IBM Fibre Channel Endpoint Security for IBM z15 and LinuxONE III

IBM United States Hardware Announcement 120-013
January 14, 2020


Table of contents
Key requirementsKey requirementsPublicationsPublications
Planned availability datePlanned availability dateTechnical informationTechnical information
DescriptionDescriptionTerms and conditionsTerms and conditions
Product positioningProduct positioningPricesPrices
Product numberProduct number


At a glance

Top rule

As data is being moved within and across data centers, authentication of the identities exchanging data and transparent encryption of the data in flight are required to strengthen security of the data. IBM® Fibre Channel Endpoint Security is a new end-to-end solution that is designed to provide a means to help ensure the integrity and confidentiality of all data flowing on Fibre Channel links between authorized server and storage devices, creating a trusted storage network that encrypts data in flight.



Back to topBack to top

Key requirements

Top rule

Refer to the Hardware requirements and Software requirements sections of this announcement.



Back to topBack to top

Planned availability date

Top rule

February 27, 2020



Back to topBack to top

Description

Top rule

IBM Fibre Channel Endpoint Security is designed to provide a means to help ensure the integrity and confidentiality of all data flowing on Fibre Channel links within and across data centers between trusted entities. Feature code 1146, Endpoint Security Enablement, along with CPACF enablement (#3863) and FICON® Express16SA (#0436 or #0437), turns on the Fibre Channel Endpoint Security panels on the Hardware Management Console so setup can be done.

The IBM z15 and LinuxONE III Hardware Management Console and Support Element supports Fibre Channel Endpoint Security (Authentication and Encryption of Data in Flight). HMC 2.15.0 and IBM z15 or LinuxONE III will provide the ability to have Fibre Channel Endpoint Security controls. When the Fibre Channel connection endpoints use the FICON Express® 16S+ adapters to the IBM DS8900F storage, authentication of the endpoints is enabled. When the connection endpoints on the z15 or LinuxONE III use the FICON Express SA adapters, authentication and encryption of data in flight between the CPC and the IBM DS8900F storage is enabled. HMC 2.15.0 will provide the configuration and secure connections to external key servers that are utilized for this Fibre Channel Endpoint Security.

Section 508 of the US Rehabilitation Act

IBM z15 and LinuxONE III servers are capable on delivery, when used in accordance with IBM's associated documentation, of satisfying the applicable requirements of Section 508 of the Rehabilitation Act of 1973, 29 U.S.C. Section 794d, as implemented by 36 C.F.R. Part 1194, provided that any assistive technology used with the product properly interoperates with it.

IBM makes no representation about the Section 508 status of third-party products included in this offering. Contact the vendor for specific, current information on the Section 508 status of these products.



Back to topBack to top

Product positioning

Top rule

With IBM Fibre Channel Endpoint Security on the FICON® and FCP channels, controls can be enabled so that enterprise data is exchanged only between authenticated (trusted) servers and storage controllers. This solution can also protect the integrity and confidentiality of the data by encrypting the data before it leaves one endpoint and keeping it protected until it reaches the receiving endpoint. The solution works exclusively between the IBM z15 or LinuxONE III and the new DS8900F storage controllers.



Back to topBack to top

Reference information

Top rule

For more information about IBM z15, announced on September 12, 2019, see Hardware Announcement 119-027, dated September 12, 2019.

For more information about IBM LinuxONE III, announced on September 12, 2019, see Hardware Announcement 119-012, dated September 12, 2019.

For more information about new-generation DS8000® models, announced on September 12, 2019, see Hardware Announcement 119-060, dated September 12, 2019.

For more information about IBM Z® Data Privacy Passports V1.0 beta program, announced on September 12, 2019, see to Software Announcement 219-452, dated September 12, 2019.



Back to topBack to top

Product number

Top rule

Description Machine Type Model Feature Number
IBM z15 8561 T01  
    LT1  
Endpoint Security Enablement     1146



Back to topBack to top

Business Partner information

Top rule

If you are a Direct Reseller - System Reseller acquiring products from IBM, you may link directly to Business Partner information for this announcement. A PartnerWorld ID and password are required (use IBMid).

BP Attachment for Announcement Letter 120-013


Back to topBack to top

Publications

Top rule

No publications are shipped with the announced product.

Publications for IBM Z can be obtained at the Resource Link® website. Using the instructions on the Resource Link panels, obtain a user ID and password. Resource Link has been designed for easy access and navigation.

To access the IBM Publications Center Portal, go to the IBM Publications Center website.

The Publications Center is a worldwide central repository for IBM product publications and marketing material with a catalog of 70,000 items. Extensive search facilities are provided. A large number of publications are available online in various file formats, which can currently be downloaded.



Back to topBack to top

Services

Top rule

IBM Systems Lab Services

IBM Systems Lab Services offers a wide array of services available for your enterprise. It brings expertise on the latest technologies from the IBM development community and can help with your most difficult technical challenges.

IBM Systems Lab Services exists to help you successfully implement emerging technologies so as to accelerate your return on investment and improve your satisfaction with your IBM systems and solutions. Services examples include initial implementation, integration, migration, and skills transfer on IBM systems solution capabilities and recommended practices. IBM Systems Lab Services is one of the service organizations of IBM's world-renowned IBM Systems Group development labs.

For details on available services, contact your IBM representative or go to the Lab Services website.

Global Technology Services

IBM services include business consulting, outsourcing, hosting services, applications, and other technology management.

These services help you learn about, plan, install, manage, or optimize your IT infrastructure to be an on-demand business. They can help you integrate your high-speed networks, storage systems, application servers, wireless protocols, and an array of platforms, middleware, and communications software for IBM and many non-IBM offerings. IBM is your one-stop shop for IT support needs.

