Security & cryptography

Page navigation

Encrypting everything may not cost you a fortune - find out yourself

Abstract

Switching from selectively encrypting sensitive data to completely encrypting all enterprise data is often considered computationally expensive and therefore rejected in the beginning by many, even without any evaluation being done. This talk will provide guidance on how you can do a Linux performance evaluation on your own. Examples will be given on how to measure encryption of data in flight and at rest. All shown examples are going to be covered with real IBM Z performance values.

View
Creation date
October 2018
 

Pervasive Encryption with Linux on IBM Z: from a performance perspective

Abstract

From its first announcement, the IBM z14 has been labeled as "the encryption machine" - enabling customers encrypting massive amounts of data at a low cost.
This talk gives a detailed performance overview of the Pervasive Encryption concept within Linux. The audience will get insights about the performance improvements compared to the former IBM z13 for data-in-flight, data-at-rest and the encryption overhead we get in an end-to-end scenario including a PostgreSQL database.

View
Creation date
July 2018
 

Configuring an Apache mod_nss server to exploit z Systems cryptographic hardware

Abstract

This white paper provides information about how to configure an Apache HTTPS server with mod_nss to exploit the cryptographic hardware functions available with IBM z Systems cryptographic hardware. The scenario provided in this white paper uses Red Hat Enterprise Linux (RHEL) 7. The scenario was tested using Red Hat Enterprise Linux (RHEL) 7.1.

View
Creation date
December 2015
 

IBM WebSphere Application Server Version 8 for Linux on IBM System z - SSL Setup and Performance Study

Abstract

This paper describes how the advantages of the z Systems cryptographic hardware features with IBM WebSphere Application Server (WAS) Version 8 for Linux on z Systems can be exploited when SSL encryption is used to secure the external communication. It also provides setup guidelines for Java-based workloads.

View
Creation date
May 2013
 

Cryptographic support

Presentation abstract
  • Introduction to the cryptographic support hardware features and the controlling software layers
  • Comparison of throughput and processor consumption when using hardware encryption and software encryption
  • Usage options for the zcrypt module
  • In kernel crypto support
  • Commands to verify that hardware encryption is enabled
View
Creation date
March 2009
Last update
July 2010

Exploiting IBM System z Cryptographic Hardware using JSSE

Abstract

This study measures performance and throughput for the Java Secure Socket Extension (JSSE) on Linux for IBM z Systems with Java 2 Platform, Enterprise Edition.

Data encryption is an important feature to ensure privacy and integrity of data sent using any type of network. This paper describes how to set up the cryptographic environment on IBM z Systems to obtain the benefit of the additional power of special purpose features CPACF and CEX2A using a client-server based Java application communicating using SSL with different cipher suites.

View
Creation date
January 2010

Tivoli WebSEAL - Sizing and capacity planning

Abstract

WebSEAL provides an authentication and authorization mechanism based on Tivoli Access Manager. It enables an end-to-end Single Sign On (SSO) solution for secure transactions for WebSphere application servers.

Here WebSEAL is used as proxy inside a DMZ from a secure WebSphere Application server environment. Each server runs on virtual hardware under z/VM.

The paper describes how to setup the environment and how it performs in various scenarios. Additionally it shows the impressive advantage of the IBM z Systems cryptographic hardware features CPACF and CEX2C cards and how to setup the system to get cryptographic hardware support. It also demonstrates that the implementation of a DMZ with all its services and servers is a very good case for server consolidation on z/VM.

View
Creation date
September 2009

Performance of a webApp.secure environment

Abstract

WebScurity's webApp.secure™ protects Web application servers from Internet attacks. This utility of the IBM z Systems Linux Utility Services is a strategic direction, protecting Web applications from attacks in addition to traditional firewall and perimeter security.

This paper determines the performance of a webApp.secure environment. It shows that the implementation of a DMZ with all its services and servers is a very good case for server consolidation on z/VM.

View
Creation date
November 2007