Order HSM or 4767 battery-replacement kit

The IBM PCIe Cryptographic Coprocessor Version 2 (PCIeCC2) is a high-security, high-throughput member of the IBM hardware security module (HSM) family. This page describes how to order the HSM for each supported platform, how to obtain its embedded firmware, and how to order a 4767 battery-replacement kit.

For additional information, please see the IBM Marketplace.

The PCIeCC2 is currently available on

  1. IBM Z® family z14®, z13s™, and z13® mainframes only, either on z/OS® or Linux® on z Systems® operating systems, ordered as a Crypto feature code (FC),
  2. x86 servers as an IBM Z machine type-model (MTM), either on Microsoft® Windows® Server, SUSE® (a Micro Focus Company) Linux Enterprise Server (SLES), or Red Hat® Enterprise Linux (RHEL) 64-bit operating systems, and
  3. IBM Power Systems™ POWER8® server only, either on IBM AIX®, IBM i®, or PowerLinux™ (RHEL Server, SLES, or Ubuntu) operating systems.

Refer to the following table.

4767 adapter

PCIeCC2 machine type-model or feature code by platform

IBM PCIe Cryptographic Coprocessor IBM Z feature code (z/OS or Linux on z) x86 server MTM (Windows, SLES, or RHEL) Power Systems feature code
Version 2 (PCIeCC2) FC 0890 - Crypto Express5S (CEX5S) Note: FC 0890 is only available on z14, z13s, and z13 mainframes and requires Crypto feature code FC 3863 (CPACF Enablement). CPACF stands for Central Processor Assist for Cryptographic Functions.

MTM 4767-002

FC EJ32, Customer Card Identification Number 4767 (IBM POWER8 without blind-swap cassette custom carrier) FC EJ33, Customer Card Identification Number 4767 (IBM POWER8 with blind-swap cassette custom carrier)

How to place an order for FC 0890 (CEX5S)

The PCIeCC2 is currently only available on IBM z14, z13s, and z13 mainframes, either on z/OS or Linux on z Systems operating systems. The Crypto feature can be ordered as feature code (FC) 0890 - Crypto Express5S (CEX5S). CEX5S includes the HSM and its embedded firmware.

Note: FC 0890 requires FC 3863 - CPACF Enablement (Central Processor Assist for Cryptographic Functions). CPACF is a set of cryptographic instructions providing improved performance through hardware acceleration. Using the cryptographic hardware, you gain security from using the CPACF and CEX5S through in-kernel cryptography APIs and, for Linux on z Systems, the libica cryptographic functions library. Cryptographic keys must be protected by your application system, as required.

To place an order for the CEX5S feature, contact your IBM Customer Engineer. A minimum of 2 features is required per computer, with a maximum of 16.

CEX5S

How to place an order for MTM 4767-002

The IBM Z MTM 4767-002 is supported in x86 servers.

To place an order for a 4767-002, contact your Americas Call Centers, local IBM representative, or your IBM Business Partner. To identify your local IBM representative or IBM Business Partner in North America, call 800-IBM-4YOU (426-4968). For more information, contact the Americas Call Centers.

Phone: 800-IBM-CALL (800-426-2255) or Fax: 800-2IBM-FAX (800-242-6329).

email: To find an IBM representative in the US: callserv@ca.ibm.com. To find an IBM representative in Canada: askibm@ca.ibm.com. To find an IBM Business Partner: pwcs@us.ibm.com.

You can use the IBM Business Partner Locator to find a service provider with a particular set of skills, a technology reseller or a consultant with industry expertise. Follow these steps:

  1. Select your country.
  2. Open the Refine results, Competency, and Systems twisties.
  3. Select Server Systems.
  4. Optionally, open the Business Partner type twisty and select Reseller/VAR.
  5. Click Refine results to see a list of Business Partners.
  6. If you do not get a viable list of Business Partners, please contact the Crypto team at crypto@us.ibm.com for assistance.

All publications related to the 4767 are available for download from the Library page:

  • Installing the 4767. For instructions on installing the 4767 in your server, refer to the IBM 4767 PCIe Cryptographic Coprocessor Installation Manual.
  • Obtaining and loading the firmware. The embedded firmware that must be loaded onto the 4767-002 is included as part of the Software download package. For instructions on loading the coprocessor firmware, refer to the IBM 4767 PCIe Cryptographic Coprocessor CCA Support Program Installation Manual.
4767 Adapter

How to place an order for FC EJ32 or FC EJ33

The PCIeCC2 is currently on IBM Power Systems, either on IBM AIX, IBM i, or PowerLinux operating systems. The feature can be ordered as feature code (FC) EJ32 or EJ33. Refer to the “PCIeCC2 machine type-model or feature code by platform” table.

If you wish to order the PCIeCC feature for the IBM Power Systems™ (FC EJ32 or EJ33), see the IBM Power Systems website for information about IBM PCIeCCs in that system type. The coprocessor and its software and firmware are obtained as features of the IBM Power Systems and not from this website. However, the CCA Basic Services manual is obtained from the Library page.

4767 Adapter

How to place an order for a 4767 battery-replacement kit

The 4767 has two on-board batteries which provide critical backup power to a small quantity of internal memory, the clock-calendar, and the tamper-detection circuitry. So that you can maintain the functionality of the coprocessor, a kit containing replacement batteries for the 4767 is available through IBM as a field replaceable unit (FRU). Refer to the “Part number for 4767 battery-replacement kit” table.

To place an order for a 4767 battery-replacement kit, contact your Americas Call Centers, local IBM representative, or your IBM Business Partner as outlined in "How to place an order for MTM 4767-002."

You can also use the IBM Maintenance Parts website to order a battery-replacement kit. Navigate to this page:

https://www-store.shop.ibm.com/shop/en-US/PartsUSStorefrontAssetStore/MaintenanceParts

Click “Retail store”, enter the battery-replacement kit part number, 45D5803, and click the search icon. The part number, description, price, and availability will be displayed. You can complete your order online or via the phone number provided on the page.

4767 Battery Tray

Part number for 4767 battery-replacement kit

Part number Description
FRU 45D5803 Battery-replacement kit. Includes two replacement batteries, one battery-attention label, and one battery tray with connecting wires.

You can also use part number 45D5803 for IBM 4765-001 battery replacement.

Please contact Crypto at crypto@us.ibm.com if you have any questions about battery replacement.

Notes:

  1. Important: It is imperative that the coprocessor always has batteries installed with sufficient stored energy to power the coprocessor during its entire useful life. When the coprocessor is not in a powered-on system and the batteries either fail or are removed from the coprocessor, the unit will zeroize and be rendered permanently inoperable. There is no recovery from this situation.
  2. Special procedures are required to safely replace coprocessor batteries. Instructions for replacing the batteries are in IBM 4767 PCIe Cryptographic Coprocessor Installation Manual. This manual is available for download from the Library page.