140 likes | 269 Views
z/OS V14 March 2012. What’s Being Released? – z/OS. Release & Announce Date: 3/12/2012 PKZIP and SecureZIP for z/OS SecureZIP Partner for z/OS. What’s New in v14. Create and Extract OpenPGP Files zIIP Support Command Substitution. OpenPGP Integration.
E N D
z/OS V14 March 2012
What’s Being Released? – z/OS • Release & Announce Date: 3/12/2012 • PKZIP and SecureZIP for z/OS • SecureZIP Partner for z/OS
What’s New in v14 • Create and Extract OpenPGP Files • zIIP Support • Command Substitution
OpenPGP Integration • Encrypt ZIP files using passphrase, x.509 digital certificates, and/or OpenPGP keys • Encrypt OpenPGP files using passphrase and/or OpenPGP keys • Sign ZIP files using x.509 digital certificates • Sign OpenPGP files with OpenPGP keys • Authenticate files signed with OpenPGP keys and x.509 digital certificates
OpenPGP Integration • Keys stored in file based pgp key rings • Supports OpenPGP Contingency keys • Integrated with SecureZIP ISPF interface • New and modified commands • Native z/OS implementation, exploits hardware • CPACF high speed encryption and hashing • Not FIPS 140 Compliant in OpenPGP mode
Levels of OpenPGP Function *OpenPGP function is incremental
Main ZIP Panel – Pop-up “Archive File Format” pop-up has new value for PGPFILE format
New OpenPGP Commands/ Controls • New Commands • -{PGPSET,attribute list} • -{PGPKEYRDEF=ring_handle;PUB|PVT;FILE;filename} • Modified Commands • -ARCHIVE_ZIPFORMAT=PGPFILE • -RECIPIENT(PGP:ring_handle[,CN=|EMAIL=|KEYID=|*ALL][,PASSWORD=]) • -SIGN_ARCHIVE(PGP:ring_handle[,CN=|EMAIL=|KEYID=][,PASSWORD=]) • -ENCRYPTION_METHOD=CAST5 • -AUTHCHK(ARCHIVE, PGP:ring_handle) • Security Server Resource Controls – New Values • ENCRYPTION_METHOD.CAST5 • CRYPTO_KEYTYPE.RECIPIENT.PGPKEYS
SecureZIP PartnerLink v14 For the Partner that insists on OpenPGP files, they don’t need SecureZIP Partner, they already have a tool to decrypt OpenPGP files Partner PGP Partner Partner Sponsor Partner Partner Partner
zIIP Specialty Engine Support • z Integrated Information Processor - zIIP • Initially for DB2 Workload, now sort, compression, anything that can be scheduled in an enclave SRB • Optional, chargeable IBM System z feature • Offloads work from general CPs • Using zIIP’s can save customers money • zIIPs do not affect the MSU’s (MIPS) • Are less expensive than general processors
V14 Adds Support for zIIP • PKZIP and SecureZIP – All Editions • –ZIIP_RUNOPTS(Y|N) • Controls whether qualified processing may be scheduled to execute on an active zIIP • Using zIIP requires that PKZIP/SecureZIP be APF enabled, or activated through the PKWSVC.
What does zIIP Support mean? • Work is MOVED from the general processor to the zIIP • Doesn’t make it run faster • Doesn’t use less total CPU • Task processing time offloaded to enclave CPU • For faster processing with less CPU • Consider using Hardware Compression feature
Command Variable Substitution • Allows for command customization • Permits use of template command sets • Four types of substitutions • Job related, e.g. Job name, Step name • System related, e.g. SMF id and LPAR id • Time/Date • User defined