretion of IBM.



Back to topBack to top

Reference information

Top rule

For more information about IBM z16™, see Hardware Announcement ZG22-0001, dated April 05, 2022.

For more information about IBM z/VM 7.3, see Software Announcement ZP22-0044, dated September 13, 2022.

For more information about the IBM Cloud Infrastructure Center 1.1.6 Preview, see Software Announcement ZP22-0334, dated August 23, 2022.

For more information about IBM Cloud Infrastructure Center 1.1.5, see Software Announcement ZP22-0137, dated March 01, 2022.

For more information about LinuxONE III Model LT1 and LT2 Enhancements 2021 2Q, see Hardware Announcement ZG21-0038, dated May 04, 2021.

For more information about Z/VM 7.2, see Software Announcement ZP20-0384, dated August 04, 2020.

For more information about LinuxONE III Model LT1 and LT2 Enhancements, see Hardware Announcement ZG20-0095, dated August 04, 2020.

For more information about IBM LinuxONE III LT2, see Hardware Announcement ZG20-0018, dated April 14, 2020.

For more information about the IBM LinuxONE III, see Hardware Announcement ZG19-0019, dated September 12, 2019.



Back to topBack to top

Product number

Top rule

Description Machine type Model Feature number
IBM LinuxONE Emperor 4 3931 LA1  
MTU 1 - D     0001
MTU 100 -D     0002
MTU 1 -V     0003
MTU 100 -V     0004
GTU 1 - D     0005
GTU 100 - D     0006
GTU 1 -V     0007
GTU 100 -V     0008
GTU 1000 - D     0009
GTU 1000 - V     0010
Non RSF On/Off CoD     0032
Serv Docs Optional Print     0033
RFID Tag     0035
RFID Tag     0036
TKE Rack Mount     0057
TKE     0058
OEM Generic Indicator     0093
WWPN Persistence     0099
Secure Execution for Linux     0115
IBM Z HW Mgmt Appliance     0129
Fanout Airflow PCIe     0137
TKE Tower     0144
TKE Rack     0145
TKE Rack Keybd/Monitor/Mouse     0156
TKE Table Top KMM     0157
PCIe+ fanout     0175
ICA SR1.1     0176
Client Must Provide TKE KMM     0190
3906 w/o TEIO & w/o HtR     0201
3906 w/TEIO & w/o HtR     0202
3906 w/o TEIO & w/HtR     0203
3906 w/TEIO & w/HtR     0204
TKE Rack     0233
TKE Tower     0234
DPM     0250
Flexible Cap 1 Unit     0317
Flexible Cap 100 Units     0318
Flexible Cap 10000 Units     0319
Flexible Cap IFL     0320
IBM Regional Cores Number     0329
Flexible Capacity Record     0376
Flexible Cap Term Years     0377
Flexible Capacity 1 Unit Year     0378
Flexible Capacity 100 Units Year     0379
Flexible Capacity 10000Units Year     0380
Flexible Cap IFL Year     0381
Flexible Cap 100 IFL Year     0382
PCIe Interconnect® Gen4     0421
Coupling Express2 LR     0434
10GbE RoCE Express3 SR     0440
10GbE RoCE Express3 LR     0441
NVMe Carrier1.1     0448
25GbE RoCE Express3 SR     0452
25GbE RoCE Express3 LR     0453
OSA-Express7S GbE LX 1.2     0454
OSA-Express7S GbE SX 1.2     0455
OSA-Express7S 10 GbE LR 1.2     0456
OSA-Express7S 10 GbE SR 1.2     0457
OSA-Express7S 1000BASE-T 1.2     0458
OSA-Express7S 25 GbE SR 1.2     0459
OSA-Express7S 25 GbE LR 1.2     0460
FICON Express32S LX     0461
FICON Express32S SX     0462
Model LA1     0509
8561 RCU A Frame w/o Ht Red     0546
8561 RCU B Frame w/o Ht Red     0547
8561 RCU C Frame w/o Ht Red     0548
8561 RCU Z Frame w/o Ht Red     0549
8561 RCU A Frame w/ Ht Red     0550
8561 RCU B Frame w/ Ht Red     0551
8561 RCU C Frame w/ Ht Red     0552
8561 RCU Z Frame w/ Ht Red     0553
8561 WCU A Frame w/o Ht Red     0554
8561 WCU B Frame w/o Ht Red     0555
8561 WCU C Frame w/o Ht Red     0556
8561 WCU Z Frame w/o Ht Red     0557
8561 WCU A Frame w/ Ht Red     0558
8561 WCU B Frame w/ Ht Red     0559
8561 WCU C Frame w/ Ht Red     0560
8561 WCU Z Frame w/ Ht Red     0561
CPC PSU     0642
IBM Virtual Flash Memory     0644
Ethernet Switch     0647
Bulk Power Assembly     0648
Max39     0667
Max82     0668
Max125     0669
Max168     0670
Max200     0671
32 GB USB Load Media     0843
No Physical Media     0846
32 GB USB Backup Media     0848
TKE 10.0 LIC     0882
TKE Smart Card Reader     0891
TKE addl smart cards     0900
Crypto Express8S (2 HSM)     0908
Crypto Express8S (1 HSM)     0909
US TAA Compliance Indicator     0983
STP Enablement     1021
EMEA Special Operations     1022
Endpoint Security Enablement     1146
32 GB Mem DIMM (8/feat)     1746
64 GB Mem DIMM (8/feat)     1747
128 GB Mem DIMM (8/feat)     1748
256 GB Mem DIMM (8/feat)     1749
LICCC Ship Via Net Ind     1750
CP4     1955
IFL     1959
Unassigned IFL     1962
SAP (optional)     1963
32 GB Flex Memory     1964
64 GB Flex Memory     1965
256 GB Flex Memory     1966
64 GB VFM Flex Memory     1967
32 GB Memory Cap Incr     1968
64 GB Memory Cap Incr     1969
256 GB Memory Cap Incr     1970
512 GB Memory     2825
576 GB Memory     2826
640 GB Memory     2827
704 GB Memory     2828
768 GB Memory     2829
896 GB Memory     2830
1024 GB Memory     2831
1152 GB Memory     2832
1280 GB Memory     2833
1408 GB Memory     2834
1536 GB Memory     2835
1664 GB Memory     2836
1792 GB Memory     2837
1920 GB Memory     2838
2048 GB Memory     2839
2304 GB Memory     2840
2560 GB Memory     2841
2816 GB Memory     2842
3072 GB Memory     2843
3328 GB Memory     2844
3584 GB Memory     2845
3840 GB Memory     2846
4352 GB Memory     2847
4864 GB Memory     2848
5376 GB Memory     2849
5888 GB Memory     2850
6400 GB Memory     2851
6912 GB Memory     2852
7424 GB Memory     2853
7936 GB Memory     2854
8448 GB Memory     2855
8960 GB Memory     2856
9472 GB Memory     2857
9984 GB Memory     2858
10496 GB Memory     2859
11008 GB Memory     2860
11520 GB Memory     2861
12032 GB Memory     2862
12544 GB Memory     2863
13056 GB Memory     2864
13568 GB Memory     2865
14080 GB Memory     2866
14592 GB Memory     2867
15104 GB Memory     2868
15616 GB Memory     2869
16128 GB Memory     2870
16640 GB Memory     2871
17152 GB Memory     2872
18176 GB Memory     2873
19200 GB Memory     2874
20224 GB Memory     2875
21248 GB Memory     2876
22272 GB Memory     2877
23296 GB Memory     2878
24320 GB Memory     2879
25344 GB Memory     2880
26368 GB Memory     2881
27392 GB Memory     2882
28416 GB Memory     2883
29440 GB Memory     2884
30464 GB Memory     2885
31488 GB Memory     2886
32512 GB Memory     2887
34560 GB Memory     2888
36608 GB Memory     2889
38656 GB Memory     2890
40704 GB Memory     2891
CPC1 Reserve     2981
CPC2 Reserve     2982
Balanced Power Plan Ahead     3003
BPR Pair     3017
Lift Tool Kit     3100
Extension Ladder     3101
Fill and Drain Kit     3393
MSS Sales Flag D     3666
CPACF Enablement     3863
PCIe+ I/O Drawer     4023
A Frame Radiator     4040
B Frame Radiator     4041
B Frame No Cooling     4042
Z Frame     4043
C Frame     4044
400 Capacity Marker     5409
401 Capacity Marker     5410
FQC Bracket & Mounting Hdw     5827
PRC Tokens     6803
PRC Tokens Alteration     6804
Additional CBU Test     6805
PRC 1 MSU day     6806
PRC 100 MSU days     6807
PRC 10000 MSU days     6808
PRC 1 IFL day     6809
PRC 100 IFL days     6810
PRC 1 SAP day     6815
PRC 100 SAP days     6816
Total CBU Years Ordered     6817
CBU Records Ordered     6818
Single CBU IFL Year     6822
25 CBU IFL Year     6823
Single CBU SAP Year     6830
25 CBU SAP Year     6831
CBU Replenishment     6832
OPO Sales Flag     6835
OPO Sales Flag-Alteration     6836
Flex Cap Perpetual License     7805
Flexible Cap Term License     7806
Top Exit Cabling w/o Tophat     7816
Top Exit Cabling w/Top Hat     7898
Bottom Exit Cabling     7899
Non Raised Floor Support     7998
19in Earthquake Kit, RF     8014
19in Earthquake Kit, NRF     8015
Zero-Way Processor CP4     8023
1-Way Processor CP4     8024
Multi Order Ship Flag     9000
Multi Order Rec Only Flag NB     9001
Multi Order Rec Only Flag MES     9002
RPO Action Flag     9003
Downgraded PUs Per Request     9004
On Off CoD Act 100 IFL Days     9874
On Off CoD Act 100 SAP Days     9878
On Off CoD Act IFL Days     9888
On Off COD authorization     9896
Perm upgr authorization     9898
CIU Activation (Flag)     9899
On Line CoD Buying (Flag)     9900
PRC Tokens Authorization     9904
On Off CoD Act SAP Days     9909
CBU authorization     9910
OPO Sales authorization     9913
1 MSU day     9917
100 MSU days     9918
10000 MSU days     9919
1 IFL day     9920
100 IFL Days     9921
Flex Capacity Authorization     9933
Height Reduce Ship     9975

