IBM Z Multi-Factor Authentication expands protection to IBM z/VM systems
IBM United States Software Announcement 220-175May 19, 2020
ENUS220-175.PDF| Table of contents | ||||||||||||||||||||
| ||||||||||||||||||||
At a glance
IBM Z® Multi-Factor Authentication (IBM Z MFA) raises the level of assurance of your mission-critical systems with a flexible and tightly integrated multi-factor authentication solution. The IBM Z MFA and IBM® z/OS® Security Server RACF® programs help to create a layered defense by requiring selected z/OS users to authenticate with multiple factors:
- Something they know, such as a password or security question
- Something they have, such as an ID badge or cryptographic token device
- Something they are, such as a fingerprint or another biometric attribute
Password technology, now over 50 years old, has proven to be susceptible to theft, and therefore business risk via a wide range of hacking techniques. The majority of users that sign on to z/OS are performing tasks that are critical to the success of their business. These include accessing personally identifiable information, managing money, working with intellectual property, sharing information with subcontractors or business partners, and managing systems with privileged status. Unwanted access to any of these users' accounts would be detrimental to a business. In addition, deployment of IBM Z MFA will enable businesses to satisfy a number of regulatory requirements that require support beyond password and password phrase technology. Businesses should consider all their z/OS accesses be leveraged via IBM Z MFA.
IBM Z MFA V2.1.0 adds support for strong authentication for users logging on to z/VM® systems that use an External Security Manager, including IBM z/VM 7.1 RACF running at maintenance level RACF Security Server for z/VM with APAR VM66367 applied.
IBM Z MFA V2.1.0 supports many authentication types and integration features.
| Authentication Type or Integration Feature | z/OS | z/VM |
|---|---|---|
| RSA SecurID hard and soft tokens. | Yes | Yes |
| IBM TouchToken app for Time-based One-Time Passwords (TOTPs). | Yes | Yes |
| Generic TOTP support. | Yes | Yes |
| PassTicket support and application-level granularity. | Yes | No |
| Certificate-based authentication including Smart Cards (one of the supported types is Personal Identity Verification/Common Access Card (PIV/CAC)). | Yes | Yes |
| Generic RADIUS support. | Yes | Yes |
| SafeNet RADIUS support. | Yes | Yes |
| RSA SecurID RADIUS support. | Yes | Yes |
| One-Time Passcodes generated by the IBM Security Access Manager (ISAM) Pick-up OTP capability. | Yes | Yes |
| Tokens sent via SMS or email from IBM Cloud Identity Verify. | Yes | Yes |
| The ability to integrate an LDAP password with a strong authentication policy. | Yes | Yes |
| Yubico Yubikey tokens capable of generating One-Time Passcodes (OTPs) using Yubico's OTP algorithm. | Yes | Yes |
| The ability to obtain a secure credential from IBM Z MFA on one system or sysplex, and use the credential to access applications both inside and outside the sysplex boundary. | Yes | No |
| The ability to protect z/OS applications that use IBM HTTP Server -- Powered by Apache, now including 31-bit applications and applications that use subrequests. | Yes | No |
| The ability to accept authentication requests from ESMs running on z/VM. | No | Yes |
| The ability to run multiple instances of the Multi-Factor Authentication Web Services started task in a sysplex. | Yes | No |
| The ability to configure Multi-Factor Authentication to operate in a strict PCI-compliant mode. | Yes | Yes |
| Integration through an SAF API that enables Express Logon Facility to work with Multi-Factor Authentication. | Yes | No |
| Compound out-of-band authentication, which allows the specification of more than one authentication factor in the authentication process. | Yes | Yes |
| Compound in-band authentication, which requires the user to supply a RACF credential (password or passphrase) in conjunction with a valid MFA credential. | Yes | No |
| Enhanced security in the out-of-band pre-authentication web dialogs by requiring the user to provide their policy name prior to entering their user name and credentials for the specified policy. As an aid for ease-of-use, the address of the web server and policy name can be bookmarked by the user's web browser. | Yes | Yes |
| RACF Identity Tokens (JSON Web Tokens support) where a set of authentication API calls can be linked together to appear as a single authentication transaction. | Yes | No |
| Self-service SAF password or passphrase change for both MFA users and non-MFA users. | Yes | No |
| MFA-internal passwords, protected by PBKDF2, for use within an MFA policy or during self-service enrollment. | No | Yes |
| Self-service MFA-internal password change for MFA users only. | No | Yes |
Back to top
Overview
IBM Z MFA V2.1.0 is enhanced with new functionality and support. Existing clients are strongly encouraged to upgrade to V2.1.0 at their earliest convenience.
