Maximizing Security with LinuxONE

Maximizing Security with LinuxONE

by Lydia Parziale, Leticia Alexander, Yongkook Kim, Rushir Patel, Narjisse Zaki
Released August 2020
Publisher(s): IBM Redbooks
ISBN: 9780738458984

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to live online training experiences, plus books, videos, and digital content from O’Reilly and nearly 200 trusted publishing partners.

Start your free trial

Book description

LinuxONE® is a hardware system that is designed to support and use the Linux operating system based on the value of its unique underlying architecture. LinuxONE can be used within a private and multi-cloud environment to support a range of workloads and service various needs.

On LinuxONE, security is built into the hardware and software.

This IBM® Redpaper® publication gives a broad understanding of how to use the various security features that make the most of and complement the LinuxONE hardware security features, including the following examples:


  • Hardware accelerated encryption of data, which is delivered with near-zero overhead by the on-chip Central Processor Assist for Cryptographic Function (CPACF) and a dedicated Crypto Express adapter.
  • Virtualization and industry-leading isolation capabilities with PR/SM, EAL 5+ LPARs, DPM, KVM, and IBM z/VM®.
  • The IBM Secure Service Container technology, which provides workload isolation, restricted administrator access, and tamper protection against internal threats, including from systems administrators.
  • Other technologies that use LinuxONE security capabilities and practical use cases for these technologies.

This publication was written for IT executives, architects, specialists, security administrators, and others who consider security for LinuxONE.

Table of contents

  1. Front cover
  2. Notices
    1. Trademarks
  3. Preface
    1. Authors
    2. Now you can become a published author, too!
    3. Comments welcome
    4. Stay connected to IBM Redbooks
  4. Chapter 1. Introduction
    1. 1.1 Introduction to LinuxONE
    2. 1.2 Enterprise Security Challenges
      1. 1.2.1 Data protection and privacy
      2. 1.2.2 Secure hybrid cloud integration
      3. 1.2.3 Cyber resiliency and availability
      4. 1.2.4 Industry and regulatory compliance
    3. 1.3 IBM LinuxONE servers
      1. 1.3.1 IBM LinuxONE III LT1
      2. 1.3.2 IBM LinuxONE III LT2
      3. 1.3.3 IBM LinuxONE Emperor II
      4. 1.3.4 IBM LinuxONE Rockhopper II
  5. Chapter 2. Core security technologies on LinuxONE
    1. 2.1 Secure cryptographic hardware
      1. 2.1.1 Central Processor Assist for Cryptographic Functions
      2. 2.1.2 IBM Crypto Express adapter
    2. 2.2 Virtualization technology
      1. 2.2.1 PR/SM and LPARs
      2. 2.2.2 Kernel-based virtual machine
      3. 2.2.3 z/VM
    3. 2.3 IBM Secure Execution for Linux
    4. 2.4 IBM Secure Boot for Linux
  6. Chapter 3. Users of security on LinuxONE
    1. 3.1 IBM Secure Service Container
    2. 3.2 IBM Data Privacy Passports
      1. 3.2.1 Benefits of data-centric protection
      2. 3.2.2 Data Privacy Passports overview
    3. 3.3 IBM Cloud Hyper Protect Services
      1. 3.3.1 IBM Cloud Hyper Protect Crypto Services
      2. 3.3.2 IBM Cloud Hyper Protect DBaaS
      3. 3.3.3 IBM Hyper Protect Virtual Servers
    4. 3.4 IBM Fibre Channel Endpoint security
    5. 3.5 Cryptographic Key Management for LinuxONE
      1. 3.5.1 Operational Key Lifecycle Management
      2. 3.5.2 Master Key Lifecycle Management
  7. Chapter 4. Use cases
    1. 4.1 Containers and data encryption use case
      1. 4.1.1 Context and challenges
      2. 4.1.2 Solution
      3. 4.1.3 Implementation
      4. 4.1.4 Summary
    2. 4.2 Database and volume encryption use case
      1. 4.2.1 Context and challenges
      2. 4.2.2 Solution
      3. 4.2.3 Getting started
      4. 4.2.4 Summary
    3. 4.3 Hyper Protect Digital Asset Platform
      1. 4.3.1 Digital assets and why is it important
      2. 4.3.2 Hyper Protect proposed solution architecture
      3. 4.3.3 Solution offering and deployment examples
  8. Chapter 5. IBM Blockchain Platform with IBM LinuxONE
    1. 5.1 Blockchain, Hyperledger, and IBM Blockchain Platform
    2. 5.2 IBM Blockchain Platform for LinuxONE
      1. 5.2.1 IBM Blockchain Platform
  9. Appendix A. Reference guide
  10. Back cover

Product information

  • Title: Maximizing Security with LinuxONE
  • Author(s): Lydia Parziale, Leticia Alexander, Yongkook Kim, Rushir Patel, Narjisse Zaki
  • Release date: August 2020
  • Publisher(s): IBM Redbooks
  • ISBN: 9780738458984