Cover image for Securing Your Cloud: IBM Security for LinuxONE

Securing Your Cloud: IBM Security for LinuxONE

Author Maciej Olejniczak , Felipe Cardeneti Mendes , Karen Medhat Fahmy , Klaus Egeler , Ed
Release Date: 2019/08/01
ISBN: 9780738457949
Topic:
0%
15
Chapters
0-1
Hours read
0k
Total Words
    Start Reading Now    
       Add to Wishlist       
View table of contents

Book Description

As workloads are being offloaded to IBM® LinuxONE based cloud environments, it is important to ensure that these workloads and environments are secure.

This IBM Redbooks® publication describes the necessary steps to secure your environment from the hardware level through all of the components that are involved in a LinuxONE cloud infrastructure that use Linux and IBM z/VM®.

The audience for this book is IT architects, IT Specialists, and those users who plan to use LinuxONE for their cloud environments.

Table of Contents

  1. Front cover
  2. Notices
    1. Trademarks
  3. Preface
    1. Authors
    2. Now you can become a published author, too!
    3. Comments welcome
    4. Stay connected to IBM Redbooks
  4. Chapter 1. IBM LinuxONE essentials
    1. 1.1 LinuxONE architecture and hardware
    2. 1.2 LinuxONE architecture
    3. 1.3 IBM LinuxONE servers
      1. 1.3.1 IBM LinuxONE Emperor II
      2. 1.3.2 IBM LinuxONE Rockhopper II
    4. 1.4 LinuxONE as a secure platform
      1. 1.4.1 The need for a secure platform
      2. 1.4.2 Security with LinuxONE
      3. 1.4.3 Using LinuxONE Security to create a secure cloud
      4. 1.4.4 IBM Hyper Protect Services overview
  5. Chapter 2. Introduction to security on IBM LinuxONE
    1. 2.1 Why security matters
    2. 2.2 Hardware security features overview
    3. 2.3 Pervasive encryption
    4. 2.4 IBM LinuxONE cryptographic hardware features
      1. 2.4.1 CP Assist for Cryptographic Function
      2. 2.4.2 Crypto-Express6S
    5. 2.5 Benefits of hardware crypto
    6. 2.6 Using RACF to secure your cloud infrastructure
      1. 2.6.1 Principle of best matching profile
    7. 2.7 RACF DB organization and structure
      1. 2.7.1 Database definition to the system
      2. 2.7.2 Internal organization of RACF database specifying class options
  6. Chapter 3. IBM z/VM hypervisor
    1. 3.1 Virtualization
      1. 3.1.1 Virtualization benefits
      2. 3.1.2 Hardware virtualization
    2. 3.2 z/VM hypervisor and LinuxONE servers
      1. 3.2.1 z/VM 7.1 overview
      2. 3.2.2 Single System Image overview
      3. 3.2.3 Security settings in an SSI cluster
      4. 3.2.4 Controlling the System Operator
      5. 3.2.5 System Configuration file
      6. 3.2.6 Addressing password security
      7. 3.2.7 Implementing CP LOGONBY
      8. 3.2.8 Role-based access controls and CP privilege classes
    3. 3.3 Device management
    4. 3.4 Securing the data
      1. 3.4.1 Securing your minidisks
      2. 3.4.2 Encrypting z/VM page volumes
      3. 3.4.3 Securing GUEST LANS and virtual switches
    5. 3.5 Securing your communication
      1. 3.5.1 Encrypting your communication
      2. 3.5.2 z/VM Cryptographic definitions
      3. 3.5.3 Checking the cryptographic card definitions in z/VM
    6. 3.6 z/VM connectivity
      1. 3.6.1 DEVICE and LINK statements
      2. 3.6.2 HiperSockets VSWITCH Bridge
      3. 3.6.3 Security considerations
    7. 3.7 Remote Spooling Communications Subsystem
  7. Chapter 4. IBM Resource Access Control Facility Security Server for IBM z/VM
    1. 4.1 RACF z/VM concepts
      1. 4.1.1 External security manager
      2. 4.1.2 Security policy
    2. 4.2 Activating and configuring RACF
      1. 4.2.1 Post-activation tasks
      2. 4.2.2 Building the RACF enabled CPLOAD MODULE
      3. 4.2.3 Updating the RACF database and options
      4. 4.2.4 Placing RACF into production
      5. 4.2.5 Using HCPRWAC
    3. 4.3 RACF management processes
      1. 4.3.1 DirMaint changes to work with RACF
      2. 4.3.2 RACF authorization concepts
      3. 4.3.3 Adding virtual machines and resources to the system and RACF database