Integration with z/VM External Security Managers
IBM Z MFA adds support for strong user authentication to z/VM systems protected by IBM z/VM 7.1 RACF:
- A separate installation of IBM Z MFA (IBM MFA for z/VM) is installed on an LPAR running a supported distribution of Linux® for IBM Z.
- MFA user accounts associated with z/VM users are configured and maintained within IBM MFA for z/VM.
- Entries for z/VM ESM clients are configured within IBM MFA for z/VM.
- The user initially authenticates to IBM MFA for z/VM to acquire a secure credential, and then uses that credential instead of their z/VM password when accessing their protected z/VM system.
Protection beyond the z/OS sysplex boundary
IBM Z MFA adds support for the production of secure credentials that can be used both within and beyond the boundary of the sysplex where the credential was generated.
- The user is configured via familiar IBM MFA techniques in the primary (credential generating) system or sysplex.
- The user is configured to require a new AZFCKCTC factor in multiple secondary (consuming) systems or sysplexes.
- In secondary (consuming) environments, the AZFCKCTC factor is configured to direct credential processing toward IBM MFA Web Services APIs hosted in the primary (generating) environment.
Back to top
Key requirements
z/OS: z/OS Security Server RACF and z/VM: z/VM 7.1 RACF
Depending on the factor being used, the following may be additional requirements:
- RSA Authentication Manager 8.1 for RSA SecurID exploitation
- SafeNet Authentication Service 3.5.4, or later
- A web browser that is capable of initiating TLS 1.2 sessions and operating with local smart card drivers if smart cards are employed
- A compatible RADIUS server for generic RADIUS
- An on-premises IBM Security™ Access Manager V9.0.6 instance, or access to a Cloud Identity Verify instance if using this support
- Tokens compatible with either IBM Z MFA supported factors or ISAM
Back to top
Planned availability date
May 22, 2020
Back to top
Accessibility by people with disabilities
A US Section 508 Accessibility Compliance Report containing details on accessibility compliance can be found on the Product accessibility information website.
Back to top
Reference information
For information about the IBM Z family servers, see the following announcements:
- IBM z15™ Hardware Announcement 119-027, dated September 12, 2019
- IBM z14® Hardware Announcement 119-014, dated February 12, 2019
- IBM z14 Hardware Announcement 118-075, dated October 2, 2018
- IBM z14 Hardware Announcement 118-018, dated April 10, 2018
- IBM z14 Hardware Announcement 117-093, dated November 28, 2017
- IBM z14 Hardware Announcement 117-044, dated July 17, 2017
- IBM z13® Hardware Announcement 115-001, dated January 14, 2015
- IBM z13s® Hardware Announcement 115-001, dated January 14, 2015
- IBM zEnterprise® EC12 Hardware Announcement 112-155, dated August 28, 2012
- IBM zEnterprise BC12 Hardware Announcement 113-121, dated July 23, 2013
For information about z/OS, see the following announcements:
- IBM z/OS Software Announcement 220-102, dated March 17, 2020
- IBM z/OS Software Announcement 219-210, dated December 10, 2019
- IBM z/OS Software Announcement 219-344, dated July 23, 2019
- IBM z/OS Software Announcement 219-102, dated April 23, 2019
- IBM z/OS Software Announcement 219-122, dated March 5, 2019.
Back to top
Program number
| Program number | VRM | Program name |
|---|---|---|
| 5655-MA1 | 2.1.0 | IBM Z Multi-Factor Authentication |
| 5655-MA2 | 1.1.0 | IBM Z Multi-Factor Authentication S&S |
IBM Z Multi-Factor Authentication
| Program number | Subscription and Support Program number |
|---|---|
| 5655-MA1 | 5655-MA2 |
Back to top
Business Partner information
If you are a Direct Reseller - System Reseller acquiring products from IBM, you may link directly to Business Partner information for this announcement. A PartnerWorld ID and password are required (use IBMid).
Back to top
Offering Information
Product information is available on the IBM Offering Information website.
Back to top
Publications
The product documentation includes these publications:
| Title | Order number |
|---|---|
| IBM Z Multi-Factor Authentication Program Directory | GI13-5220-00 |
| IBM Z Multi-Factor Authentication Installation and Customization | SC27-8447-40 |
| IBM Z Multi-Factor Authentication User's Guide | SC27-8448-40 |
| IBM Z Multi-Factor Authentication for z/VM | SC27-4938-40 |
IBM Knowledge Center provides access to the IBM Z MFA documentation in HTML and PDF formats at the z/OS Welcome Page.
