DOCSLIB.ORG

(12) United States Patent (10) Patent No.: US 9,129,043 B2 Pandya (45) Date of Patent: Sep

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
(12) United States Patent (10) Patent No.: US 9,129,043 B2 Pandya (45) Date of Patent: Sep USOO9129043B2 (12) United States Patent (10) Patent No.: US 9,129,043 B2 Pandya (45) Date of Patent: Sep. 8, 2015 (54) 1OOGBPS SECURITY AND SEARCH (56) References Cited ARCHITECTURE USING PROGRAMMABLE INTELLIGENT SEARCH MEMORY U.S. PATENT DOCUMENTS 5, 187,800 A 2f1993 Sutherland (76) Inventor: Ashish A. Pandya, El Dorado Hills, CA 5,640,525 A 6/1997 Yumoto et al. 5,872,972 A 2f1999 Boland et al. (US) 5,968,176 A 10, 1999 Nessett et al. 6,018,779 A 1/2000 Blumenau 6,018,799 A 1/2000 Wallace et al. (*) Notice: Subject to any disclaimer, the term of this 6,021,490 A 2/2000 Vorbach et al. patent is extended or adjusted under 35 6,130,892 A 10/2000 Short et al. U.S.C. 154(b) by 0 days. 6,147,976 A 11/2000 Shand et al. 6,205,537 B1 3/2001 Albonesi 6,237,029 B1 5, 2001 Master et al. (21) Appl. No.: 13/472,042 6,304,973 B1 10/2001 Williams 6.421,742 B1 7, 2002 Tillier (22) Filed: May 15, 2012 6.427,170 B1 7/2002 Sitaraman et al. (Continued) (65) Prior Publication Data FOREIGN PATENT DOCUMENTS US 2013/OO18835A1 Jan. 17, 2013 JP 2002-63060 2, 2002 WO WO 98.54644 12/1998 Related U.S. Application Data (Continued) OTHER PUBLICATIONS (63) Continuation of application No. 13/172.276, filed on Jun. 29, 2011, now Pat. No. 8,200,599, which is a International Search Report Issued in PCT/US2007/86785, mailed continuation of application No. 13/029.782, filed on Apr. 30, 2008. Feb. 17, 2011, now Pat. No. 7,996,348, which is a (Continued) continuation of application No. 11/952,043, filed on Dec. 6, 2007, now Pat. No. 7,912,808. Primary Examiner — David Vincent (Continued) (74) Attorney, Agent, or Firm — DLA Piper LLP US (57) ABSTRACT (51) Int. C. G06F 5/8 (2006.01) Disclosed is a network computer system which may comprise G06F 7/30 (2006.01) a hardware processor which may comprise a programmable intelligent search memory for content search. The program HO4L 29/06 (2006.01) mable intelligent search memory may perform regular (52) U.S. C. expression based search. The programmable intelligent CPC ......... G06F 17/30985 (2013.01); H04L 63/145 search memory may use at least one regular expression. The (2013.01) regular expression may be converted into at least one non (58) Field of Classification Search deterministic finite state automata (NFA) representing the USPC ................ 706/45 47, 62: 711/100, 103,108; functionality of the regular expression. 707/706, 758, 736, 769, 737 See application file for complete search history. 