Home Page Icon
Home Page
Table of Contents for
Front cover
Close
Front cover
by Maciej Olejniczak, Felipe Cardeneti Mendes, Karen Medhat Fahmy, Klaus Egeler, Ed
Securing Your Cloud: IBM Security for LinuxONE
Front cover
Notices
Trademarks
Preface
Authors
Now you can become a published author, too!
Comments welcome
Stay connected to IBM Redbooks
Chapter 1. IBM LinuxONE essentials
1.1 LinuxONE architecture and hardware
1.2 LinuxONE architecture
1.3 IBM LinuxONE servers
1.3.1 IBM LinuxONE Emperor II
1.3.2 IBM LinuxONE Rockhopper II
1.4 LinuxONE as a secure platform
1.4.1 The need for a secure platform
1.4.2 Security with LinuxONE
1.4.3 Using LinuxONE Security to create a secure cloud
1.4.4 IBM Hyper Protect Services overview
Chapter 2. Introduction to security on IBM LinuxONE
2.1 Why security matters
2.2 Hardware security features overview
2.3 Pervasive encryption
2.4 IBM LinuxONE cryptographic hardware features
2.4.1 CP Assist for Cryptographic Function
2.4.2 Crypto-Express6S
2.5 Benefits of hardware crypto
2.6 Using RACF to secure your cloud infrastructure
2.6.1 Principle of best matching profile
2.7 RACF DB organization and structure
2.7.1 Database definition to the system
2.7.2 Internal organization of RACF database specifying class options
Chapter 3. IBM z/VM hypervisor
3.1 Virtualization
3.1.1 Virtualization benefits
3.1.2 Hardware virtualization
3.2 z/VM hypervisor and LinuxONE servers
3.2.1 z/VM 7.1 overview
3.2.2 Single System Image overview
3.2.3 Security settings in an SSI cluster
3.2.4 Controlling the System Operator
3.2.5 System Configuration file
3.2.6 Addressing password security
3.2.7 Implementing CP LOGONBY
3.2.8 Role-based access controls and CP privilege classes
3.3 Device management
3.4 Securing the data
3.4.1 Securing your minidisks
3.4.2 Encrypting z/VM page volumes
3.4.3 Securing GUEST LANS and virtual switches
3.5 Securing your communication
3.5.1 Encrypting your communication
3.5.2 z/VM Cryptographic definitions
3.5.3 Checking the cryptographic card definitions in z/VM
3.6 z/VM connectivity
3.6.1 DEVICE and LINK statements
3.6.2 HiperSockets VSWITCH Bridge
3.6.3 Security considerations
3.7 Remote Spooling Communications Subsystem
Chapter 4. IBM Resource Access Control Facility Security Server for IBM z/VM
4.1 RACF z/VM concepts
4.1.1 External security manager
4.1.2 Security policy
4.2 Activating and configuring RACF
4.2.1 Post-activation tasks
4.2.2 Building the RACF enabled CPLOAD MODULE
4.2.3 Updating the RACF database and options
4.2.4 Placing RACF into production
4.2.5 Using HCPRWAC
4.3 RACF management processes
4.3.1 DirMaint changes to work with RACF
4.3.2 RACF authorization concepts
4.3.3 Adding virtual machines and resources to the system and RACF database
4.3.4 Securing your minidisks with RACF
4.3.5 Securing guest LANs and virtual switches with RACF
4.3.6 Labeled security and mandatory access control
4.3.7 Backing up the RACF database
4.3.8 RACF recovery options
Chapter 5. Security policy management on IBM z/VM
5.1 User ID management
5.1.1 Least privilege principle
5.1.2 RACF passwords and password phrases
5.1.3 Implementing RACF LOGONBY
5.2 Communication encryption
5.3 Single System Image Security
5.3.1 Overview
5.3.2 Equivalency identifiers
5.3.3 Relocation domains
5.3.4 RACF in an SSI cluster
5.4 Auditing
5.4.1 Auditing with journaling