Back to top
Services
Software Services
IBM Software Services has the breadth, depth, and reach to manage your services needs. You can leverage the deep technical skills of the lab-based software services team and the business consulting, project management, and infrastructure expertise of the IBM Global Services team. Also, IBM extends the reach of IBM Software Services through IBM Business Partners to provide an extensive portfolio of capabilities. IBM provides the global reach, intellectual capital, industry insight, and technology leadership to support a wide range of critical business needs.
To learn more about IBM Software Services, contact your Lab Services Sales or Delivery Leader.
Back to top
Technical information
Specified operating environment
Hardware requirements
A currently supported IBM Z server.
Software requirements
IBM Z MFA requires:
- z/OS V2.2 Security Server RACF 2.2, or later, with PTFs for MFA support. See RACF Multi - Factor Authentication Support for details.
- z/VM 7.1 RACF, or later, with PTFs for MFA support.
- For generic RADIUS support, access to an external server that supports the RADIUS PAP protocol.
- For SafeNet support, access to an external Gemalto SafeNet Authentication Service server.
- For RSA SecurID exploitation, access to an external RSA Authentication Manager V8.1 server.
- For ISAM exploitation, access to an ISAM server.
- For Cloud Identity Verify exploitation, valid Cloud Identity Verify provisioned users.
Such information is provided subject to the following terms. IT system security involves protecting systems and information through prevention, detection, and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated, or misused, or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service, or security measure can be completely effective in preventing improper use or access. IBM systems, products, and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products, or services to be most effective.
Important: IBM does not warrant that any systems, products, or services are immune from, or will make your enterprise immune from, the malicious or illegal conduct of any party.
Limitations
Authentication requests using IBM Z MFA are expected to be slower than non-IBM Z MFA authentication requests. At the very least, IBM Z MFA authentication will incur extra path length when calling Multi-Factor Authentication Services. Depending on the factor type, there may be additional considerations such as network calls to external authentication servers. Non-IBM Z MFA authentication requests should have little to no noticeable performance degradation.
See the Terms and conditions section of this announcement or the License Information document that is available on the IBM Software License Agreement website.
IBM Support
IBM Support is your gateway to technical support tools and resources that are designed to help you save time and simplify support. IBM Support can help you find answers to questions, download fixes, troubleshoot, submit and track problem cases, and build skills. Learn and stay informed about the transformation of IBM Support, including new tools, new processes, and new capabilities, by going to the IBM Support Insider.
Planning information
Packaging
The IBM Z MFA product package is distributed with the following:
| Title | Order number |
|---|---|
| IBM Z Multi-Factor Authentication Installation and Customization | SC27-8447-40 |
| IBM Z Multi-Factor Authentication User's Guide | SC27-8448-40 |
Direct client support
For technical support or assistance, contact your IBM representative or go to the IBM Support website.
Security, auditability, and control
The IBM Z MFA product is closely integrated with z/OS Security Server RACF and centralizes authentication factor information in the RACF database. IBM Z MFA relies on the RACF Security Administrator to identify which users are subject to requiring IBM Z MFA policy. IBM Z MFA relies on the integrity, security, and auditability features and functions of z/OS and the IBM Z platform hardware.
The client is responsible for evaluation, selection, and implementation of security features, administrative procedures, and appropriate controls in application systems and communication facilities.
Back to top
Ordering information
Consult your IBM representative.
The programs in this announcement all have Value Unit-Based pricing.
| Program number | Program name | Value Unit exhibit |
|---|---|---|
| 5655-MA1 | IBM Z Multi-Factor Authentication | VUE040 |
For each IBM Z IPLA program with Value Unit pricing, the quantity of that program needed to satisfy applicable IBM terms and conditions is referred to as the required license capacity. Your required license capacity is based upon the following factors:
- The IBM Z IPLA program you select.
- The applicable Value Unit Exhibit.