For details on available services, contact your IBM representative or go to the IBM Global Technology Services® website.

For details on available IBM Business Continuity and Recovery Services, contact your IBM representative or go to the Resiliency Services website.

Details on education offerings related to specific products can be found on the IBM authorized training website.



Back to topBack to top

Technical information

Top rule

Specified operating environment

Hardware requirements

The hardware requirements for the IBM Z servers, features, and functions are the ones announced for IBM z15 and IBM LinuxONE III on September 12, 2019.

HMC (V2.15.0) plus MCLs and the Support Element (V2.15.0) became available on September 23, 2019. You should review the 8561DEVICE PSP bucket for minimum Machine Change Levels (MCLs) and software PTF levels before IPLing operating systems.

The new functions available on the Hardware Management Console (HMC) version 2.15.0, as described, apply exclusively to IBM z15 and LinuxONE III. However, the HMC version 2.15.0 will also support the systems listed in the table below.

Machine Family Machine Type Firmware Driver SE Version
z14 and Emperor II 3906 36 2.14.1
z14 and Emperor II 3906 32 2.14.0
z14 ZR1 and Rockhopper II 3907 36 2.14.1
z14 ZR1 and Rockhopper II 3907 32 2.14.0
z13® and Emperor 2964 27 2.13.1
z13s® and Rockhopper 2965 27 2.13.1

Software requirements

Software requirements for IBM Fibre Channel Endpoint Security are not to enable the function but for monitoring and reporting purposes only.

SAN hardware and software requirements and prerequisites are required for support of IBM Fibre Channel Endpoint Security. SAN environments using FCIP or other extension optimization features may have additional restrictions. Any restrictions will be outlined in the qualification letters. To help ensure that the SAN products planned to be implemented in an installation are qualified, registered users should visit the IBM Resource Link library page for current information about IBM Z qualified switch products and restrictions of use.

IBM Fibre Channel Endpoint Security requires at a minimum:

  • z/OS® V2.4 with PTFs.
  • z/OS V2.3 with PTFs.
  • z/OS V2.2 with PTFs.
  • z/VM® V7.1 with PTFs.
  • z/VM V6.4 with PTFs.
  • Linux® on IBM Z - IBM is working with its Linux distribution partners to provide support in future distribution releases.
    • Note: For minimum required and recommended distribution levels for IBM z15 and LinuxONE III, see the IBM Z website.

Planning information

Client responsibilities

Information on customer responsibilities for site preparation can be found in the Library section of Resource Link.

Cable orders

Not applicable.

Security, auditability, and control

The IBM z15 and LinuxONE III use the security and auditability features and functions of host hardware, host software, and application software.

The client is responsible for evaluation, selection, and implementation of security features, administrative procedures, and appropriate controls in application systems and communications facilities.

IBM Systems Lab Services

For details on available services, contact your IBM representative or go to the Lab Services website.



Back to topBack to top

IBM Electronic Services

Top rule

IBM has transformed its delivery of hardware and software support services to help you achieve higher system availability. Electronic Services is a web-enabled solution that offers an exclusive, no-additional-charge enhancement to the service and support available for IBM servers. These services are designed to provide the opportunity for greater system availability with faster problem resolution and preemptive monitoring. Electronic Services comprises two separate, but complementary, elements: Electronic Services news page and Electronic Services Agent.

The Electronic Services news page is a single internet entry point that replaces the multiple entry points traditionally used to access IBM internet services and support. The news page enables you to gain easier access to IBM resources for assistance in resolving technical problems.

The Electronic Service Agent is no-additional-charge software that resides on your server. It monitors events and transmits system inventory information to IBM on a periodic, client-defined timetable. The Electronic Service Agent automatically reports hardware problems to IBM. Early knowledge about potential problems enables IBM to deliver proactive service that may result in higher system availability and performance. In addition, information collected through the Service Agent is made available to IBM service support representatives when they help answer your questions or diagnose problems. Installation and use of IBM Electronic Service Agent for problem reporting enables IBM to provide better support and service for your IBM server.

To learn how Electronic Services can work for you, go to the IBM Electronic Service Agent website.



Back to topBack to top

Terms and conditions

Top rule


Client setup

No.


Machine code

Same license terms and conditions as base machine.


Optional features warranty period

Optional feature - One year.



Back to topBack to top

Prices

Top rule

For all local charges, contact your local IBM representative or IBM Business Partner.

Description Machine Type Model Feature Number ** EWFe MMMC Indicator INIT/MES
IBM z15 8561 T01          
    LT1          
Endpoint Security Enablement     1146 **     Both

** If field installed on a purchased machine, parts removed or replaced become the property of IBM and must be returned.

Trademarks

IBM, IBM Z, Resource Link, Global Technology Services, FICON, Express, DS8000, z13, z13s, z/OS and z/VM are registered trademarks of IBM Corporation in the United States, other countries, or both.

Linux is a registered trademark of Linus Torvalds in the United States, other countries, or both.

Other company, product, and service names may be trademarks or service marks of others.

Terms of use

IBM products and services which are announced and available in your country can be ordered under the applicable standard agreements, terms, conditions, and prices in effect at the time. IBM reserves the right to modify or withdraw this announcement at any time without notice. This announcement is provided for your information only. Additional terms of use are located at

Terms of use

For the most current information regarding IBM products, consult your IBM representative or reseller, or go to the IBM worldwide contacts page

IBM United States

Share this page

Digg Linked In

Contact IBM

Feedback

-->