10 Claims, 29 Drawing Sheets AntiSpam Rusies Confidentialty Rules access contraries 2gning Rules Virus Signatures JR. Rues N.W Address Rules UNasking rules Digital Rights Migrit Sig WORRUes Portiappiya Rules Frame Filtering rules statessaggles application. Specific Rules Fotocol Specific Rutlas logical Block. Address Rules Extrusion Detection Rules XMLRUsiother App.Rules Other Network layer. Ries Osher SAR Rules. | Application layer Rules Network layer Rules storage Area Network Riles 80 s 902 4. - o 904 Rules Parse -- Nicci --- Regular capabityl g Signatures m sos Expressions (RE (c.Connectivity NFA PRISM Signature Compiler Flow PRISMFSA Compier Fow so st 303 NA 309 - Rules Distribution Engine PRISM Search compiler few (ful incremental rule distribution US 9,129,043 B2 Page 2 Related U.S. Application Data 7,831,607 B2 * 11, 2010 Pandya ......................... 707/758 7,865,596 B2 1, 2011 Grosner et al. (60) Provisional application No. 60/965,267, filed on Aug. 7,870,217 B2 1, 2011 Pandya 17, 2007, provisional application No. 60/965,170, 7,890,692 B2 * 2, 2011 Pandya ......................... T11 103 7,899,976 B2 * 3, 2011 Pandya ......................... T11 103 filed on Aug. 17, 2007, provisional application No. 7,899,977 B2 * 3, 2011 Pandya . ... 711 (103 60/963,059, filed on Aug. 1, 2007, provisional appli 7,899,978 B2 * 3, 2011 Pandya ......................... T11 103 cation No. 60/961,596, filed on Jul. 23, 2007, provi 7.912,808 B2 3, 2011 Pandya sional application No. 60/933,313, filed on Jun. 6, 7,944,920 B2 5, 2011 Pandya 7,958,199 B2 6, 2011 Ferrari et al. 2007, provisional application No. 60/933,332, filed on 7.996,348 B2 8, 2011 Pandya Jun. 6, 2007, provisional application No. 60/930,607, 8,005,966 B2 8, 2011 Pandya filed on May 17, 2007, provisional application No. 8,051,022 B2 11, 2011 Pandya 60/928,883, filed on May 10, 2007, provisional appli 8,055,601 B2 11, 2011 Pandya 8,200,599 B2 * 6, 2012 Pandya . TO6/45 cation No. 60/873,632, filed on Dec. 8, 2006, provi 8,601,086 B2 12/2013 Pandya sional application No. 60/873,889, filed on Dec. 8, 2001/0051994 A1 12, 2001 Serizawa et al. 2006. 2002fOO59451 A1 5/2002 Haviv 2002fOO85562 A1 T/2002 Hufferdet al. References Cited 2002/0108059 A1 8, 2002 Canion et al. (56) 2002fO141585 A1 10, 2002 Carr 2002fO161664 A1 10, 2002 Shaya et al. U.S. PATENT DOCUMENTS 2003,0005174 A1 1, 2003 Coffman et al. 2003,0005233 A1 1, 2003 Stewart et al. 6,480,894 B1 11/2002 Courts et al. 2003,0005331 A1 1, 2003 Williams 6,483,840 B1 1 1/2002 Vogel 2003/OOO9432 A1 1, 2003 Sugahara et al. 6,598,125 B2 7/2003 Romm. 2003, OO18691 A1 1, 2003 Bono 6,598,144 B1 7/2003 Bailey et al. 2003/0022361 A1 1, 2003 Houston et al. 6,611,883 B1 8/2003 Avery 2003/00371.78 A1 2, 2003 Vessey et al. 6,668,299 B1 12/2003 Kagan et al. 2003/0041163 A1 2, 2003 Rhoades et al. 6,675,200 