- The applicable terms.
| Cumulative Blocks of UserID Range | Value Units per Block of UserID |
|---|---|
| 2 to 10 | 1.00 VU/Blocks of 500 UserIDs |
| 11 to 30 | 0.50 VU/Blocks of 500 UserIDs |
| 31 to 100 | 0.30 VU/Blocks of 500 UserIDs |
| 101 to 300 | 0.20 VU/Blocks of 500 UserIDs |
| 301 to 1000 | 0.15 VU/Blocks of 500 UserIDs |
| 1001 to 2000 | 0.10 VU/Blocks of 500 UserIDs |
| 2001 + | 0.05 VU/Blocks of 500 UserIDs |
Ordering z/OS through the internet
Shopz provides an easy way to plan and order your z/OS ServerPac or CBPDO. It will analyze your current installation, determine the correct product migration, and present your new configuration based on z/OS. Additional products can also be added to your order (including determination of whether all product requisites are satisfied). For more details and availability, go to the Shopz website.
Charge metric
The charge metrics for these licensed products can be found in the following License Information documents:
| Program identifier | License Information document title | License Information document number |
|---|---|---|
| 5655-MA1 | IBM Z Multi-Factor Authentication Release 2.1.0 | L-MZAI-BMET32 |
| 5655-MA2 | IBM Z Multi-Factor Authentication S&S 1.1.0 | L-MZAI-BMET32 |
Select your language of choice and scroll down to the "Charge Metrics" section. Follow-on releases, if any, may have updated terms. See the License Information documents website for more information.
Basic license
To order, specify the program product number and the appropriate license or charge option. Also, specify the desired distribution medium. To suppress shipment of media, select the license-only option in CFSW.
Program name: IBM Z Multi-Factor Authentication
Program PID: 5655-MA1
| Entitlement identifier | Description | License option/Pricing metric |
|---|---|---|
| S018G0T | IBM Z Multi-Factor Authentication | Basic OTC, per Value Unit |
| IBM Z Multi-Factor Authentication | MultiVersion Measurement NC |
| Orderable supply ID | Language |
|---|---|
| S018FP2 | US English |
Subscription and support PID: 5655-MA2
| Entitlement identifier | Description | License option/Pricing metric |
|---|---|---|
| S018G0V | IBM Z Multi-Factor Authentication S&S | Basic MSC, per Value Unit |
| IBM Z Multi-Factor Authentication S&S | No charge, decline SW S&S | |
| IBM Z Multi-Factor Authentication S&S | MultiVersion Measurement S&S NC |
| Orderable supply ID | Language | Distribution medium |
|---|---|---|
| S018FNZ | US English | Paper |
Subscription and Support
To receive voice technical support via telephone and future releases and versions at no additional charge, Subscription and Support must be ordered. The capacity of Subscription and Support (Value Units) must be the same as the capacity ordered for the product licenses.
To order, specify the Subscription and Support program number (PID) referenced above and the appropriate license or charge option.
IBM is also providing Subscription and Support for these products via a separately purchased offering under the terms of the IBM International Agreement for Acquisition of Software Maintenance. This offering:
- Includes and extends the support services provided in the base support to include technical support via telephone.
- Entitles you to future releases and versions, at no additional charge. Note that you are not entitled to new products.
When Subscription and Support is ordered, the charges will automatically renew annually unless cancelled by you.
The combined effect of the IPLA license and the Agreement for Acquisition of Software Maintenance gives you rights and support services comparable to those under the traditional ICA S/390® and System z® license or its equivalent. To ensure that you continue to enjoy the level of support you are used to in the ICA business model, you must order both the license for the program and the support for the selected programs at the same Value Unit quantities.
Customized Offerings
Product deliverables are shipped only through CBPDO and ServerPac. These customized offerings are offered for internet delivery. For more details on internet delivery, go to the Help section on the Shopz website.
IBM recommends internet delivery. However, if you still require physical media, you can choose DVD.
Many products can be ordered in ServerPac the month following their availability in CBPDO. z/OS can be ordered through CBPDO and ServerPac on the planned availability date. Many products will also be orderable in a Product ServerPac without also having to order the z/OS operating system or subsystem.
Shopz and CFSW will determine the eligibility based on product requisite checking. For more details on the Product ServerPac, go to the Help section on the Shopz website.
Production of software product orders will begin on the planned availability date.
- CBPDO shipments will begin one week after the planned availability date.
- ServerPac shipments will begin four weeks after the planned availability date.
Back to top
Terms and conditions
The information provided in this announcement letter is for reference and convenience purposes only. The terms and conditions that govern any transaction with IBM are contained in the applicable contract documents such as the IBM International Program License Agreement, IBM International Passport Advantage® Agreement, and IBM Agreement for Acquisition of Software Maintenance.
Licensing
IBM International Program License Agreement including the License Information document and Proof of Entitlement (PoE) govern your use of the program. PoEs are required for all authorized use.