Description Machine type Model Feature number
TKE Table Top KMM     0157

Description Machine type Model Feature number
32A/380-415V 3Ph Wye     7947
32A/380-415V 3Ph Wye LSZH     7948
60A/250V w/Cut End     7955
32A/380-415V Cut End     7957
32A/380-415V Cut End LSZH     7958
60A/250V w/Cut End LSZH     7965
60A/250V 3Ph w/Cut End     7972
60A/250V w/Cut End LSZH     7973

Description Machine type Model Feature number
200-280V 30/60A, 3 Ph PDU     0645
380-415V 32A, 3 Ph WYE PDU     0646

Description Machine type Model Feature number
IBM LinuxONE Emperor 4 3931 LA1  
TKE Rack Mount     0057
TKE     0058
TKE Tower     0144
TKE Rack     0145
TKE Rack KMM     0156
TKE Rack     0233
TKE Tower     0234
TKE 10.0 LIC     0882

Description Machine type Model Feature number
IBM LinuxONE Emperor 4 3931 LA1  
TKE Table Top KMM     0157

Features that may carry forward on an upgrade:

Note: IBM LinuxONE Emperor 4 refresh does not support carry forward from older models.

Model conversions

From Machine type From Model To Machine type To Model  
3931 LA1 3931 A01 (*)

Parts removed as a result of a model conversion become the property of IBM.

Feature conversions

From   To    
M/T F/C M/T F/C Description
3931 1959 3931 1963 (*) IFL to SAP(opt)
3931 1959 3931 1962 (*) IFL to uIFL
3931 1963 3931 1959 (*) SAP(opt) to IFL
3931 1963 3931 1962 (*) SAP(opt) to uIFL
3931 1962 3931 1959 (*) uIFL to IFL
3931 1962 3931 1963 (*) uIFL to SAP(opt)
3931 0509 3931 0508 (*) LA1 to A01
3931 0667 3931 0668 (*) Max39 to Max82
3931 0667 3931 0669 (*) Max39 to Max125
3931 0668 3931 0669 (*) Max82 to Max125
3931 8023 3931 8024 (*) 400 to 401
3931 8024 3931 8023 (*) 401 to 400


Back to topBack to top

Publications

Top rule

The following publications are available now in the "Library" section of Resource Link®.

Title Order number
3931 Installation Manual for Physical Planning (IMPP) GC28-7015
PR/SM Planning Guide SB10-7178
IOCP User's Guide for ICP IOCP SB10-7177
Planning for Fiber Optic Links (FICON/FCP, Coupling Links, OSA, and zHyperLink Express) GA23-1409

The following publication is shipped with the product:

Title Order number
3931 Installation Manual GC28-7017

The following publications are available now in the "Library" section of Resource Link.

