Front cover -- Contents -- Notices -- Trademarks -- Preface -- The team that wrote this redbook -- Become a published author -- Comments welcome -- Chapter 1. Introduction -- 1.1 Cryptographic function support -- 1.1.1 Cryptographic Synchronous functions -- 1.1.2 Cryptographic Asynchronous functions -- 1.2 z990 Cryptographic processors -- 1.2.1 CP Assist for Cryptographic Function (CPACF) -- 1.2.2 PCI Extended Cryptographic Coprocessor (PCIXCC) -- 1.2.3 PCI Cryptographic Accelerator (PCICA) feature -- 1.3 Cryptographic hardware features -- 1.3.1 PCIX Cryptographic Coprocessor feature -- 1.3.2 The PCICA feature -- 1.3.3 Configuration rules -- 1.3.4 z990 cryptographic feature codes -- 1.4 Integrated Cryptographic Services Facility -- 1.4.1 CKDS and PKDS -- 1.4.2 TKE workstation feature -- 1.5 Cryptographic features comparison -- 1.6 Software requirements -- Chapter 2. CPACF, PCICA, and PCIXCC product overview -- 2.1 Description of hardware -- 2.1.1 Definitions -- 2.1.2 Hardware implementation -- 2.1.3 Introduction to the z990 PCIXCC, PCICA and CPACF -- 2.1.4 PCXICC card: physical security, handling, and shipping -- 2.2 Adjunct Processor (AP) management -- 2.2.1 Introduction to Adjunct Processor architecture -- 2.2.2 AP management and PCIXCC initialization -- 2.3 PCIXCC microcode load -- 2.3.1 The IBM 4758 CCA application -- 2.3.2 The software hierarchy in the coprocessor -- 2.3.3 Software requirements: cryptographic functions and hardware -- 2.3.4 The TKE V4 workstation -- Chapter 3. Planning and hardware installation -- 3.1 Hardware requirements -- 3.1.1 Hardware required for z990 -- 3.2 Feature codes -- 3.3 Concurrent PCIXCC/PCICA installation tasks -- 3.3.1 Concurrent Install on z990 -- 3.3.2 Removing one PCIXCC -- 3.4 Planning list items -- Chapter 4. PCIXCC using TKE V4 -- 4.1 Introduction to the TKE V4 Workstation -- 4.1.1 Major changes.

4.1.2 Before using the new TKE -- 4.1.3 The TKE V4 software -- 4.1.4 TKE workstation installation - general information -- 4.1.5 TKE definitions -- 4.2 TKE workstation TCP/IP setup -- 4.2.1 TKE workstation 4758 setup -- 4.2.2 TKE access control administration -- 4.2.3 Starting the TKE application -- 4.3 TKE application: managing host Crypto coprocessors -- 4.3.1 Managing modules -- 4.3.2 PCIXCC setup on the TKE workstation -- 4.3.3 Manage and update the Crypto module notebook on TKE -- 4.3.4 PCIXCC module notebook -- 4.3.5 Backing up the TKE files -- 4.4 4753 Key Token Migration facility -- Chapter 5. ICSF support for CPACF, PCIXCC, and PCICA -- 5.1 CP Assist for Cryptographic Functions (CPACF) feature -- 5.2 LPAR setup -- 5.2.1 Planning considerations -- 5.2.2 The image profile processor page -- 5.2.3 The PCI Crypto page -- 5.2.4 Viewing LPAR Cryptographic Controls -- 5.3 PCIXCC and PCICA feature installation -- 5.3.1 PCIXCC and PCICA enablement -- 5.3.2 Configuring and monitoring the status of PCIXCC and PCICA -- 5.3.3 Security issues with the PCI Cryptographic cards -- 5.4 Integrated Cryptographic Services Facility (ICSF) setup -- 5.4.1 Changes from previous release -- 5.4.2 Started task and the first time start -- 5.4.3 Master Keys -- 5.4.4 Initial Master Key entry with the pass phrase initialization utility -- 5.4.5 Installation of a new PCIXCC or PCICA card -- 5.4.6 PKDS initialization -- Chapter 6. Performance and monitoring -- 6.1 z990 Crypto hardware performance considerations -- 6.2 Monitoring and reporting -- 6.2.1 RMF reporting -- 6.2.2 ICSF SMF records -- 6.2.3 Example using RMF and SMF data -- Appendix A. Exploiters -- A.1 The APIs -- A.2 Overview of the IBM exploiters -- A.2.1 z/OS Open Cryptographic Services Facility (OCSF) -- A.2.2 IBM HTTP Server for z/OS -- A.2.3 z/OS LDAP server and client.

A.2.4 CICS Transaction Server and CICS Transaction Gateway -- A.2.5 z/OS TN3270 server -- A.2.6 z/OS Firewall Technologies -- A.2.7 GSKKYMAN -- A.2.8 z/OS DCE -- A.2.9 z/OS Network Authentication Service (Kerberos) -- A.2.10 Payment processing products -- A.2.11 VTAM Session Level Encryption -- A.2.12 RACF -- A.2.13 z/OS Public Key Infrastructure (PKI) services -- A.2.14 Crypto Based Transactions (CBT) banking solution -- A.2.15 Java cryptography -- Related publications -- IBM Redbooks -- Other publications -- Online resources -- How to get IBM Redbooks -- Help from IBM -- Index -- Back cover.