This software license includes Software Subscription and Support (also referred to as Software Maintenance).
Software Maintenance
The following agreement applies for Software Subscription and Support (Software Maintenance) and does not require client signatures:
- IBM Agreement for Acquisition of Software Maintenance (Z125-6011)
These programs are licensed under the IBM Program License Agreement (IPLA) and the associated Agreement for Acquisition of Software Maintenance, which provide for support with ongoing access to releases and versions of the program. These programs have a one-time license charge for use of the program and an annual renewable charge for the enhanced support that includes telephone assistance (voice support for defects during normal business hours), as well as access to updates, releases, and versions of the program as long as support is in effect.
License Information number
The following License Information documents apply to the offerings in this announcement:
| Program identifier | License Information document title | License Information document number |
|---|---|---|
| 5655-MA1 | IBM Z Multi-Factor Authentication Release 2.1.0 | L-MZAI-BMET32 |
| 5655-MA2 | IBM Z Multi-Factor Authentication S&S 1.1.0 | L-MZAI-BMET32 |
Follow-on releases, if any, may have updated terms. See the License Information documents website for more information.
If you are planning to migrate to IBM MFA 2.1 from a version prior to 2.0, contact your IBM representative for the appropriate course of action.
Limited warranty applies
Yes.
Limited warranty
IBM warrants that when the program is used in the specified operating environment, it will conform to its specifications. The warranty applies only to the unmodified portion of the program. IBM does not warrant uninterrupted or error-free operation of the program or that IBM will correct all program defects. You are responsible for the results obtained from the use of the program.
IBM provides you with access to IBM databases containing information on known program defects, defect corrections, restrictions, and bypasses at no additional charge. For further information, see the IBM Support Guide.
IBM will maintain this information for at least one year after the original licensee acquires the program (warranty period).
Program technical support
Technical support of a program product version or release will be available for a minimum of five years from the general availability date, as long as your Software Subscription and Support (also referred to as Software Maintenance) is in effect.
This technical support allows you to obtain assistance (by telephone or electronic means) from IBM for product-specific, task-oriented questions regarding the installation and operation of the program product. Software Subscription and Support (Software Maintenance) also provides you with access to updates (modifications or fixes), releases, and versions of the program. You will be notified, through an announcement letter, of discontinuance of support with 12 months' notice.
If you require additional technical support from IBM, including an extension of support beyond the discontinuance date, contact your IBM representative or IBM Business Partner. This extension may be available for a fee.
For additional information on the IBM Software Support Lifecycle Policy, see the IBM Software Support Lifecycle Policy website.
Money-back guarantee
If for any reason you are dissatisfied with the program and you are the original licensee, you may obtain a refund of the amount you paid for it, if within 30 days of your invoice date you return the program and its PoE to the party from whom you obtained it. If you downloaded the program, you may contact the party from whom you acquired it for instructions on how to obtain the refund.
For clarification, note that for programs acquired under any of IBM's On/Off Capacity on Demand (On/Off CoD) software offerings, this term does not apply since these offerings apply to programs already acquired and in use by you.
Volume orders (IVO)
No.
Passport Advantage applies
No.
Software Subscription and Support applies
Yes. During the Software Subscription and Support period, for the unmodified portion of a program, and to the extent problems can be recreated in the specified operating environment, IBM will provide the following:
- Defect correction information, a restriction, or a bypass.
- Program updates: Periodic releases of collections of code corrections, fixes, functional enhancements and new versions and releases to the program and documentation.
- Technical assistance: A reasonable amount of remote assistance by telephone or electronically to address suspected program defects. Technical assistance is available from the IBM support center in the organization's geography.
Additional details regarding Technical Assistance, which includes IBM contact information, are provided in the IBM Support Guide.
Software Subscription and Support does not include assistance for:
- The design and development of applications.
- Your use of programs in other than their specified operating environment.
- Failures caused by products for which IBM is not responsible under the IBM Agreement for Acquisition of Software Maintenance.
Software Subscription and Support is provided only if the program is within its support timeframe as specified in the Software Support Lifecycle policy for the program.
All distributed software licenses include Software Subscription and Support (also referred to as Software Maintenance) for a period of 12 months from the date of acquisition, providing a streamlined way to acquire IBM software and assure technical support coverage for all licenses. Extending coverage for a total of three years from date of acquisition may be elected.