B1 1/2004 Cheriton et al. 2003/0043794 A1 3, 2003 Cayton et al. 6,697,878 B1 2/2004 Imai 2003/0046474 A1 3, 2003 Craddock et al. 6,778,557 B1 8, 2004 Yuki et al. 2003/0050990 A1 3, 2003 Craddock et al. 6,782.410 B1 8/2004 Bhagat et al. 2003, OO61296 A1 3, 2003 Craddock et al. 6,839,346 B1 1/2005 Kametani 2003/OO95545 A1 5/2003 Ngai 6,892,237 B1 * 5/2005 Gaiet al. ...................... TO9,224 2003/0097518 A1 5/2003 Kohn et al. 6,947,970 B2 9/2005 Berry 2003/0105799 A1 6, 2003 Khan et al. 6.959,007 B1 10/2005 Vogel et al. 2003. O131228 A1 T/2003 Twomey 6,977.933 B2 12/2005 Soncodi et al. 2003/O145230 A1 T/2003 Chiu et al. 6,983,382 B1 1/2006 Hartke et al. 2003/0182437 A1 9, 2003 Kobayashi et al. 6,986,061 B1 1/2006 Kunzinger 2003,0223361 A1 12, 2003 Hussain et al. 6,988, 106 B2 1/2006 Enderwicket al. 2003/0236961 A1 12, 2003 Qiu et al. 7,003,586 B1 2/2006 Bailey et al. 2004/OO 10545 A1 1, 2004 Pandya 7,013,419 B2 3/2006 Kagan et al. 2004/OO 10612 A1 1, 2004 Pandya 7,017,042 B1 3, 2006 Ziai et al. 2004.?0030757 A1 2, 2004 Pandya 7,024,479 B2 4/2006 Shah et al. 2004.?0030770 A1 2, 2004 Pandya 7,032,242 B1 4/2006 Grabelsky et al. 2004/003O806 A1 2, 2004 Pandya 7,043,578 B2 5, 2006 Hufferd 2004/OO37299 A1 2, 2004 Pandya 7,047,561 B1 5, 2006 Lee 2004.?003.7319 A1 2, 2004 Pandya 7,076,803 B2 7/2006 Bruton, III et al. 2004.0049603 A1 3, 2004 Boyd et al. 7,089,293 B2 8, 2006 Grosner et al. 2004/0059443 A1 3, 2004 Sharangpani 7,095,747 B2 8/2006 Sarmiento et al. 2004/OO83387 A1 4, 2004 Dappet al. 7,113,995 B1 9, 2006 Beukema et al. 2004/0093389 A1 5, 2004 Mohamed et al. 7,124,198 B2 10/2006 Pinkerton 2004/0098600 A1 5, 2004 Eldeeb 7,133,405 B2 11/2006 Graham et al. 2004/O128398 A1 T/2004 Pettey 7,139,388 B2 11/2006 Rao 2004/O165588 A1 8, 2004 Pandya 7,149,817 B2 12/2006 Pettey 2004/0172400 A1 9, 2004 Zarom 7,149,819 B2 12/2006 Pettey 2004/0208197 A1 10, 2004 Viswanathan 7,171,484 B1 1/2007 Krause et al. 2004/0210320 A1 10, 2004 Pandya 7,234,003 B2 6/2007 Zaumen et al. 2004/0215593 A1* 10, 2004 Sharangpani et al. 707/1 7,290,280 B2 10/2007 Yeager et al. 2004/0236720 A1 11, 2004 Basso 7,313,614 B2 12/2007 Considine et al. 2004/O2500.59 A1 12, 2004 Ramelson et al. 7,346,702 B2 3, 2008 Haviv 2005, OO12521 A1 1/2005 Sharangpani et al. 7,353,332 B2 4/2008 Miller et al. 2005/0052934 A1 3, 2005 Tran et al. 7,376,755 B2 5/2008 Pandya 2005, 0108518 A1 5/2005 Pandya 7,380,015 B1 5/2008 Nakajima et al. 2005, 0131876 A1 6, 2005 Ahuja et al. 7,380,115 B2 5, 2008 Maine 2005/0216770 A1 9, 2005 Rowett et al. 7.406,470 B2 7/2008 Mathur et al. 2006, OO31568 A1 2, 2006 Eydelman et al. 7,415,723 B2 8/2008 Pandya 2006/0037017 A1 2, 2006 Accapadi et al. 7.464,254 B2 12/2008 Sharangpani et al. 2006/0O85389 A1* 4, 2006 7,472.285 B2 12/2008 Graunke et al.