      4. 4.3.4 Securing your minidisks with RACF
      5. 4.3.5 Securing guest LANs and virtual switches with RACF
      6. 4.3.6 Labeled security and mandatory access control
      7. 4.3.7 Backing up the RACF database
      8. 4.3.8 RACF recovery options
  8. Chapter 5. Security policy management on IBM z/VM
    1. 5.1 User ID management
      1. 5.1.1 Least privilege principle
      2. 5.1.2 RACF passwords and password phrases
      3. 5.1.3 Implementing RACF LOGONBY
    2. 5.2 Communication encryption
    3. 5.3 Single System Image Security
      1. 5.3.1 Overview
      2. 5.3.2 Equivalency identifiers
      3. 5.3.3 Relocation domains
      4. 5.3.4 RACF in an SSI cluster
    4. 5.4 Auditing
      1. 5.4.1 Auditing with journaling
      2. 5.4.2 Auditing with RACF
  9. Chapter 6. Securing a cloud in an IBM z/VM environment
    1. 6.1 Cloud on z/VM components
    2. 6.2 DirMaint
      1. 6.2.1 DirMaint controls
      2. 6.2.2 Delegating DirMaint authority
    3. 6.3 Systems Management API
      1. 6.3.1 SFS
      2. 6.3.2 Other SMAPI user IDs
      3. 6.3.3 VSMGUARD
      4. 6.3.4 SMAPI controls
      5. 6.3.5 Security aspects of SMAPI
    4. 6.4 z/VM Cloud Manager Appliance
      1. 6.4.1 Basic requirements and configuration options
      2. 6.4.2 OpenStack and xCAT Service Deployment Patterns
      3. 6.4.3 z/VM System Management Architecture
    5. 6.5 CMA Controller node
      1. 6.5.1 DMSSICNF COPY for the controller node
      2. 6.5.2 DMSSICMO COPY file for the controller node
    6. 6.6 CMA compute node
      1. 6.6.1 DMSSICNF COPY file for the compute node
      2. 6.6.2 DMSSICMO COPY file for the compute node
    7. 6.7 CMA installation
      1. 6.7.1 Initial set-up
      2. 6.7.2 Installing SMAPI 6.4 on your 7.1 system
      3. 6.7.3 Installing the CMA files on your z/VM 7.1 system
      4. 6.7.4 Restoring the CMA files
      5. 6.7.5 Configuring to use CMA 6.4 (Newton)
    8. 6.8 Securing your cloud components
      1. 6.8.1 Security considerations inherent in a cloud environment
      2. 6.8.2 Security tips for the cloud
  10. Chapter 7. Securing IBM Cloud Private and Microservices on LinuxONE
    1. 7.1 Security in DevOps
    2. 7.2 Introduction to microservices
      1. 7.2.1 Microservice architecture
      2. 7.2.2 Service discovery
      3. 7.2.3 Securing your microservices application
    3. 7.3 Managing containers by using Kubernetes
      1. 7.3.1 Introduction to containers
      2. 7.3.2 Containers versus virtual machines
      3. 7.3.3 Container key points
      4. 7.3.4 Container orchestration
      5. 7.3.5 Kubernetes
      6. 7.3.6 Security in Kubernetes
    4. 7.4 Containers management at scale
      1. 7.4.1 IBM LinuxONE as the container platform
      2. 7.4.2 Deployment strategies
    5. 7.5 IBM Cloud Private overview
      1. 7.5.1 Key aspects
      2. 7.5.2 IBM Cloud Private architecture
      3. 7.5.3 IBM Cloud Private Security
      4. 7.5.4 IBM Cloud Private features
    6. 7.6 IBM Cloud Private on LinuxONE
      1. 7.6.1 Security levels for containerized applications on LinuxONE
      2. 7.6.2 IBM Secure Service Container
      3. 7.6.3 Deploying IBM Cloud Private on LinuxONE
      4. 7.6.4 IBM Cloud Private hands-on
      5. 7.6.5 Deploying a Node.js service on top of ICP and LinuxONE
    7. 7.7 IBM Cloud Automation Manager
      1. 7.7.1 Terraform
      2. 7.7.2 IBM Cloud Automation Manager on IBM Cloud Private
      3. 7.7.3 Security in IBM Cloud Automation Manager
  11. Chapter 8. IBM z/VM and enterprise security
    1. 8.1 z/Secure
    2. 8.2 Lightweight Directory Access Protocol
      1. 8.2.1 LDAP on z/VM
      2. 8.2.2 Integration of z/VM LDAP into an enterprise directory
    3. 8.3 Linux on IBM LinuxONE security
      1. 8.3.1 Authentication
      2. 8.3.2 Access control
      3. 8.3.3 User management
      4. 8.3.4 Update management
      5. 8.3.5 Data
      6. 8.3.6 Audit
      7. 8.3.7 Cryptographic hardware
      8. 8.3.8 Firewall
  12. Related publications
    1. Other publications
    2. Help from IBM
  13. Back cover
18.117.73.127