Title Order number
3931 Safety Inspection GC28-7014
Service Guide for TKE Workstations (Version 7.0) GC28-7020
Systems Safety Notices G229-9054
IBM Important Notices G229-9056
Statement of Limited Warranty Part 3 - Warranty Information GC28-7013
License Agreement for Machine Code SC28-6872
License Agreement for Machine Code Addendum for Cryptography GC27-2635
Systems Environmental Notices and User Guide Z125-5823

The following publications will be available at planned availability in the Library section of Resource Link:

Title Order number
3931 Service Guide GC28-7018
3931 Parts Catalog GC28-7019
Service Guide for 2461 Hardware Management Console GC28-7021
Service Guide for 2461 Support Element GC28-7022
SNMP Application Programming Interfaces SB10-7179
Capacity on Demand User's Guide SC28-7025
CHPID Mapping Tool User's Guide GC28-7024
Hardware Management Console Web Services API (V2.16.0) SC27-2642
IBM Dynamic Partition Manager (DPM) Guide SB10-7182
Secure Service Container User's Guide SC28-7028
Stand-Alone IOCP User's Guide SB10-7180
FICON CTC Reference SB10-7181
Maintenance Information for Fiber Optics (FICON/FCP, Coupling Links, OSA, and zHyperLink Express) SY27-7697
Integrating the HMC's Broadband RSF into your Enterprise SC28-7026
Hardware Management Console Security SC28-7027
Remote Code Load for IBM Z Firmware SC28-7044
SCSI IPL -- Machine Loader Messages SC28-7029
OSA-Express Customer's Guide and Reference SA22-7935
OSA/SF on the Hardware Management Console SC14-7580
OSA Integrated Console Controller User's Guide SC27-9003

Resource Link

You can find information about Linux on IBM Z and IBM LinuxONE at this link.

Using the instructions on the Resource Link panels, obtain a user ID and password. Resource Link has been designed for easy access and navigation.

HMC and SE console documentation

At planned availability, the Hardware Management Console (HMC) and Support Element (SE) console documentation (Version 2.16.0) will be available from IBM Resource Link and the consoles.

For HMC videos, go to the IBM Z Hardware Management Console Videos web page.

IBM Documentation

IBM Documentation provides a modernized user experience and makes it easier to find IBM product information for systems hardware, operating systems, and server software. Through a consistent framework, you can efficiently find information and personalize your access. For IBM zSystems publications, go to IBM Documentation.

The following Redbooks® publications are available now. To order, contact your IBM representative.

Title Order number
Technical Introduction SG24-8950-00
Technical Guide SG24-8951-00
Connectivity Handbook SG24-5444-21
IBM Z Functional Matrix REDP-5157-06

To download these Redbooks publications, go to the IBM Z Redbooks website.

For other IBM Redbooks publications, go to the main IBM Redbooks website.

To access the IBM Publications Center Portal, go to the IBM Publications Center website.

The Publications Center is a worldwide central repository for IBM product publications and marketing material with a catalog of 70,000 items. Extensive search facilities are provided. A large number of publications are available online in various file formats, which can currently be downloaded.


National language support

Not applicable



Back to topBack to top

Services

Top rule

IBM Consulting™

As transformation continues across every industry, businesses need a single partner to map their enterprise-wide business strategy and technology infrastructure. IBM Consulting is the business partner to help accelerate change across an organization. IBM specialists can help businesses succeed through finding collaborative ways of working that forge connections across people, technologies, and partner ecosystems. IBM Consulting brings together the business expertise and an ecosystem of technologies that help solve some of the biggest problems faced by organizations. With methods that get results faster, an integrated approach that is grounded in an open and flexible hybrid cloud architecture, and incorporating technology from IBM Research® and IBM Watson® AI, IBM Consulting enables businesses to lead change with confidence and deliver continuous improvement across a business and its bottom line.

For additional information, see the IBM Consulting website.

IBM Technology Support Services (TSS)

TSS helps organizations plan, deploy, support, operate and refresh the foundation for their hybrid cloud and enterprise IT data centers. Deep expertise in IBM Systems, open source and third-party vendors, streamlined processes and advanced technologies such as AI, enable organizations to protect their infrastructure investment and consistently maintain high availability for mission-critical workloads across the product lifecycle.

IBM Technology Services, formerly known as IBM Systems Lab Services, is part of TSS. Technology Services offers a wide range of infrastructure services for IBM Power servers, IBM Storage systems, IBM zSystems, IBM LinuxONE, Red Hat, and open source software. Technology Services has a global presence and can deploy consultants online or onsite. Consultants have deep technical expertise, valuable tools, and successful methodologies. Technology Services is designed to help organizations solve business challenges, gain new skills, and apply best practices.

For more information about IBM's infrastructure support and services, see the Technology Lifecycle Services for your hybrid cloud infrastructure web page.

IBM Expert Labs

Expert Labs can help clients accelerate their projects and optimize value by leveraging their deep technical skills and knowledge. With more than 20 years of industry experience, these specialists know how to overcome the biggest challenges to deliver business results that can have an immediate impact.

Expert Labs' deep alignment with IBM product development allows for a strategic advantage as they are often the first in line to get access to new products, features, and early visibility into roadmaps. This connection with the development enables them to deliver First of a Kind implementations to address unique needs or expand a client's business with a flexible approach that works best for their organization.

For additional information, see the IBM Expert Labs website.

IBM Security® Expert Labs

With extensive consultative expertise on IBM Security software solutions, Security Expert Labs helps clients and partners modernize the security of their applications, data, and workforce. With an extensive portfolio of consulting and learning services, Expert Labs provides project-based and premier support service subscriptions.

These services can help clients deploy and integrate IBM Security software, extend their team resources, and help guide and accelerate successful hybrid cloud solutions, including critical strategies such as zero trust. Remote and on-premises software deployment assistance is available for IBM Cloud Pak® for Security, IBM Security QRadar®/QRoC, IBM Security QRadar SOAR, IBM Security Verify, IBM Security Guardium®, and IBM Security MaaS360®.

For more information, contact Security Expert Labs at sel@us.ibm.com.

For additional information, see the IBM Security Expert Labs website.



Back to topBack to top

IBM support

Top rule

For installation and technical support information, see the IBM Support.



Back to topBack to top

Additional support

Top rule

IBM Client Engineering for Systems

Client Engineering for Systems is a framework for accelerating digital transformation. It helps you generate innovative ideas and equips you with the practices, technologies, and expertise to turn those ideas into business value in weeks. When you work with Client Engineering for Systems, you bring pain points into focus. You empower your team to take manageable risks, adopt leading technologies, speed up solution development, and measure the value of everything you do. Client Engineering for Systems has experts and services to address a broad array of use cases, including capabilities for business transformation, hybrid cloud, analytics and AI, infrastructure systems, security, and more. Contact Client Engineering at sysgarage@ibm.com.



Back to topBack to top

Technical information

Top rule

Specified operating environment

Physical specifications

The physical specifications for LinuxONE Emperor 4 Model LA1 are now available in the Library section of Resource Link in the Installation Manual for Physical Planning (IMPP).

This information can be obtained at Resource Link.

Using the instructions on the Resource Link panels, obtain a user ID and password.

Resource Link has been designed for easy access and navigation.