Load more

Recommended publications
  • Leveraging Integrated Cryptographic Service Facility
    Front cover Leveraging Integrated Cryptographic Service Facility Lydia Parziale Redpaper International Technical Support Organization Leveraging Integrated Cryptographic Service Facility January 2018 REDP-5431-00 Note: Before using this information and the product it supports, read the information in “Notices” on page v. First Edition (January 2018) This edition applies to Version 2 Release 3 of IBM z/OS (product number 5650-ZOS). © Copyright International Business Machines Corporation 2018. All rights reserved. Note to U.S. Government Users Restricted Rights -- Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. Contents Notices . .v Trademarks . vi Preface . vii Authors. vii Now you can become a published author, too! . vii Comments welcome. viii Stay connected to IBM Redbooks . viii Chapter 1. Overview . 1 1.1 The need for cryptography . 2 1.2 Cryptographic architectures . 3 1.2.1 PKCS #11 . 3 1.2.2 IBM Common Cryptographic Architecture. 3 1.3 System Authorization Facility . 4 1.4 What ICSF is . 5 1.4.1 ICSF services . 5 1.4.2 ICSF options . 6 1.4.3 SAF-protecting ICSF services and IBM CCA Keys. 8 Chapter 2. IBM Z hardware cryptography implementation . 9 2.1 CP Assist for Cryptographic Functions . 10 2.2 The IBM Cryptographic Coprocessor . 10 2.3 The Trusted Key Entry workstation . 12 2.3.1 Clear key versus secure key versus protected key. 12 2.3.2 TKE and the benefits of using ICSF and protected keys . 14 Chapter 3. Auditing . 15 3.1 ICSF: Enhanced logging for PCI audit requirements . 16 3.2 ICSF and SMF .
    [Show full text]
  • The Fully Encrypted Data Center Encrypting Your Data Center on Oracle’S SPARC Servers
    The Fully Encrypted Data Center Encrypting Your Data Center on Oracle’s SPARC Servers O R A C L E T E C H N I C A L WHITE P A P E R | OCTOBER 2015 Table of Contents Introduction 1 Target Audience and Assumed Knowledge 1 The Role and Relevance of Oracle’s SPARC Processors 1 SPARC M7 Processor—Integrated Cryptographic Acceleration 1 SPARC Processor Cryptographic Operational Model 2 End-to-End Application Security Using SPARC Processors 3 SPARC Cryptography Performance 3 Configuring Application Tier Security 4 Oracle WebLogic Server Security Acceleration Using Oracle Ucrypto Provider 4 Accelerating TLS Using Oracle Ucrypto Provider 5 Accelerating Web Services Security Using the Oracle Ucrypto Provider 6 Using the Latest Version of TLS 7 Verifying Hardware-Assisted Security for Oracle Application Server 8 Database Tier Security 9 Oracle Database Security: Applied Scenarios 9 Master Key Management Using Oracle Solaris PKCS#11 Softtoken 9 Securing the Master Key Management for Transparent Data Encryption 10 Tablespace and Column Encryption 11 Encrypting and Decrypting Database Backup and Restore 12 Securing Data at Rest Using ZFS Encryption 13 Summary 14 References 14 THE FULLY ENCRYPTED DATA CENTER Introduction This document discusses how to secure applications using Oracle Solaris 11 security and the hardware-assisted cryptography capabilities of Oracle’s SPARC servers. This document explores the end-to-end application security scenarios, technical prerequisites, configuration, deployment, and verification guidelines for multitier application deployments running on Oracle Solaris 11–based SPARC servers. In addition, this document covers the Oracle hardware-assisted cryptographic acceleration of the SPARC processor, a key feature when performance and data protection are deemed critical.
