End-to-end Encryption with SLES for z Systems and LinuxONE 12 SP3

SUSE Linux Enterprise Server for z Systems and LinuxONE 12 SP3 became available on September 7th and delivers virtualization and security enhancements that are essential in today’s security-conscious world. With a full range of security features, IBM’s latest mainframe systems (i.e., z14) enables pervasive, end-to-end data encryption without impacting performance – no small feat! And now with the latest SUSE Service Pack 3, SLES for Z exploits the newest cryptography features that IBM Z has to offer.

Considering that 90 of the top 100 IBM Z Enterprises are running Linux on z as of 2Q17 (based on IBM Z data from July 19, 2017; top 100 is based on total installed MIPS), it is imperative that Linux supports and leverages the key security features of the Z hardware.

The combination of SUSE Linux Enterprise Server for z Systems and LinuxONE 12 SP3 and the Z hardware delivers security at every level for maximum, end-to-end data protection:

• Data encryption is built-in, cost-effective, scalable and tamper resistant
• Advanced cryptography is handled at multiple levels, with cryptographic co-processors that are optimized for encryption functions
• Security, including data access and encryption, is integrated across the entire platform and instituted into the software lifecycle
• Consistent, policy-based access and authentication provides a single point of control
• Data is protected with hardware-enforced tenant isolation
• Public Key Infrastructure provides a centralized key repository and management that is built-in, secure and highly available
• Auditing provides granular and detailed tracking of events for accurate and comprehensive reporting
• Network security is enhanced with secure and direct memory communications between partitions, reducing the need for additional secured networks.

Pervasive encryption enablement with no impact to performance is core to the IBM Z value. By hosting solutions on SUSE Linux on Z, customers can reap the benefits of the exceptional levels of security offered by the mainframe.

Jeff Reser
@JeffReserNC