8 cryptographic, Cp assist for cryptographic function – IBM 990 User Manual
Page 24
12
IBM
^
zSeries 990 Technical Guide
OSA-Express ATM
The OSA-Express Asynchronous Transfer Mode (ATM) features are not supported on z990.
They are not offered as a new build option and are not offered on an upgrade from z900. This
satisfies the Statement of General Direction in the hardware announcement dated April 30,
2002.
If ATM connectivity is still desired, a multiprotocol switch or router with the appropriate
network interface (for example, 1000BASE-T Ethernet, Gigabit Ethernet) can be used to
provide connectivity between the z990 and an ATM network.
OSA-2 FDDI
The OSA-2 Fiber Distributed Data Interface (FDDI) feature is not supported on z990. It is not
offered as a new build option and is not offered on an upgrade from z900. This satisfies the
Statement of General Direction in the hardware announcement dated October 4, 2001.
If FDDI connectivity is still desired, a multiprotocol switch or router with the appropriate
network interface (for example, 1000BASE-T Ethernet, Gigabit Ethernet) can be used to
provide connectivity between the z990 and a FDDI LAN.
Parallel channels and converters
Parallel channels are not supported on z990. Customers who wish to use parallel-attached
devices with z990 must obtain a parallel channel converter box such as the IBM 9034, which
may be available through IBM Global Services (IGS), or obtain a third-party parallel channel
converter box such as the Optica 34600 FXBT. In both cases, these are connected to an
ESCON channel.
For more information about Optica offerings, contact Optica directly:
1.3.8 Cryptographic
Here we discuss cryptographic functions and features.
CP Assist for cryptographic function
The zSeries cryptography is further advanced with the introduction of the Cryptographic
Assist Architecture implemented on every z990 PU. The z990 processor provides a set of
symmetric cryptographic functions, synchronously executed, which enormously enhance the
performance of the encrypt/decrypt function of SSL, Virtual Private Network (VPN), and data
storing applications that do not require FIPS 140-2 level 4 security. The on-processor crypto
functions run at z990 processor speed.
These cryptographic functions are implemented in every PU; the affinity problem of pre-z990
systems is eliminated. The Crypto Assist Architecture includes DES and T-DES data
en/decryption, MAC message authentication, and SHA-1 secure hashing. These functions
are directly available to application programs (zSeries Architecture instructions). SHA-1 is
always enabled, but other cryptographic functions are available only when the Crypto
enablement feature (FC 3863) is installed.
PCI Cryptographic Accelerator feature (PCICA)
The Peripheral Component Interconnect Cryptographic Accelerator (PCICA) feature has two
accelerator cards per feature and is an optional addition, along with the Peripheral
Component Interconnect X Cryptographic Coprocessor (PCIXCC) FC0868. The PCICA is a
very fast cryptographic processor designed to provide leading-edge performance of the