    [Show full text]
  • On Wide Area Network Optimization
    On Wide Area Network Optimization __________________________________________ © 2012 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works. This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted without the explicit permission of the copyright holder. Citation: Y. Zhang, N. Ansari, M. Wu, and H. Yu, “On Wide Area Network Optimization,” IEEE Communications Surveys and Tutorials, Vol. 14, No.4, pp. 1090‐1113, Fourth Quarter 2012. URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=6042388 IEEE COMMUNICATIONS SURVEYS & TUTORIALS, ACCEPTED FOR PUBLICATION 1 On Wide Area Network Optimization Yan Zhang, Nirwan Ansari, Mingquan Wu, and Heather Yu Abstract—Applications, deployed over a wide area network when the packet loss rate increases from 0.1% to 3% and 5%, (WAN) which may connect across metropolitan, regional or respectively. national boundaries, suffer performance degradation owing to unavoidable natural characteristics of WANs such as high latency Many factors, not normally encountered in LANs, can and high packet loss rate. WAN optimization, also known as WAN quickly lead to performance degradation of applications which acceleration, aims to accelerate a broad range of applications are run across a WAN.
    [Show full text]
  • About This Template
    Introducing IBM z15 Cryptography And the Ecosystem around it Table of Contents ▪ IBM Z Crypto History ▪ IBM Z Crypto Solutions ▪ Enterprise Key Management Foundation (EKMF) ▪ IBM Z Crypto Hardware ▪ Security Key Lifecycle Manager (SKLM) ▪ CP Assist for Cryptographic Function ▪ Advanced Crypto Service Provider (ACSP) (CPACF) ▪ Crypto Analytics Tool (CAT) ▪ Crypto Express 7S (CEX7S) ▪ IBM Trusted Key Entry (TKE) Workstation ▪ Encryption Facility (EF) ▪ User-Defined Extensions (UDX) ▪ zSecure Suite ▪ IBM Z Pervasive Encryption ▪ IBM Z Crypto Hardware Virtualization ▪ z/OS Data Set Encryption ▪ z/VM Virtualization of Crypto Hardware ▪ Disk Encryption ▪ Coupling Facility (CF) Encryption ▪ IBM Z Crypto Software ▪ z/OS and Linux on z Network Security ▪ Linux on Z (and LinuxONE) ▪ Linux on z Volume Encryption ▪ z/OS ▪ Hyper Protect Virtual Servers ▪ z/VM ▪ z/VM Encrypted Paging ▪ z/VSE ▪ z/VM Network Security ▪ z/TPF Transparent Database Encryption IBM Z Crypto History IBM Z Crypto History 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010/11 2012 2013 Cryptographic Coprocessor Facility (CCF) G3, G4, G5, G6, z900, z800 PCI Cryptographic Coprocessor (PCICC) G5, G6, z900, z800 PCI Cryptographic Accelerator (PCICA) z800/z900 z990 z890 PCIX Cryptographic Coprocessor (PCIXCC) z990 z890 CP Assist for Cryptographic z990 z890 z9 EC z9 BC z10 EC/BC z196/z114 zEC12 zBC12 Functions z9 EC z9 BC z10 EC/BC Crypto Express2 z990/z890 ▪ Cryptographic Coprocessor Facility – Supports “Secure key” cryptographic processing ▪ PCICC Feature – Supports “Secure key” cryptographic
    [Show full text]
  • IBM Z15 Performance of Cryptographic Operations
    IBM z15 Cryptographic Performance May 2020 IBM z15 Performance of Cryptographic Operations (Cryptographic Hardware: CPACF, CEX7S) 1 IBM z15 Cryptographic Performance May 2020 © Copyright IBM Corporation 1994, 2019. IBM Corporation Marketing Communications, Server Group Route 100 Somers, NY 10589 U.S.A. Produced in the United States of America All Rights Reserved IBM, the IBM logo, ibm.com, z/OS, RACF, and zEnterprise are trademarks or registered trademarks of International Business Machines Corporation of the United States, other countries or both. If these and other IBM trademarked terms are marked on their first occurrence in this information with a trademark symbol (® or ™), these symbols indicate U.S. registered or common law trademarks owned by IBM at the time this information was published. Such trademarks may also be registered or common law trademarks in other countries. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a worldwide basis. Red Hat®, JBoss®, OpenShift®, Fedora®, Hibernate®, Ansible®, CloudForms®, RHCA®, RHCE®, RHCSA®, Ceph®, and Gluster® are trademarks or registered trademarks of Red Hat, Inc. or its subsidiaries in the United States and other countries. Other company, product and service names may be trademarks or service marks of others. IBM may not offer the products, services or features discussed in this document in all countries in which IBM operates, and the information may be subject to change without notice.
