Security & cryptography
Page navigation
- Encrypting everything may not cost you a fortune - find out yourself
- Pervasive Encryption with Linux on IBM Z: from a performance perspective
- Configuring an Apache mod_nss server to exploit z Systems cryptographic hardware
- IBM WebSphere Application Server Version 8 for Linux on IBM System z - SSL Setup and Performance Study
- Cryptographic support
- Exploiting IBM System z Cryptographic Hardware using JSSE
- Tivoli WebSEAL - Sizing and capacity planning
- Performance of a webApp.secure environment
Encrypting everything may not cost you a fortune - find out yourself
Abstract
Switching from selectively encrypting sensitive data to completely encrypting all enterprise data is often considered computationally expensive and therefore rejected in the beginning by many, even without any evaluation being done. This talk will provide guidance on how you can do a Linux performance evaluation on your own. Examples will be given on how to measure encryption of data in flight and at rest. All shown examples are going to be covered with real IBM Z performance values.
View Encrypting everything may not cost you a fortune - find out yourself
Creation date October 2018
Pervasive Encryption with Linux on IBM Z: from a performance perspective
Abstract
From its first announcement, the IBM z14 has been labeled as "the encryption machine" - enabling customers encrypting massive amounts of data at a low cost. This talk gives a detailed performance overview of the Pervasive Encryption concept within Linux. The audience will get insights about the performance improvements compared to the former IBM z13 for data-in-flight, data-at-rest and the encryption overhead we get in an end-to-end scenario including a PostgreSQL database.
View Pervasive Encryption with Linux on IBM Z: from a performance perspective
Creation date July 2018
Configuring an Apache mod_nss server to exploit z Systems cryptographic hardware
Abstract
This white paper provides information about how to configure an Apache HTTPS server with mod_nss to exploit the cryptographic hardware functions available with IBM z Systems cryptographic hardware. The scenario provided in this white paper uses Red Hat Enterprise Linux (RHEL) 7. The scenario was tested using Red Hat Enterprise Linux (RHEL) 7.1.
View Configuring an Apache mod_nss server to exploit z Systems cryptographic hardware
Creation date December 2015
IBM WebSphere Application Server Version 8 for Linux on IBM System z - SSL Setup and Performance Study
Abstract
This paper describes how the advantages of the z Systems cryptographic hardware features with IBM WebSphere Application Server (WAS) Version 8 for Linux on z Systems can be exploited when SSL encryption is used to secure the external communication. It also provides setup guidelines for Java-based workloads.
Creation date May 2013
Cryptographic support
- Introduction to the cryptographic support hardware features and the controlling software layers
- Comparison of throughput and processor consumption when using hardware encryption and software encryption
- Usage options for the zcrypt module
- In kernel crypto support
- Commands to verify that hardware encryption is enabled
View Linux on System z cryptographic support
Creation date March 2009 Last update July 2010
Exploiting IBM System z Cryptographic Hardware using JSSE
Abstract
This study measures performance and throughput for the Java Secure Socket Extension (JSSE) on Linux for IBM z Systems with Java 2 Platform, Enterprise Edition.
Data encryption is an important feature to ensure privacy and integrity of data sent using any type of network. This paper describes how to set up the cryptographic environment on IBM z Systems to obtain the benefit of the additional power of special purpose features CPACF and CEX2A using a client-server based Java application communicating using SSL with different cipher suites.
View Exploiting IBM System z Cryptographic Hardware using JSSE
Creation date January 2010
Tivoli WebSEAL - Sizing and capacity planning
Abstract
WebSEAL provides an authentication and authorization mechanism based on Tivoli Access Manager. It enables an end-to-end Single Sign On (SSO) solution for secure transactions for WebSphere application servers.
Here WebSEAL is used as proxy inside a DMZ from a secure WebSphere Application server environment. Each server runs on virtual hardware under z/VM.
The paper describes how to setup the environment and how it performs in various scenarios. Additionally it shows the impressive advantage of the IBM z Systems cryptographic hardware features CPACF and CEX2C cards and how to setup the system to get cryptographic hardware support. It also demonstrates that the implementation of a DMZ with all its services and servers is a very good case for server consolidation on z/VM.
View Tivoli WebSEAL - Sizing and Capacity Planning
Creation date September 2009
Performance of a webApp.secure environment
Abstract
WebScurity's webApp.secure protects Web application servers from Internet attacks. This utility of the IBM z Systems Linux Utility Services is a strategic direction, protecting Web applications from attacks in addition to traditional firewall and perimeter security.
This paper determines the performance of a webApp.secure environment. It shows that the implementation of a DMZ with all its services and servers is a very good case for server consolidation on z/VM.
View Performance of a webApp.secure Environment
Creation date November 2007