Maximizing Security with LinuxONE

Maximizing Security with LinuxONE

by Lydia Parziale, Yongkook Kim, Rushir Patel, Narjisse Zaki
Released October 2019
Publisher(s): IBM Redbooks
ISBN: 9780738458137

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

LinuxONE is a hardware system designed to support and exploit the Linux operating system based on the value of its unique underlying architecture. LinuxONE can be used within a private and multi-cloud environment to support a range of workloads and service a variety of needs.
On LinuxONE, security is built into both the hardware and software.
This IBM® Redpaper publication gives a broad understanding of how to leverage the various security features that exploit and complement the LinuxONE hardware security features, such as these:

  1. Hardware accelerated encryption of data, delivered with near-zero overhead by the on-chip Central Processor Assist for Cryptographic Function (CPACF) and a dedicated Crypto Express adapter.

  2. Virtualization and industry leading isolation capabilities with PR/SM, EAL 5+ LPARs, DPM, KVM, and IBM z/VM®.

  3. The IBM Secure Service Container technology, which provides workload isolation, restricted administrator access, and tamper protection against internal threats, including from systems administrators.

  4. Other technologies that exploit LinuxONE security capabilities and deeper dives into practical use cases for these technologies.

This IBM Redpaper publication was written for IT executives, architects, specialists, security administrators, and others who consider security when using LinuxONE.

Table of contents

  1. Front cover
  2. Notices
    1. Trademarks
  3. Preface
    1. Authors
    2. Now you can become a published author, too!
    3. Comments welcome
    4. Stay connected to IBM Redbooks
  4. Chapter 1. Introduction
    1. 1.1 Introduction to LinuxONE
    2. 1.2 Enterprise Security Challenges
      1. 1.2.1 Data protection and privacy
      2. 1.2.2 Secure hybrid cloud integration
      3. 1.2.3 Cyber resiliency and availability
      4. 1.2.4 Industry and regulatory compliance
    3. 1.3 IBM LinuxONE servers
      1. 1.3.1 IBM LinuxONE III
      2. 1.3.2 IBM LinuxONE Emperor II
      3. 1.3.3 IBM LinuxONE Rockhopper II
  5. Chapter 2. Core Security Technologies on LinuxONE
    1. 2.1 Secure cryptographic hardware
      1. 2.1.1 Central Processor Assist for Cryptographic Functions
      2. 2.1.2 IBM Crypto Express adapter
    2. 2.2 Virtualization technology
      1. 2.2.1 PR/SM and LPARs
      2. 2.2.2 KVM
      3. 2.2.3 z/VM
  6. Chapter 3. Exploiters of Security on LinuxONE
    1. 3.1 IBM Secure Service Container
    2. 3.2 IBM Secure Boot for Linux
    3. 3.3 IBM Cloud Hyper Protect Services
      1. 3.3.1 IBM Cloud Hyper Protect Crypto Services
      2. 3.3.2 IBM Cloud Hyper Protect DBaaS
    4. 3.4 Cryptographic Key Management for LinuxONE
      1. 3.4.1 Operational Key Lifecycle Management
      2. 3.4.2 Master Key Lifecycle Management
  7. Chapter 4. Use cases
    1. 4.1 Containers and data encryption use case
      1. 4.1.1 Context and challenges
      2. 4.1.2 Solution
      3. 4.1.3 Implementation
      4. 4.1.4 Summary
    2. 4.2 Database and volume encryption use case
      1. 4.2.1 Context and challenges
      2. 4.2.2 Solution
      3. 4.2.3 Getting started
      4. 4.2.4 Summary
  8. Chapter 5. IBM Blockchain Platform with IBM LinuxONE
    1. 5.1 Blockchain, Hyperledger, and IBM Blockchain Platform
    2. 5.2 Details of IBM Blockchain Platform for LinuxONE
      1. 5.2.1 IBM Blockchain Platform
      2. 5.2.2 How IBP for ICP exploits security hardware features on LinuxONE
  9. Appendix A. Summary and Reference Guide
    1. Reference table
  10. Back cover

Product information

  • Title: Maximizing Security with LinuxONE
  • Author(s): Lydia Parziale, Yongkook Kim, Rushir Patel, Narjisse Zaki
  • Release date: October 2019
  • Publisher(s): IBM Redbooks
  • ISBN: 9780738458137