Operating environment

The operating environment information for LinuxONE Emperor 4 Model LA1 is now available in the Library section of Resource Link in the Installation Manual for Physical Planning (IMPP).

This information can be obtained at Resource Link.

Using the instructions on the Resource Link panels, obtain a user ID and password.

Resource Link has been designed for easy access and navigation.

Hardware requirements

The hardware requirements for the IBM zSystems servers, features, and functions are identified. A new driver level is required.

HMC (V2.16.0) plus MCLs and the Support Element (V2.16.0) are planned to be available on September 13, 2022. You should review the PSP buckets for minimum Machine Change Levels (MCLs) and software PTF levels before IPLing operating systems.

Machine family Machine type Firmware driver SE version
LinuxONE Emperor 4 3931 51 2.16.0
LinuxONE LT1 and LT2 8561, 8562 41 2.15.0
LinuxONE Emperor II 3906 36 2.14.1
LinuxONE Rockhopper II 3907 36 2.14.1

Software requirements

IBM LinuxONE Emperor 4 requires at a minimum:

  • z/VM 7.3
  • z/VM 7.2 with PTFs
  • z/VM 7.1 with PTFs
  • Linux: IBM supports running the following Linux on IBM Z distributions on IBM LinuxONE Emperor 4:
    • SUSE Linux Enterprise Server: SLES 15 SP3 with service and SLES 12 SP5 with service.
    • Red Hat Enterprise Linux: RHEL 9.0 with service, RHEL 8.4 with service, and RHEL 7.9 with service.
    • Canonical: Ubuntu 22.04 LTS with service and Ubuntu 20.04 LTS with service.
    • The support statements for IBM LinuxONE Emperor 4 also cover the KVM hypervisor on distribution levels that have KVM support:
      • SLES 15 SP3 with service and SLES 12 SP5 with service
      • RHEL 9.0 with service and RHEL8.4 with service
      • Ubuntu 22.04 LTS with service and Ubuntu 20.04 LTS with service
    • For the minimum required and recommended distribution levels, see Linux on IBM Z tested platforms website.

    The support statements for LinuxONE Emperor 4 also cover the KVM hypervisor on distribution levels that have KVM support:

    • Supported distributions are supported as KVM guests.
    • Supported distributions except RHEL 7.9 are supported as KVM hosts.

Linux distributions named here are minimum levels; for example, "RHEL 8.4" implies "RHEL 8.6".

The following software requirements are listed for features and capabilities supported on LinuxONE Emperor 4:

FICON Express32S (CHPID type FC) when utilizing FICON or Channel-to-Channel (CTC), requires at a minimum:

  • z/VM 7.3
  • z/VM 7.2
  • z/VM 7.1
  • Linux: IBM supports:
    • SUSE Linux Enterprise Server: SLES 15 SP3 with service and SLES 12 SP5 with service
    • Red Hat Enterprise Linux: RHEL 9.0 with service, RHEL 8.4 with service, and RHEL 7.9 with service
    • Canonical: Ubuntu 22.04 LTS with service and Ubuntu 20.04 LTS with service

FICON Express32S (CHPID type FC), for support of zHPF single-track operations, requires at a minimum:

  • z/VM 7.3
  • z/VM 7.2
  • z/VM 7.1
  • Linux: IBM supports:
    • SUSE Linux Enterprise Server: SLES 15 SP3 with service and SLES 12 SP5 with service
    • Red Hat Enterprise Linux: RHEL 9.0 with service, RHEL 8.4 with service, and RHEL 7.9 with service
    • Canonical: Ubuntu 22.04 LTS with service and Ubuntu 20.04 LTS with service

FICON Express32S (CHPID type FC), for support of zHPF multitrack operations, requires at a minimum:

  • z/VM 7.3
  • z/VM 7.2
  • z/VM 7.1
  • Linux: IBM supports:
    • SUSE Linux Enterprise Server: SLES 15 SP3 with service and SLES 12 SP5 with service
    • Red Hat Enterprise Linux: RHEL 9.0 with service, RHEL 8.4 with service, and RHEL 7.9 with service
    • Canonical: Ubuntu 22.04 LTS with service and Ubuntu 20.04 LTS with service

FICON Express32S (CHPID type FCP), for support of SCSI devices, requires at a minimum:

  • z/VM 7.3
  • z/VM 7.2
  • z/VM 7.1
  • Linux: IBM supports:
    • SUSE Linux Enterprise Server: SLES 15 SP3 with service and SLES 12 SP5 with service
    • Red Hat Enterprise Linux: RHEL 9.0 with service, RHEL 8.4 with service, and RHEL 7.9 with service
    • Canonical: Ubuntu 22.04 LTS with service and Ubuntu 20.04 LTS with service

FICON Express32S (CHPID type FCP) support of hardware data router requires at a minimum:

  • z/VM 7.3 for guest exploitation
  • z/VM 7.2 for guest exploitation
  • z/VM 7.1 for guest exploitation
  • Linux: IBM supports:
    • SUSE Linux Enterprise Server: SLES 15 SP3 with service and SLES 12 SP5 with service
    • Red Hat Enterprise Linux: RHEL 9.0 with service, RHEL 8.4 with service, and RHEL 7.9 with service
    • Canonical: Ubuntu 22.04 LTS with service and Ubuntu 20.04 LTS with service

T10-DIF support by the FICON Express32S features, when defined as CHPID type FCP, require at a minimum:

  • z/VM 7.3 for guest exploitation
  • z/VM 7.2 for guest exploitation
  • z/VM 7.1 for guest exploitation
  • Linux: IBM supports:
    • SUSE Linux Enterprise Server: SLES 15 SP3 with service and SLES 12 SP5 with service
    • Red Hat Enterprise Linux: RHEL 9.0 with service, RHEL 8.4 with service, and RHEL 7.9 with service
    • Canonical: Ubuntu 22.04 LTS with service and Ubuntu 20.04 LTS with service

OSA-Express7S GbE LX 1.2 (#0454) and GbE SX 1.2 (#0455) require at a minimum:

CHPID type OSC:

  • z/VM 7.3
  • z/VM 7.2
  • z/VM 7.1
  • Linux: IBM supports:
    • SUSE Linux Enterprise Server: SLES 15 SP3 with service and SLES 12 SP5 with service
    • Red Hat Enterprise Linux: RHEL 9.0 with service, RHEL 8.4 with service, and RHEL 7.9 with service
    • Canonical: Ubuntu 22.04 LTS with service and Ubuntu 20.04 LTS with service

CHPID type OSD:

  • z/VM 7.3
  • z/VM 7.2
  • z/VM 7.1
  • Linux: IBM supports:
    • SUSE Linux Enterprise Server: SLES 15 SP3 with service and SLES 12 SP5 with service
    • Red Hat Enterprise Linux: RHEL 9.0 with service, RHEL 8.4 with service, and RHEL 7.9 with service
    • Canonical: Ubuntu 22.04 LTS with service and Ubuntu 20.04 LTS with service