While your Software Subscription and Support is in effect, IBM provides you assistance for your routine, short duration installation and usage (how-to) questions, and code-related questions. IBM provides assistance by telephone and, if available, electronic access, only to your information systems (IS) technical support personnel during the normal business hours (published prime shift hours) of your IBM support center. (This assistance is not available to your end users.) IBM provides Severity 1 assistance 24 hours a day, every day of the year. For additional details, go to the IBM Support Handbooks page.
Software Subscription and Support does not include assistance for the design and development of applications, your use of programs in other than their specified operating environment, or failures caused by products for which IBM is not responsible under this agreement.
IBM Operational Support Services - SoftwareXcel
No.
Variable charges apply
No.
Educational allowance available
Yes. A 15% education allowance applies to qualified education institution clients.
Multi-Version Measurement
Multi-Version Measurement (MVM) replaces the previously announced Migration Grace Period time limit of six months and allows unlimited time for clients to run more than one eligible version of a software program. Clients may run multiple versions of a program simultaneously for an unlimited duration during a program version upgrade. Clients may also choose to run multiple versions of a program simultaneously for an unlimited duration in a production environment. MVM does not extend support dates for programs withdrawn from service.
For more information about MVM, including requirements for qualification, see the MVM web page. For a list of eligible programs, see the IPLA Execution-Based web page.
Sub-capacity utilization determination
Sub-capacity utilization is determined based on the utilization of an eligible operating system and machine, for example, z/OS running in z/Architecture® (64 bit) mode on an IBM Z, or equivalent, server.
Back to top
Statement of good security practices
IT system security involves protecting systems and information through intrusion prevention, detection, and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, or misappropriated or can result in misuse of your systems to attack others. Without a comprehensive approach to security, no IT system or product should be considered completely secure and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to be part of a regulatory compliant, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products, or services to be most effective.
Important: IBM does not warrant that any systems, products, or services are immune from, or will make your enterprise immune from, the malicious or illegal conduct of any party.
Back to top
Prices
For all local charges, contact your IBM representative.
Program name: IBM Z Multi-Factor Authentication
Program PID: 5655-MA1
| Entitlement identifier | Description | License option/Pricing metric |
|---|---|---|
| S018G0T | IBM Z Multi-Factor Authentication | Basic OTC, per Value Unit |
| IBM Z Multi-Factor Authentication | MultiVersion Measurement NC |
Subscription and Support PID: 5655-MA2
| Entitlement identifier | Description | License option/Pricing metric |
|---|---|---|
| S018G0V | IBM Z Multi-Factor Authentication S&S | Basic ASC, per Value Unit |
| IBM Z Multi-Factor Authentication | No charge, decline SW S&S | |
| IBM Z Multi-Factor Authentication | MultiVersion Measurement S&S NC |
IBM Global Financing
IBM Global Financing offers competitive financing to credit-qualified clients to assist them in acquiring IT solutions. Offerings include financing for IT acquisition, including hardware, software, and services, from both IBM and other manufacturers or vendors. Offerings (for all client segments: small, medium, and large enterprise), rates, terms, and availability can vary by country. Contact your local IBM Global Financing organization or go to the IBM Global Financing website for more information.
IBM Global Financing offerings are provided through IBM Credit LLC in the United States, and other IBM subsidiaries and divisions worldwide to qualified commercial and government clients. Rates are based on a client's credit rating, financing terms, offering type, equipment type, and options, and may vary by country. Other restrictions may apply. Rates and offerings are subject to change, extension, or withdrawal without notice.
Financing from IBM Global Financing helps you preserve cash and credit lines, enables more technology acquisition within current budget limits, can help accelerate implementation of economically attractive new technologies, offers payment and term flexibility, and can help match project costs to projected benefits. Financing is available worldwide for credit-qualified clients.
Trademarks
IBM Security and IBM z15 are trademarks of IBM Corporation in the United States, other countries, or both.
IBM Z, IBM, z/VM, z/OS, RACF, Passport Advantage, z/Architecture, IBM z14, IBM z13, IBM z13s, zEnterprise, S/390 and System z are registered trademarks of IBM Corporation in the United States, other countries, or both.
Linux is a registered trademark of Linus Torvalds in the United States, other countries, or both.
Other company, product, and service names may be trademarks or service marks of others.
Terms of use
IBM products and services which are announced and available in your country can be ordered under the applicable standard agreements, terms, conditions, and prices in effect at the time. IBM reserves the right to modify or withdraw this announcement at any time without notice. This announcement is provided for your information only. Additional terms of use are located at
For the most current information regarding IBM products, consult your IBM representative or reseller, or go to the IBM worldwide contacts page