    [Show full text]
  • Covering the Spectrum of Intel Communications Products
    NOTE: PLEASE ADJUST SPINE TO PROPER WIDTH The Communications and Embedded Products Source Book Source The Communications and Embedded Products The Communications Intel Corporation United States and Canada Intel Corporation Robert Noyce Building and Embedded Products 2200 Mission College Boulevard P.O. Box 58119 Santa Clara, CA 95052-8119 Source Book 2004 USA Phone: (408) 765-8080 Europe Intel Corporation (UK) Ltd. Pipers Way Swindon Wiltshire SN3 1RJ UK Phone: England (44) 1793 403 000 France (33) 1 4694 7171 Germany (49) 89 99143 0 Italy (39) 02 575 441 Israel (972) 2 589 7111 Netherlands (31) 20 659 1800 Asia Pacific Intel Semiconductor Ltd. 32/F Two Pacific Place 88 Queensway, Central Hong Kong SAR Phone: (852) 2844-4555 Japan Intel Kabushiki Kaisha P.O. Box 300-8603 Tsukuba-gakuen May 2004 5-6 Tokodai, Tsukuba-shi Ibaraki-ken 300-2635 Japan Phone: (81) 298-47-8511 South America Intel Semicondutores do Brasil Av. Dr Chucri Zaidan, 940- 10th floor Market Place Tower II 04583-906 Sao Paulo-SP-Brasil Phone: (55) 11 3365 5500 Copyright © 2004 Intel Corporation Intel, and the Intel logo are registered trademarks of Intel Corporation. * Other names and brands may be claimed as the property of others. Printed in USA/2004/10K/MD/HP Covering the spectrum Order No. 272676-012 of Intel communications products Communications and Embedded Products Source Book elcome to The Intel Communications and Embedded Products Sourcebook—2004, your Wcomplete reference guide for Intel’s Communications and Embedded products. As you look through this sourcebook, you will note that all of the sections have been updated to include the latest released products.
    [Show full text]
  • System Z and Z/OS Unique Characteristics
    System z and z/OS unique Characteristics Wilhelm G. Spruth WSI Technical Report WSI-2010-03 Version 1.0, April 8, 2010 Wilhelm G. Spruth Wilhelm Schickard Institute for Computer Science Sand 13 D-72076 Tuebingen Germany email: [email protected] mobil: 0049-0172-8051-485 © Wilhelm Schickard Institut für Informatik ISSN 0946-3852 Abstract Many people still associate mainframes with obsolete technology. Surprisingly, the opposite is true. Mainframes feature many hardware, software, and system integration technologies, that are either not at all, or only in an elementary form, available on other server platforms. On the other hand, we know of no advanced server features which are not available on mainframes. This paper lists some 40 advanced mainframe technologies. There is a short description of each item together with a literature reference for more information. 2 Table of content 1. Introduction 5 1.1 Definition 5 1.2 The Hype 6 1.3 The Reality 7 2. Leading Edge Technologies 9 2.1 Architecture 9 2.2 Avalability and Reliability 10 2.2.1 Redundancy 10 2.2.2 Recovery Unit (RU) 11 2.2.3 Smart memory card architecture 11 2.2.4 Support Element 12 2.2.5 I/O adapter card 13 2.2.6 Software stability 14 2.2.7 GDPS 14 2.3 Security 15 2.3.1 Hardware key protection 15 2.3.2 Cryptography support 16 2.3.3 Master Key 16 2.3.4 Tamper proof Crypto cards 17 2.3.5 z/OS Security Management 17 2.3.6 z/OS Authorized Program Facility 18 2.3.7 Security Updates 18 2.4 Input/Output (I/O) 19 2.4.1 Control Units 19 2.4.2 I/O Scheduling 20 2.4.3 Connection
