Hardware assisted encryption supported by z/VSE
Ingolf24 120000DRN3 Visits (2393)
z/VSE provides hardware assisted encryption via crypto cards or crypto functions provided by the processor itself. They both can help to increase the throughput in a TCP/IP network using SSL (Secure Socket Layer).
z/VSE supports the latest crypto cards such as Crypto Express3 (z10 or higher) and Crypto Express4S (zEC12, zBC12).
SSL uses cryptography both for authentication of clients and servers, and for data confidentiality. It is a public key cryptography-based extension to TCP/IP networking. The usage of hardware assisted encryption in SSL is transparent to the application.
Both TCP/IP stacks, IPv6/VSE and TCP/IP for VSE/ESA, support CPACF and Crypto cards. IPv6/VSE exploits the newly added openSSL support of z/VSE. Other exploiters are CICS Web Support, VSE/POWER PNET, VSE connectors, Secure FTP, Secure Telnet, and WebSphere MQ.
Another exploiter of hardware assisted encryption is the Encryption Facility for z/VSE (EF for z/VSE). It provides encryption for SAM and VSAM files, VSE Library members, backups from the z/VSE backup utilities (IDCAMS, LIBR, POFFLOAD).
z/VSE tests for CPACF and crypto cards at IPL-time.
z/VSE also supports hardware-based tape encryption (IBM System Storage TS1120, 1130, 1140).
More information is in the z/VSE Planning and z/VSE Administration books. Our documentation is here.