Download Free Security And Linux On Z Systems Book in PDF and EPUB Free Download. You can read online Security And Linux On Z Systems and write the review.

This IBM® RedpaperTM publication discusses security practices for running Linux on z Systems on the IBM z14. It examines the unique security and integrity features that the IBM Z platform brings to the enterprise. It also examines pervasive encryption and its role in protecting data at rest.
This IBM® RedpaperTM provides a broad understanding of the components necessary to secure your IBM z Systems environment. It provides an end-to-end architectural reference document for a use case that employs both mobile and analytics. It also provides an end to end explanation of security on z Systems from the systems of record through the systems of engagement. Security is described in terms of transactions, covering what happens after a transaction hits the system of engagement and what needs to be in place from that moment forward. The audience for this paper is IT architects and those planning to use z Systems for their mobile and analytics environments.
Discussions about server sprawl, rising software costs, going green, or moving data centers to reduce the cost of business are held in many meetings or conference calls in many organizations throughout the world. And many organizations are starting to turn toward System zTM and z/VM® after such discussions. The virtual machine operating system has over 40 years of experience as a hosting platform for servers, from the days of VM/SP, VM/XA, VM/ESA® and especially now with z/VM. With the consolidation of servers and conservative estimates that approximately seventy percent of all critical corporate data reside on System z, we find ourselves needing a highly secure environment for the support of this infrastructure. This document was written to assist z/VM support and security personnel in providing the enterprise with a safe, secure and manageable environment. This IBM® Redbooks® publication provides an overview of security and integrity provided by z/VM and the processes for the implementation and configuration of z/VM Security Server, z/VM LDAP Server, IBM Tivoli® Directory Server for z/OS®, and Linux® on System z with PAM for LDAP authentication. Sample scenarios with RACF® database sharing between z/VM and z/OS, or through Tivoli Directory Integrator to synchronize LDAP databases, are also discussed in this book. This book provides information about configuration and usage of Linux on System z with the System z Cryptographic features documenting their hardware and software configuration. The Consul zSecure Pro Suite is also part of this document: this product helps to control and audit security not only on one system, but can be used as a single point of enterprise wide security control. This document covers the installation and configuration of this product and detailed information is presented on how z/Consul can be used to collect and analyze z/VM security data and how it can be helpful in the administration of your audit data.
As workloads are being offloaded to IBM® z SystemsTM based cloud environments, it is important to ensure that these workloads and environments are secure. This IBM Redbooks® publication describes the necessary steps to secure your environment for all of the components that are involved in a z Systems cloud infrastructure that uses IBM z/VM® and Linux on z Systems. The audience for this book is IT architects and those planning to use z Systems for their cloud environments.
LinuxONE® is a hardware system that is designed to support and use the Linux operating system based on the value of its unique underlying architecture. LinuxONE can be used within a private and multi-cloud environment to support a range of workloads and service various needs. On LinuxONE, security is built into the hardware and software. This IBM® Redpaper® publication gives a broad understanding of how to use the various security features that make the most of and complement the LinuxONE hardware security features, including the following examples: Hardware accelerated encryption of data, which is delivered with near-zero overhead by the on-chip Central Processor Assist for Cryptographic Function (CPACF) and a dedicated Crypto Express adapter. Virtualization and industry-leading isolation capabilities with PR/SM, EAL 5+ LPARs, DPM, KVM, and IBM z/VM®. The IBM Secure Service Container technology, which provides workload isolation, restricted administrator access, and tamper protection against internal threats, including from systems administrators. Other technologies that use LinuxONE security capabilities and practical use cases for these technologies. This publication was written for IT executives, architects, specialists, security administrators, and others who consider security for LinuxONE.
This IBM® Redbooks® publication is volume one of five in a series of books entitled The Virtualization Cookbook for IBM Z. The series includes the following volumes: The Virtualization Cookbook for IBM z Systems® Volume 1: IBM z/VM® 7.2, SG24-8147 The Virtualization Cookbook for IBM Z Volume 2: Red Hat Enterprise Linux 8.2 Servers, SG24-8303 The Virtualization Cookbook for IBM z Systems Volume 3: SUSE Linux Enterprise Server 12, SG24-8890 The Virtualization Cookbook for IBM z Systems Volume 4: Ubuntu Server 16.04, SG24-8354 Virtualization Cookbook for IBM Z Volume 5: KVM, SG24-8463 It is recommended that you start with Volume 1 of this series because the IBM z/VM hypervisor is the foundation (or base "layer") for installing Linux on IBM Z®. This book series assumes that you are generally familiar with IBM Z technology and terminology. It does not assume an in-depth understanding of z/VM or Linux. It is written for individuals who want to start quickly with z/VM and Linux, and get virtual servers up and running in a short time (days, not weeks or months). Volume 1 starts with a solution orientation, discusses planning and security, and then, describes z/VM installation methods, configuration, hardening, automation, servicing, networking, optional features, and more. It adopts a "cookbook-style" format that provides a concise, repeatable set of procedures for installing, configuring, administering, and maintaining z/VM. This volume also includes a chapter on monitoring z/VM and the Linux virtual servers that are hosted. Volumes 2, 3, and 4 assume that you completed all of the steps that are described in Volume 1. From that common foundation, these volumes describe how to create your own Linux virtual servers on IBM Z hardware under IBM z/VM. The cookbook format continues with installing and customizing Linux. Volume 5 provides an explanation of the kernel-based virtual machine (KVM) on IBM Z and how it can use the z/Architecture®. It focuses on the planning of the environment and provides installation and configuration definitions that are necessary to build, manage, and monitor a KVM on Z environment. This publication applies to the supported Linux on Z distributions (Red Hat, SUSE, and Ubuntu).