    [Show full text]
  • IBM Z14 (3906) Technical Guide
    Front cover IBM z14 (3906) Technical Guide Octavian Lascu Hervey Kamga Esra Ufacik Bo Xu John Troy Frank Packheiser Michal Kordyzon Redbooks International Technical Support Organization IBM z14 (3906) Technical Guide October 2018 SG24-8451-01 Note: Before using this information and the product it supports, read the information in “Notices” on page xiii. Second Edition (October 2018) This edition applies to IBM Z®: IBM z14™, IBM z13™, IBM z13s™, IBM zEnterprise EC12 (zEC12), and IBM zEnterprise BC12 (zBC12). © Copyright International Business Machines Corporation 2017. All rights reserved. Note to U.S. Government Users Restricted Rights -- Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. Contents Notices . xiii Trademarks . xiv Preface . .xv Authors. .xv Now you can become a published author, too! . xvii Comments welcome. xvii Stay connected to IBM Redbooks . xviii Chapter 1. Introducing the IBM z14 . 1 1.1 Design considerations for the IBM z14 . 2 1.2 z14 server highlights . 3 1.2.1 Processor and memory. 4 1.2.2 Capacity and performance . 4 1.2.3 Virtualization . 6 1.2.4 I/O subsystem and I/O features . 8 1.2.5 Reliability, availability, and serviceability design. 10 1.3 z14 server technical overview . 11 1.3.1 Models . 11 1.3.2 Model upgrade paths . 12 1.3.3 Frames . 13 1.3.4 CPC drawer . 13 1.3.5 I/O connectivity: PCIe Generation 3 . 17 1.3.6 I/O subsystem . 17 1.3.7 I/O and special purpose features in the PCIe I/O drawer . 18 1.3.8 Storage connectivity .
    [Show full text]
  • IBM Z15 Technical Introduction
    May IBM z15 Technical Introduction Bill White Octavian Lascu John Troy Jannie Houlbjerg Frank Packheiser Paul Schouten Kazuhiro Nakajima Anna Shugol Hervey Kamga Redbooks IBM Redbooks IBM z15 Technical Introduction May 2021 SG24-8850-02 Note: Before using this information and the product it supports, read the information in “Notices” on page vii. Third Edition (May 2021) This edition applies to the IBM z15 (machine type 8561 and 8562). © Copyright International Business Machines Corporation 2020, 2021. Note to U.S. Government Users Restricted Rights -- Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. Contents Notices . vii Trademarks . viii Preface . ix Authors. ix Now you can become a published author, too! . .x Comments welcome. xi Stay connected to IBM Redbooks . xi Chapter 1. Designed to take on today’s IT demands. 1 1.1 The IBM z15: The platform for the digital economy . 2 1.1.1 Using hybrid cloud integration services. 3 1.1.2 Securing and protecting data with encryption everywhere . 5 1.1.3 Providing resilience: The key to zero downtime . 6 1.1.4 Transforming a transactional platform into a data powerhouse . 7 1.1.5 Getting more out of the platform with operational analytics . 7 1.1.6 Accelerating digital transformation with agile service delivery . 8 1.1.7 Revolutionizing business processes . 9 1.1.8 Blending open source and IBM Z technologies. 9 1.2 z15 technical description. 10 1.2.1 Technical highlights . 10 1.2.2 IBM z15 features and functions . 12 1.2.3 Storage connectivity . 15 1.2.4 Network connectivity .
