On October 1, 2015 IBM issued a Statement of Direction about providing 64-bit addressing support in IBM Security zSecure. This support has now become available as a Service Stream Enhancement (SSE) to zSecure 2.2.0.
64-bit addressing allows the use of memory above the 2GB "bar" implied by addresses consisting of only 31 bits. Besides allowing the program to store and retrieve larger amounts of data, this also frees up memory "below the bar" that can be used by (other) 31-bit addressing programs.
Typical functions in zSecure that benefit from having a lot of memory available include
- processing very large numbers of events from the SMF event log, e.g. as sent on to IBM Security QRadar SIEM;
- analyzing data for many security databases and LPARs at the same time;
- rule-based compliance analysis based on many underlying technical reports;
- analyzing large intervals (possibly a year or more) of access use data, e.g. to identify obsolete permissions.
The SSE also includes enhancements to 31-bit addressing support. Details can be found in this blog entry by Jeroen Tiggelman on the Service Management Connect - System z blog.
The changes apply to all components of zSecure for z/OS except for zSecure CICS Toolkit and zSecure Command Verifier. For the full benefits a z196 or newer hardware is required.