CHPID type OSD without maximum port exploitation (one port on the PCIe adapter is available for use):

  • z/VM 7.3
  • z/VM 7.2
  • z/VM 7.1
  • Linux: IBM supports:
    • SUSE Linux Enterprise Server: SLES 15 SP3 with service and SLES 12 SP5 with service
    • Red Hat Enterprise Linux: RHEL 9.0 with service, RHEL 8.4 with service, and RHEL 7.9 with service
    • Canonical: Ubuntu 22.04 LTS with service and Ubuntu 20.04 LTS with service

OSA-Express7S 10 GbE LR 1.2 (#0456) and 10 GbE SR 1.2 (#0457) require at a minimum:

CHPID type OSD:

  • z/VM 7.3
  • z/VM 7.2
  • z/VM 7.1
  • Linux: IBM supports:
    • SUSE Linux Enterprise Server: SLES 15 SP3 with service and SLES 12 SP5 with service
    • Red Hat Enterprise Linux: RHEL 9.0 with service, RHEL 8.4 with service, and RHEL 7.9 with service
    • Canonical: Ubuntu 22.04 LTS with service and Ubuntu 20.04 LTS with service

OSA-Express7S 25 GbE LR 1.2 (#0460) and OSA-Express7S 25 GbE SR 1.2 (#0459) require at a minimum:

CHPID type OSD:

  • z/VM 7.3
  • z/VM 7.2
  • z/VM 7.1
  • Linux: IBM supports:
    • SUSE Linux Enterprise Server: SLES 15 SP3 with service and SLES 12 SP5 with service
    • Red Hat Enterprise Linux: RHEL 9.0 with service, RHEL 8.4 with service, and RHEL 7.9 with service
    • Canonical: Ubuntu 22.04 LTS with service and Ubuntu 20.04 LTS with service

OSA-Express7S 1000BASE-T Ethernet 1.2 (#0458) requires at a minimum:

CHPID type OSD with exploitation of two ports per CHPID:

  • z/VM 7.3
  • z/VM 7.2
  • z/VM 7.1
  • Linux: IBM supports:
    • SUSE Linux Enterprise Server: SLES 15 SP3 with service and SLES 12 SP5 with service
    • Red Hat Enterprise Linux: RHEL 9.0 with service, RHEL 8.4 with service, and RHEL 7.9 with service
    • Canonical: Ubuntu 22.04 LTS with service and Ubuntu 20.04 LTS with service

CHPID type OSD without maximum port exploitation (one port on the PCIe adapter is available for use):

  • z/VM 7.3
  • z/VM 7.2
  • z/VM 7.1
  • Linux: IBM supports:
    • SUSE Linux Enterprise Server: SLES 15 SP3 with service and SLES 12 SP5 with service
    • Red Hat Enterprise Linux: RHEL 9.0 with service, RHEL 8.4 with service, and RHEL 7.9 with service
    • Canonical: Ubuntu 22.04 LTS with service and Ubuntu 20.04 LTS with service

Checksum offload for IPv6 packets (CHPID type OSD):

  • z/VM 7.3 for guest exploitation
  • z/VM 7.2 for guest exploitation
  • z/VM 7.1 for guest exploitation
  • Linux: IBM supports:
    • SUSE Linux Enterprise Server: SLES 15 SP3 with service and SLES 12 SP5 with service
    • Red Hat Enterprise Linux: RHEL 9.0 with service, RHEL 8.4 with service, and RHEL 7.9 with service
    • Canonical: Ubuntu 22.04 LTS with service and Ubuntu 20.04 LTS with service

Checksum offload for LPAR-to-LPAR traffic for IPv4 and IPv6 packets (CHPID type OSD):

  • z/VM 7.3 for guest exploitation
  • z/VM 7.2 for guest exploitation
  • z/VM 7.1 for guest exploitation
  • Linux: IBM supports:
    • SUSE Linux Enterprise Server: SLES 15 SP3 with service and SLES 12 SP5 with service
    • Red Hat Enterprise Linux: RHEL 9.0 with service, RHEL 8.4 with service, and RHEL 7.9 with service
    • Canonical: Ubuntu 22.04 LTS with service and Ubuntu 20.04 LTS with service

Crypto Express8S (2 HSM) (#0908) Toleration, which treats Crypto Express8S cryptographic coprocessors and accelerators as Crypto Express7S coprocessors and accelerators, requires at a minimum:

  • z/VM 7.3 for guest exploitation
  • z/VM 7.2 with PTFs for guest exploitation
  • z/VM 7.1 with PTFs for guest exploitation
  • Linux: IBM supports:
    • SUSE Linux Enterprise Server: SLES 15 SP3 with service and SLES 12 SP5 with service
    • Red Hat Enterprise Linux: RHEL 9.0 with service, RHEL 8.4 with service, and RHEL 7.9 with service
    • Canonical: Ubuntu 22.04 LTS with service and Ubuntu 20.04 LTS with service
    • For secure key cryptography downloads for CCA and EP11 are available here

Crypto Express8S (1 HSM) (#0909) Toleration requires at a minimum:

  • z/VM 7.3 for guest exploitation
  • z/VM 7.2 with PTFs for guest exploitation
  • z/VM 7.1 with PTFs for guest exploitation
  • Linux: IBM supports:
    • SUSE Linux Enterprise Server: SLES 15 SP3 with service and SLES 12 SP5 with service
    • Red Hat Enterprise Linux: RHEL 9.0 with service, RHEL 8.4 with service, and RHEL 7.9 with service
    • Canonical: Ubuntu 22.04 LTS with service and Ubuntu 20.04 LTS with service
    • For secure key cryptography downloads for CCA and EP11 are available here

Crypto Express8S (1 HSM) (#0909) support of VISA Format Preserving Encryption requires at a minimum:

  • z/VM 7.3 for guest exploitation
  • z/VM 7.2 with PTFs for guest exploitation
  • z/VM 7.1 with PTFs for guest exploitation
  • Linux: IBM supports exploitation with CCA (downloadable here) for use with:
    • SUSE Linux Enterprise Server: SLES 15 SP3 with service and SLES 12 SP5 with service
    • Red Hat Enterprise Linux: RHEL 9.00 with service, RHEL 8.4 with service, and RHEL 7.9 with service
    • Canonical: Ubuntu 22/04 LTS with service and Ubuntu 20.04 LTS with service

Crypto Express8S (1 HSM) (#0909) Exploitation requires at a minimum:

  • z/VM 7.3 for guest exploitation and exploitation within the z/VM TLS/SSL server
  • z/VM 7.2 with PTFs for guest exploitation and exploitation within the z/VM TLS/SSL server
  • z/VM 7.1 with PTFs for guest exploitation and exploitation within the z/VM TLS/SSL server
  • Linux. IBM is working on providing new downloadables of CCA and EP11 (Enterprise PKCS) that exploit new features of Crypto Express8S.