    [Show full text]
  • Context-Aware and Real-Time Entrustment Framework For
    Context-Aware and Real-time Entrustment Framework for Securing Next Generation Internet Communications by Abdulmonem Mohammad Rashwan A thesis submitted to the Graduate Program in Computing in conformity with the requirements for the degree of Doctor of Philosophy Queen’s University Kingston, Ontario, Canada April, 2018 Copyright © Abdulmonem Mohammad Rashwan, 2018 Abstract The Internet has been repeatedly demonstrated to be insufficiently secure for transferring sensitive information worldwide. This insecurity is an inherent characteristic as the Internet did not make any security considerations in its initial design. Rather, as is famously known, it was designed to connect “mutually trusting users”. Such void motivated a long and extensive history of a variety of trust measures to secure Internet communications at its different levels or layers. To date, however, the proposed security measures have been identified as computationally demanding, especially as they utilize cryptographic computations. In light of the evolution of the Internet-of-Things (IoT) and therefore the growing reliance on elements with limited capabilities (in terms of computing and/or energy), facilitating security becomes an equally increasing challenge. Such elements include embedded systems, sensors/actuators, small-scale mobile and wireless devices, in addition to various elements utilized in real-time and/or delay-critical applications. Considerations must therefore be made for addressing the computational challenge while providing the required security. In the meanwhile, any meaningful security solution must be global (i.e., Internet-wide) in its operation. Our objective in this thesis is to demonstrate that an adaptive, end-to-end security solution for the next generation Internet is viable. Integral to our thesis is a holistic and innovative proposal for a Context- Aware and Real-time Entrustment framework or (CARE).
    [Show full text]
  • System Z and Z/OS Unique Characteristics
    System z and z/OS unique Characteristics Wilhelm G. Spruth WSI Technical Report WSI-2010-03 Version 1.3, Jan. 11, 2013 Wilhelm G. Spruth Wilhelm Schickard Institute for Computer Science Sand 13 D-72076 Tuebingen Germany email: [email protected] mobil: 0049-0172-8051-485 © Wilhelm Schickard Institut für Informatik ISSN 0946-3852 Download http://www-ti.informatik.uni-tuebingen.de/~spruth/Mirror/Revita.pdf Abstract Many people still associate mainframes with obsolete technology. Surprisingly, the opposite is true. Mainframes feature many hardware, software, and system integration technologies, that are either not at all, or only in an elementary form, available on other server platforms. On the other hand, we know of no advanced server features which are not available on mainframes. This paper lists some 40 advanced mainframe technologies. There is a short description of each item together with a literature reference for more information. 2 Table of content 1. Introduction 5 1.1 Definition 5 1.2 The Hype 6 1.3 The Reality 7 2. Leading Edge Technologies 9 2.1 Architecture and Hardware 9 2.1.1 Architecture 9 2.1.2 Processor design 9 2.1.3 Multichip module technology 10 2.1.4 Cache hierarchy 10 2.1.5 Numa Cache 11 2.2 Avalability and Reliability 12 2.2.1 Redundancy 12 2.2.2 Recovery Unit (RU) 13 2.2.3 Smart memory card architecture 14 2.2.4 Memory error checking and correction 14 2.2.5 Support Element 15 2.2.6 I/O adapter card 16 2.2.7 Software stability 17 2.2.8 GDPS 17 2.3 Security 18 2.3.1 Hardware key protection 18 2.3.2
    [Show full text]
  • Avamar Product Security Guide
    Dell EMC Avamar Product Security Guide 18.2 Dell Inc. June 2020 Rev. 06 Notes, cautions, and warnings NOTE: A NOTE indicates important information that helps you make better use of your product. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. © 2001 - 2020 Dell Inc. or its subsidiaries. All rights reserved. Dell, EMC, and other trademarks are trademarks of Dell Inc. or its subsidiaries. Other trademarks may be trademarks of their respective owners. Contents Figures.......................................................................................................................................... 7 Tables............................................................................................................................................8 Preface.........................................................................................................................................12 Chapter 1: Introduction.................................................................................................................. 15 Security patches.................................................................................................................................................................. 15 Periodic security updates for multiple components...................................................................................................15 Remedying security patch
    [Show full text]