Leverage Your Security Expertise in IBM® System zTM Mainframe Environments For over 40 years, the IBM mainframe has been the backbone of the world’s largest enterprises. If you’re coming to the IBM System z mainframe platform from UNIX®, Linux®, or Windows®, you need practical guidance on leveraging its unique security capabilities. Now, IBM experts have written the first authoritative book on mainframe security specifically designed to build on your experience in other environments. Even if you’ve never logged onto a mainframe before, this book will teach you how to run today’s z/OS® operating system command line and ISPF toolset and use them to efficiently perform every significant security administration task. Don’t have a mainframe available for practice? The book contains step-by-step videos walking you through dozens of key techniques. Simply log in and register your book at www.ibmpressbooks.com/register to gain access to these videos. The authors illuminate the mainframe’s security model and call special attention to z/OS security techniques that differ from UNIX, Linux, and Windows. They thoroughly introduce IBM’s powerful Resource Access Control Facility (RACF) security subsystem and demonstrate how mainframe security integrates into your enterprise-wide IT security infrastructure. If you’re an experienced system administrator or security professional, there’s no faster way to extend your expertise into “big iron” environments. Coverage includes Mainframe basics: logging on, allocating and editing data sets, running JCL jobs, using UNIX System Services, and accessing documentation Creating, modifying, and deleting users and groups Protecting data sets, UNIX file system files, databases, transactions, and other resources Manipulating profiles and managing permissions Configuring the mainframe to log security events, filter them appropriately, and create usable reports Using auditing tools to capture static configuration data and dynamic events, identify weaknesses, and remedy them Creating limited-authority administrators: how, when, and why
This IBM® Redbooks® publication is Volume 3 of a series of three books called The Virtualization Cookbook for IBM z Systems. The other two volumes are called: The Virtualization Cookbook for IBM z Systems Volume 1: IBM z/VM 6.3, SG24-8147 The Virtualization Cookbook for IBM z Systems Volume 2: Red Hat Enterprise Linux 7.1 Servers, SG24-8303 It is suggested that you start with Volume 1 of this series, because IBM z/VM® is the base "layer" when installing Linux on IBM z SystemsTM. Volume 1 starts with an introduction, describes planning, and then describes z/VM installation into a two-node, single system image (SSI) cluster, configuration, hardening, automation, and servicing. It adopts a cookbook format that provides a concise, repeatable set of procedures for installing and configuring z/VM using the SSI clustering feature. Volumes 2 and 3 describe how to roll your own Linux virtual servers on z Systems hardware under z/VM. The cookbook format continues with installing and customizing Linux. Volume 3 focuses on SUSE Linux Enterprise Server 12. It describes how to install and configure SUSE Linux Enterprise Server 12 onto the Linux administration system, which does the cloning and other tasks. It also explains how to use AutoYaST2, which enables you to automatically install Linux using a configuration file, and explains how to create and use appliances and bootable images from configuration files. In addition, it provides information about common tasks and tools available to service SUSE Linux Enterprise Server.
This IBM® Redbooks® publication is Volume 2 of a five-volume series of books entitled The Virtualization Cookbook for IBM Z®. This volume includes the following chapters: Chapter 1, "Installing Red Hat Enterprise Linux on LNXADMIN" on page 3, describes how to install and configure Red Hat Enterprise Linux onto the Linux Administration server, which performs the cloning and other tasks. Chapter 2, "Automated Red Hat Enterprise Linux installations by using Kickstart" on page 37, describes how to use Red Hat's kickstart tool to create Linux systems. This tool is fundamentally different from cloning in that an automated installation is implemented. You can try kickstart and cloning. Understand that these applications attempt to accomplish the same goal of quickly getting Linux systems up and running, and that you do not need to use both. Chapter 3, "Working with subscription-manager, yum, and DaNdiFied" on page 47, describes how the Red Hat Network works. It provides centralized management and provisioning for multiple Red Hat Enterprise Linux systems. Kickstart is an easy and fast way to provision your Linux guests in any supported Linux platform. It re-creates the operating system from the beginning by using the kickstart profile configuration file that installs the new operating system unattended. It also sets up the new guest according to the definition that was set up in the kickstart file. Usually, Linux is administered by the same team that manages Linux on all platforms. By using kickstart, you can create a basic profile that can be used in all supported platforms and customize Linux profiles, as needed. Cloning requires a better understanding of the z/VM environment and z/VM skills. It is a fast process if you enable the IBM FlashCopy® feature in advance. It clones the disks from a golden image to new disks that are used by the new Linux guest. The process can be automated by using the cloning scripts that are supplied with this book. It is recommended that you start with The Virtualization Cookbook for IBM Z Volume 1: IBM z/VM 7.2, SG24-8147 of this series because the IBM® z/VM hypervisor is the foundation (or base "layer") for installing Linux on IBM Z.
This IBM Redbooks publication discusses z/VM and Linux operations from the perspective of the z/OS programmer or system programmer. Although other books have been written about many of these topics, this book gives enough information about each topic to describe z/VM and Linux on IBM System z operations to somebody who is new to both environments. This book is intended for z/OS programmers and system programmers who are transitioning to the z/VM and Linux on System z environments and who want a translation guide for assistance. We base this book on our experiences using System z10 Enterprise Edition, z/VM version 5.3 RSU 0701, and Novell SUSE Linux Enterprise Server (SLES) 10 on System z.