Crypto Express8S (1 HSM) (#0909) support of PCI-HSM compliance requires at a minimum:

  • z/VM 7.3 for guest exploitation
  • z/VM 7.2 with PTFs for guest exploitation
  • z/VM 7.1 with PTFs for guest exploitation
  • Linux: IBM supports exploitation with CCA (downloadable here) for use with:
    • SUSE Linux Enterprise Server: SLES 15 SP3 with service and SLES 12 SP5 with service
    • Red Hat Enterprise Linux: RHEL 9.00 with service, RHEL 8.4 with service, and RHEL 7.9 with service
    • Canonical: Ubuntu 22/04 LTS with service and Ubuntu 20.04 LTS with service

10 GbE RoCE Express3 SR (#0440), 10 GbE RoCE Express3 LR (#0441) for Shared Memory Communications - Remote Direct Memory Access (SMC-R) requires at a minimum:

  • z/VM 7.3 for guest exploitation
  • z/VM 7.2 with PTFs for guest exploitation
  • z/VM 7.1 with PTFs for guest exploitation
  • Linux: IBM supports:
    • SUSE Linux Enterprise Server: SLES 15 SP3 with service and SLES 12 SP5 with service
    • Red Hat Enterprise Linux: RHEL 9.0 with service and RHEL 8.4 with service
    • Canonical: Ubuntu 22.04 LTS with service and Ubuntu 20.04 LTS with service

25 GbE RoCE Express3 SR (#0452) and 25 GbE RoCE Express3 LR (#0453) for Shared Memory Communications - Remote Direct Memory Access (SMC-R) requires at a minimum:

  • z/VM 7.3 for guest exploitation
  • z/VM 7.2 with PTFs for guest exploitation
  • z/VM 7.1 with PTFs for guest exploitation
  • Linux: IBM supports:
    • SUSE Linux Enterprise Server: SLES 15 SP3 with service and SLES 12 SP5 with service
    • Red Hat Enterprise Linux: RHEL 9.0 with service and RHEL 8.4 with service
    • Canonical: Ubuntu 22.04 LTS with service and Ubuntu 20.04 LTS with service

10 GbE RoCE Express3 SR (#0440), 10 GbE RoCE Express3 LR (#0441) for Ethernet communications (which does not require a peer OSA) including Single Root I/O Virtualization (SR-IOV) requires at a minimum:

  • z/VM 7.3 for guest exploitation
  • z/VM 7.2 with PTFs for guest exploitation
  • z/VM 7.1 with PTFs for guest exploitation
  • Linux: IBM supports:
    • SUSE Linux Enterprise Server: SLES 15 SP3 with service and SLES 12 SP5 with service
    • Red Hat Enterprise Linux: RHEL 9.0 with service, RHEL 8.4 with service, and RHEL 7.9 with service
    • Canonical: Ubuntu 22.04 LTS with service and Ubuntu 20.04 LTS with service

25 GbE RoCE Express3 SR (#0452) and 25 GbE RoCE Express3 LR (#0453) for Ethernet communications (which does not require a peer OSA) including Single Root I/O Virtualization (SR-IOV) requires at a minimum:

  • z/VM 7.3 for guest exploitation
  • z/VM 7.2 with PTFs for guest exploitation
  • z/VM 7.1 with PTFs for guest exploitation
  • Linux: IBM supports:
    • SUSE Linux Enterprise Server: SLES 15 SP3 with service and SLES 12 SP5 with service
    • Red Hat Enterprise Linux: RHEL 9.0 with service, RHEL 8.4 with service, and RHEL 7.9 with service
    • Canonical: Ubuntu 22.04 LTS with service and Ubuntu 20.04 LTS with service

10 GbE RoCE Express3 SR (#0440), 10 GbE RoCE Express3 LR (#441) for TCP/IP requires at a minimum:

  • z/VM 7.3 for guest exploitation
  • z/VM 7.2 with PTFs for guest exploitation
  • z/VM 7.1 with PTFs for guest exploitation
  • Linux: IBM supports:
    • SUSE Linux Enterprise Server: SLES 15 SP3 with service and SLES 12 SP5 with service
    • Red Hat Enterprise Linux: RHEL 9.0 with service, RHEL 8.4 with service, and RHEL 7.9 with service
    • Canonical: Ubuntu 22.04 LTS with service and Ubuntu 20.04 LTS with service

25 GbE RoCE Express 3 SR (#0452) and 25 GbE RoCE Express3 LR (#0453) for TCP/IP requires at a minimum:

  • z/VM 7.3 for guest exploitation
  • z/VM 7.2 with PTFs for guest exploitation
  • z/VM 7.1 with PTFs for guest exploitation
  • Linux: IBM supports:
    • SUSE Linux Enterprise Server: SLES 15 SP3 with service and SLES 12 SP5 with service
    • Red Hat Enterprise Linux: RHEL 9.0 with service, RHEL 8.4 with service, and RHEL 7.9 with service
    • Canonical: Ubuntu 22.04 LTS with service and Ubuntu 20.04 LTS with service

IBM Integrated Coupling Adapter Fanout (ICA SR1.1) (#0176) requires at a minimum:

  • z/VM 7.3 to define, modify, and delete CHPID type CS5 when z/VM is the controlling LPAR for dynamic I/O
  • z/VM 7.2 to define, modify, and delete CHPID type CS5 when z/VM is the controlling LPAR for dynamic I/O
  • z/VM 7.1 to define, modify, and delete CHPID type CS5 when z/VM is the controlling LPAR for dynamic I/O
  • Linux: Although Linux does not exploit coupling links directly, coupling facilities can be used for STP timing purposes. IBM supports STP with:

    • SUSE Linux Enterprise Server: SLES 15 SP3 with service and SLES 12 SP5 with service
    • Red Hat Enterprise Linux: RHEL 9.0 with service, RHEL 8.4 with service, and RHEL 7.9 with service
    • Canonical: Ubuntu 22.04 LTS with service and Ubuntu 20.04 LTS with service

Coupling Express2 LR (#0434) requires at a minimum:

  • z/VM 7.3 to define, modify, and delete CL5 CHPID types when z/VM is the controlling LPAR for dynamic I/O
  • z/VM 7.2 to define, modify, and delete CL5 CHPID types when z/VM is the controlling LPAR for dynamic I/O
  • z/VM 7.1 to define, modify, and delete CL5 CHPID types when z/VM is the controlling LPAR for dynamic I/O
  • Linux: Although Linux does not exploit coupling links directly, coupling facilities can be used for STP timing purposes. IBM supports STP with:

