Skip to main content

IBM Systems  >   System z  >   z/VM  >  
z/VM Security and Integrity Resources

Updated: 07 Jan. 2008

Keep apprised on security related to z/VM. This page includes news, news archive, pertinent presentations, papers, Redbooks, and publications, links to press articles and pointers to online discussions.

Feb. 06, 2007 Statement of Direction (*) for z/VM V5.3
Common Criteria Certification:
IBM intends to evaluate z/VM V5.3 with the RACF Security Server optional feature for conformance to the Controlled Access Protection Profile (CAPP) and Labeled Security Protection Profile (LSPP) of the Common Criteria standard for IT security, ISO/IEC 15408, at Evaluation Assurance Level 4 (EAL4).

This represents a modification to IBM's previously expressed Statement of Direction of July 27, 2005, which stated IBM's intent to evaluate z/VM V5.2 at EAL4. Based on additional assessment of requirements, IBM no longer intends to evaluate z/VM V5.2.

Feb. 06, 2007 New security-related enhancements for z/VM V5.3
  • Delivery of LDAP server and client
  • Enhanced system security with longer passwords
  • z/VM V5.3 adds Secure Sockets Layer/Transport Layer Security (SSL/TLS) support for industry-standard secure FTP (RFC 4217), Telnet (draft specification #6), and SMTP (RFC 3207) sessions.
  • SSL server enhancements
  • Support of drive-based data encryption with the IBM System Storage TS1120 Tape Drive (machine type 2 3592, model E05).
Dec. 16, 2005 New for z/VM V5.2
The z/VM V5.2 SSL server has been enhanced to provide support for a wider range of Linux for IBM zSeries and System z9 distributions:
  • Novell SUSE Linux Enterprise Server 8
  • Novell SUSE Linux Enterprise Server 9
  • Red Hat Enterprise Linux AS Version 3
  • Red Hat Enterprise Linux AS Version 4

Support is provided for both 31-bit and 64-bit kernels.

Dec. 16, 2005 New for z/VM V5.2
z/VM V5.2 introduces the ability for a guest to trace (sniff) all traffic flowing within a Guest LAN or Virtual Switch (VSWITCH) to which it is coupled. This is a privileged function requiring special authorization. Authorization can be provided by the SET LAN or SET VSWITCH commands, the MODIFY LAN or MODIFY VSWITCH statements in the CP system configuration file, or in your external security manager. For RACF/VM, authorization is granted by giving the user UPDATE authority to the VMLAN profile protecting the Guest LAN or VSWITCH.
Dec. 16, 2005 New for z/VM V5.2
The Directory Maintenance (DirMaint) feature of z/VM V5.2 has been updated to more easily integrate it with RACF/VM. Many of the functions that previously required a separate RACF command (such as when adding or deleting minidisks) now issue the needed RACF commands for you. This reduces both the time it takes to manage user resources and the opportunity for errors. This capability is also available for use on z/VM V5.1.

Read more about z/VM Security in the z/VM Security News archive

Papers, Redbooks, and Publications
Redbook: Introduction to the New Mainframe: Security (04-2007)
Redbook: IBM Tivoli Security and System z (01-2008)
Redpaper: Monitoring System z Cryptographic Services (12-2007)
Redpaper: Security on z/VM (12-2007)
z/VM Security and Integrity PDF 04-2005
Linux on IBM eServer zSeries: Best Security Practices
Linux on zSeries Security White Paper PDF
Exploring Open Source Security for a Linux Server Environment PDF

Presentations
z/VM Security and Integrity (Alan Altmark, Aug.2005) PDF Updated

Press articles
Understanding z/VM Integrity and Security, by Alan Altmark
     (eServer Magazine Mainframe Edition, 11/2002)

Discussions
Fora and Listserv discussions with the VM and Linux community


Note: *
All statements regarding IBM's plans, directions, and intent are subject to change or withdrawal without notice. Any reliance on this Statement of Direction is at the relying party's sole risk and will not create any liability or obligation for IBM.

 

Mainframe security
Security links
VM Security News
z/VM Integrity
IBM Security
System z Security
z/OS Security
Linux on System z
z/VM V5.3 Resources
z/VM V5.2 Resources
Read about System z
Optimized to help meet the requirements of today's on demand solutions.
Learning opportunities
penguins
View calendar of events where you can hear about z/VM, Linux on System z, and more