5.4.2 Auditing with RACF
Chapter 6. Securing a cloud in an IBM z/VM environment
6.1 Cloud on z/VM components
6.2 DirMaint
6.2.1 DirMaint controls
6.2.2 Delegating DirMaint authority
6.3 Systems Management API
6.3.1 SFS
6.3.2 Other SMAPI user IDs
6.3.3 VSMGUARD
6.3.4 SMAPI controls
6.3.5 Security aspects of SMAPI
6.4 z/VM Cloud Manager Appliance
6.4.1 Basic requirements and configuration options
6.4.2 OpenStack and xCAT Service Deployment Patterns
6.4.3 z/VM System Management Architecture
6.5 CMA Controller node
6.5.1 DMSSICNF COPY for the controller node
6.5.2 DMSSICMO COPY file for the controller node
6.6 CMA compute node
6.6.1 DMSSICNF COPY file for the compute node
6.6.2 DMSSICMO COPY file for the compute node
6.7 CMA installation
6.7.1 Initial set-up
6.7.2 Installing SMAPI 6.4 on your 7.1 system
6.7.3 Installing the CMA files on your z/VM 7.1 system
6.7.4 Restoring the CMA files
6.7.5 Configuring to use CMA 6.4 (Newton)
6.8 Securing your cloud components
6.8.1 Security considerations inherent in a cloud environment
6.8.2 Security tips for the cloud
Chapter 7. Securing IBM Cloud Private and Microservices on LinuxONE
7.1 Security in DevOps
7.2 Introduction to microservices
7.2.1 Microservice architecture
7.2.2 Service discovery
7.2.3 Securing your microservices application
7.3 Managing containers by using Kubernetes
7.3.1 Introduction to containers
7.3.2 Containers versus virtual machines
7.3.3 Container key points
7.3.4 Container orchestration
7.3.5 Kubernetes
7.3.6 Security in Kubernetes
7.4 Containers management at scale
7.4.1 IBM LinuxONE as the container platform
7.4.2 Deployment strategies
7.5 IBM Cloud Private overview
7.5.1 Key aspects
7.5.2 IBM Cloud Private architecture
7.5.3 IBM Cloud Private Security
7.5.4 IBM Cloud Private features
7.6 IBM Cloud Private on LinuxONE
7.6.1 Security levels for containerized applications on LinuxONE
7.6.2 IBM Secure Service Container
7.6.3 Deploying IBM Cloud Private on LinuxONE
7.6.4 IBM Cloud Private hands-on
7.6.5 Deploying a Node.js service on top of ICP and LinuxONE
7.7 IBM Cloud Automation Manager
7.7.1 Terraform
7.7.2 IBM Cloud Automation Manager on IBM Cloud Private
7.7.3 Security in IBM Cloud Automation Manager
Chapter 8. IBM z/VM and enterprise security
8.1 z/Secure
8.2 Lightweight Directory Access Protocol
8.2.1 LDAP on z/VM
8.2.2 Integration of z/VM LDAP into an enterprise directory
8.3 Linux on IBM LinuxONE security
8.3.1 Authentication
8.3.2 Access control
8.3.3 User management
8.3.4 Update management
8.3.5 Data
8.3.6 Audit
8.3.7 Cryptographic hardware
8.3.8 Firewall
Related publications
Other publications
Help from IBM
Back cover
Search in book...
Toggle Font Controls
Playlists
Add To
Create new playlist
Name your new playlist
Playlist description (optional)
Cancel
Create playlist
Sign In
Email address
Password
Forgot Password?
Create account
Login
or
Continue with Facebook
Continue with Google
Sign Up
Full Name
Email address
Confirm Email Address
Password
Login
Create account
or
Continue with Facebook
Continue with Google
Next
Next Chapter
Note: Before using this information and the product it supports, read the information in “Notices” on page vii.
Add Highlight
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click
here
login for view all page.
Day Mode
Cloud Mode
Night Mode
Reset