    • SUSE Linux Enterprise Server: SLES 15 SP3 with service and SLES 12 SP5 with service
    • Red Hat Enterprise Linux: RHEL 9.0 with service, RHEL 8.4 with service, and RHEL 7.9 with service
    • Canonical: Ubuntu 22.04 LTS with service and Ubuntu 20.04 LTS with service

CPU Measurement Facility requires at a minimum:

  • z/VM 7.3
  • z/VM 7.2 with PTFs
  • z/VM 7.1 with PTFs
  • Linux: IBM supports:
    • SUSE Linux Enterprise Server: SLES 15 SP3 with service and SLES 12 SP5 with service
    • Red Hat Enterprise Linux: RHEL 9.0 with service, RHEL 8.4 with service, and RHEL 7.9 with service
    • Canonical: Ubuntu 22.04 LTS with service and Ubuntu 20.04 LTS with service

Quantum-safe API support requires at a minimum:

  • z/VM 7.3 for guest exploitation
  • z/VM 7.2 with PTFs for guest exploitation
  • z/VM 7.1 with PTFs for guest exploitation

IBM Fibre Channel Endpoint Security requires at a minimum:

  • z/VM 7.3
  • z/VM 7.2 with PTFs
  • z/VM 7.1 with PTFs
  • Linux: IBM supports:
    • SUSE Linux Enterprise Server: SLES 15 SP3 with service and SLES 12 SP5 with service
    • Red Hat Enterprise Linux: RHEL 9.0 with service, RHEL 8.4 with service, and RHEL 7.9 with service
    • Canonical: Ubuntu 22.04 LTS with service and Ubuntu 20.04 LTS with service

Secure Execution for Linux requires support in the KVM host and the KVM guest, at a minimum:

  • IBM supports running the following Linux distributions as a KVM host on IBM LinuxONE Emperor 4:
    • SUSE Linux Enterprise Server: SLES 15 SP3 with service
    • Red Hat Enterprise Linux: RHEL 9.0 with service and RHEL 8.4 with service
    • Canonical: Ubuntu 20.04 LTS with service and Ubuntu 22.04 LTS with service
  • IBM supports running the following Linux distributions as a KVM guest on IBM LinuxONE Emperor 4:
    • SUSE Linux Enterprise Server: SLES 15 SP3 with service
    • Red Hat Enterprise Linux: RHEL 9.0 with service, RHEL 8.4 with service, and RHEL 7.9 with service
    • Canonical: Ubuntu 22.04 LTS with service and Ubuntu 20.04 LTS with service

IBM LinuxONE Emperor 4 Integrated Accelerator for AI requires at a minimum:

  • z/VM 7.3 for guest exploitation.
  • z/VM 7.2 with PTFs for guest exploitation.
  • z/VM 7.1 with PTFs for guest exploitation.
  • Linux: Applications intending to leverage the Integrated Accelerator for AI may require the zDNN library to be present. The zDNN library is provided with the following Linux distributions:
    • SUSE Linux Enterprise Server: SLES 15 SP4 with service
    • Red Hat Enterprise Linux: RHEL 8.6 with service
    • Canonical: Ubuntu 22.04 LTS with service
  • IBM is working with its Linux distribution partners to provide the zDNN library for future distribution releases.

IBM Cloud Infrastructure Center requires at a minimum:

  • As a managed hypervisor, one of the following:
    • z/VM 7.1, or later
    • KVM based on RHEL 8. 4 with service
  • As a host environment on z/VM or Red Hat KVM, one of the following:
    • RHEL 8.4 with service

Red Hat OpenShift Container Platform 4.10 requires at a minimum virtual machines based on one of the following:

  • z/VM 7.1, or later
  • KVM based on RHEL 8.4 with service

IBM Cloud Paks require at a minimum:

  • Red Hat OpenShift Container Platform 4.10

IBM Cloud Pak for Data on IBM Z requires at a minimum:

  • Red Hat OpenShift Container Platform 4.10

IBM Enterprise Key Management Foundation - Web Edition 2.1 requires at a minimum:

  • IBM WebSphere Liberty 21.0.0.3
  • Java SDK80 SR6 FP26 with APAR PH34993
  • IBM Crypto Express Card (CEX)

Planning information

Client responsibilities

Information on customer responsibilities for site preparation can be found in the Library section of Resource Link.

Cable orders

Not applicable

Installability

The average installation time for a LinuxONE Emperor 4 is approximately 22 installer hours. This does not include planning hours. This assumes a full System Assurance Product Review and implementation of the cable services have been performed. See your IBM representative for details on these services.

Security, auditability, and control

The LinuxONE Emperor 4 uses the security and auditability features and functions of host hardware, host software, and application software.

The client is responsible for evaluation, selection, and implementation of security features, administrative procedures, and appropriate controls in application systems and communications facilities.



Back to topBack to top

Terms and conditions

Top rule

Products - terms and conditions

Warranty period

One year

In Turkey only the warranty period is 2 years to comply with government requirements.

To obtain copies of the IBM Statement of Limited Warranty, contact your reseller or IBM. An IBM part or feature installed during the initial installation of an IBM machine is subject to the full warranty period specified by IBM. An IBM part or feature that replaces a previously installed part or feature assumes the remainder of the warranty period for the replaced part or feature. An IBM part or feature added to a machine without replacing a previously installed part or feature is subject to a full warranty. Unless specified otherwise, the warranty period, type of warranty service, and service level of a part or feature are the same as those for the machine in which it is installed.

International Warranty Service

International Warranty Service allows you to relocate any machine that is eligible for International Warranty Service and receive continued warranty service in any country where the IBM machine is serviced. If you move your machine to a different country, you are required to report the machine information to your Business Partner or IBM representative.

The warranty service type and the service level provided in the servicing country may be different from that provided in the country in which the machine was purchased. Warranty service will be provided with the prevailing warranty service type and service level available for the eligible machine type in the servicing country, and the warranty period observed will be that of the country in which the machine was purchased.

The following types of information can be found on the International Warranty Service website:

  • Machine warranty entitlement and eligibility
  • Directory of contacts by country with technical support contact information
  • Announcement Letters

Warranty service

The specified level of maintenance service may not be available in all worldwide locations. Additional charges may apply outside IBM's normal service area. Contact your local IBM representative or your reseller for country and location specific information. IBM will repair the failing machine at your location and verify its operation. You must provide a suitable working area to allow disassembly and reassembly of the IBM machine. The area must be clean, well lit, and suitable for the purpose. The following service is available as warranty for your machine type.

  • 24 hours per day, 7 days a week, same day response
International Warranty Service

International Warranty Service allows you to relocate any machine that is eligible for International Warranty Service and receive continued warranty service in any country where the IBM machine is serviced. If you move your machine to a different country, you are required to report the machine information to your Business Partner or IBM representative.

The warranty service type and the service level provided in the servicing country may be different from that provided in the country in which the machine was purchased. Warranty service will be provided with the prevailing warranty service type and service level available for the eligible machine type in the servicing country, and the warranty period observed will be that of the country in which the machine was purchased.

The following types of information can be found on the IBM Support website

  • Machine warranty entitlement and eligibility
  • Directory of contacts by country with technical support contact information
  • Announcement Letters
Warranty service upgrades

The specified level of maintenance service may not be available in all worldwide locations. Additional charges may apply outside IBM's normal service area. Contact your local IBM representative or your reseller for country and location specific information. IBM ON-SITE SERVICE: IBM will repair the failing machine at your location and verify its operation. You must provide a suitable working area to allow disassembly and reassembly of the IBM machine. The area must be clean, well lit, and suitable for the purpose.

The following service is provided.

  • 24 hours per day, 7 days a week, same day response.
Usage plan machine

No

IBM hourly service rate classification

Three

When a type of service involves the exchange of a machine part, the replacement may not be new, but will be in good working order.

Maintenance service offerings

Committed Services (CS) For service options with a committed level of service or any other special service option, contact your IBM representative. See the following announcement documents:

  • Announcement Letter ZS03-0150 for IBM Client Relationship Agreement (CRA)
  • Announcement Letter ZS04-0135 for Enterprise Agreement Contract
  • Announcement Letter ZS98-0118 for ServiceSuite Contract

General terms and conditions

Field-installable features

Yes

Model conversions

Yes

Machine installation

Installation is performed by IBM. IBM will install the machine in accordance with the IBM installation procedures for the Machine.

In the United States, contact IBM at 1-800-IBM-SERV (426-7378), in other countries contact the local IBM office.

Graduated program license charges apply

No

Licensed Internal Code

IBM Licensed Internal Code (LIC) is licensed for use by a client on a specific machine, designated by serial number, under the terms and conditions of the IBM License Agreement for Machine Code, to enable a specific machine to function in accordance with its specifications, and only for the capacity authorized by IBM and acquired by the client. You can obtain the agreement by contacting your IBM representative. It can also be found on the License Agreement for Machine Code and Licensed Internal Code website.

Specific Machine LIC Type Model:

  • 3931-LA1

Licensed Machine Code

N/A

Other Installed Licensed Code

None



Back to topBack to top

Prices

Top rule

For all local charges, contact your local IBM representative or IBM Business Partner.

IBM Global Financing

IBM Global Financing offers competitive financing to credit-qualified clients to assist them in acquiring IT solutions. Offerings include financing for IT acquisition, including hardware, software, and services, from both IBM and other manufacturers or vendors. Offerings (for all client segments: small, medium, and large enterprise), rates, terms, and availability can vary by country. Contact your local IBM Global Financing organization or go to the IBM Financing website for more information.

IBM Global Financing offerings are provided through IBM Credit LLC in the United States and other IBM subsidiaries and divisions worldwide to qualified commercial and government clients. Rates are based on a client's credit rating, financing terms, offering type, equipment type and options, and may vary by country. Other restrictions may apply. Rates and offerings are subject to change, extension, or withdrawal without notice.



Back to topBack to top

Regional availability

Top rule

Europe: Aland Islands, Albania, Andorra, Austria, Azerbaijan, Belgium, Bosnia and Herzegovina, Bouvet Island, British Indian Ocean Territory, Bulgaria, Union of the Comoros, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Falkland Islands (Malvinas), Faroe Islands, Finland, France, French Guiana, French Polynesia, French Southern Territories, Georgia, Germany, Gibraltar, Greece, Greenland, Guadeloupe, Guernsey, Holy See (Vatican City State), Hungary, Iceland, Ireland, Isle of Man, Israel, Italy, Jersey, Latvia, Liechtenstein, Lithuania, Luxembourg, Malta, Martinique, Mayotte, Republic of Moldova, Monaco, Montenegro, Netherlands, New Caledonia, Republic of North Macedonia, Norway, Pitcairn, Poland, Portugal, Reunion, Romania, Saint Barthelemy, Saint Helena Ascension and Tristan da Cunha, Saint Martin, Saint Pierre and Miquelon, San Marino, Serbia, Slovakia, Slovenia, South Georgia and the South Sandwich Islands, Spain, Svalbard and Jan Mayen, Sweden, Switzerland, Tajikistan, Turkmenistan, Ukraine, United Kingdom, Uzbekistan, Vanuatu, and Wallis and Futuna

Middle East and Africa: Afghanistan, Algeria, Angola, Bahrain, Benin, Botswana, Burkina Faso, Burundi, Republic of Cabo Verde, Cameroon, Central African Republic, Chad, Democratic Republic of the Congo, Republic of the Congo, Republic of Côte d'Ivoire, Djibouti, Egypt, Equatorial Guinea, Eritrea, Kingdom of Eswatini, Ethiopia, Gabon, Gambia, Ghana, Guinea, Guinea-Bissau, Iraq, Jordan, Kenya, Kuwait, Lebanon, Lesotho, Liberia, Libya, Madagascar, Malawi, Mali, Mauritania, Mauritius, Morocco, Mozambique, Namibia, Niger, Nigeria, Oman, Pakistan, State of Palestine, Qatar, Rwanda, Sao Tome and Principe, Saudi Arabia, Senegal, Seychelles, Sierra Leone, Somalia, South Africa, South Sudan, Sudan, United Republic of Tanzania, Togo, Tunisia, Turkey, Uganda, United Arab Emirates, Western Sahara, Yemen, Zambia, and Zimbabwe

Trademarks

z15, IBM z16 and IBM Consulting are trademarks of IBM Corporation in the United States, other countries, or both.

IBM, IBM Z, IBM Cloud, WebSphere, Db2, Power, IBM z13, IBM z14, Resource Link, FICON, z/VM, PIN, IBM Research, IBM Cloud Pak, GDPS, z/Architecture, Interconnect, Redbooks, IBM Watson, IBM Security, QRadar, Guardium and MaaS360 are registered trademarks of IBM Corporation in the United States, other countries, or both.

Oracle and Java are trademarks of Oracle and/or its affiliates in the United States, other countries, or both.

Intel is a trademark of Intel Corporation or its subsidiaries in the United States and other countries.

Red Hat and OpenShift are registered trademarks of Red Hat Inc. in the U.S. and other countries.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.

Other company, product, and service names may be trademarks or service marks of others.

Terms of use

IBM products and services which are announced and available in your country can be ordered under the applicable standard agreements, terms, conditions, and prices in effect at the time. IBM reserves the right to modify or withdraw this announcement at any time without notice. This announcement is provided for your information only. Reference to other products in this announcement does not necessarily imply those products are announced, or intend to be announced, in your country. Additional terms of use are located at

Terms of use

For the most current information regarding IBM products, consult your IBM representative or reseller, or go to the IBM worldwide contacts page

IBM Directory of worldwide contacts