IBM Secure Service Container
   HOME

TheInfoList



Click Here for Items Related To - IBM Secure Service Container
OR:
IBM Secure Service Container on:   [Wikipedia]   [Google]   [Amazon]

IBM Secure Service Container is the
trusted execution environment A trusted execution environment (TEE) is a secure area of a main processor. It guarantees code and data loaded inside to be protected with respect to confidentiality and integrity. Data integrity prevents unauthorized entities from outside the ...
available for
IBM Z IBM Z is a family name used by IBM for all of its z/Architecture mainframe computers. In July 2017, with another generation of products, the official family was changed to IBM Z from IBM z Systems; the IBM Z family now includes the newest mod ...
and
IBM LinuxONE Linux on IBM Z or Linux on zSystems is the collective term for the Linux operating system compiled to run on IBM mainframes, especially IBM Z / IBM zSystems and IBM LinuxONE servers. Similar terms which imply the same meaning are ''Linux/390'', ...
servers.


History

In 2016 IBM introduced the z Appliance Container Infrastructure ("zACI") feature for the IBM z13, z13s, LinuxONE Rockhopper, and LinuxONE Emperor servers, delivered via a driver (firmware) update (driver level 27). IBM originally conceived its trusted execution environment as best suited for software "appliances," such as its own z/VSE Network Appliance, zAware, and GDPS Virtual Appliance offerings. As IBM improved zACI and broadened its applicability, the company quickly changed its name to IBM Secure Service Container (SSC) when the IBM z14 and LinuxONE Emperor II models launched in 2017.


Details

IBM Secure Service Container consists of a combination of hardware, firmware, and software technologies that are commercially available in recent IBM Z and IBM LinuxONE servers. The hardware and firmware elements are primarily extensions to IBM's
PR/SM A logical partition (LPAR) is a subset of a computer's hardware resources, virtualized as a separate computer. In effect, a physical machine can be partitioned into multiple logical partitions, each hosting a separate instance of an operating ...
logical partitioning technologies which are Common Criteria Enterprise Assurance Level (EAL) 5+ certified for separation and isolation. A
logical partition A logical partition (LPAR) is a subset of a computer's hardware resources, virtualized as a separate computer. In effect, a physical machine can be partitioned into multiple logical partitions, each hosting a separate instance of an operating ...
(LPAR) type of "SSC" is available, and up to 16 TiB of usable main system memory can be allocated per LPAR (the limit as of the IBM z14 and IBM Emperor II server models introduced in 2017). IBM also supplies a generalized, open source-based software framework for SSCs in the form of IBM Secure Service Container for IBM Cloud Private and a paired, firmware-based enabling feature. This generalized software framework facilitates running conventional
virtual machine In computing, a virtual machine (VM) is the virtualization/emulation of a computer system. Virtual machines are based on computer architectures and provide functionality of a physical computer. Their implementations may involve specialized hardw ...
s (VMs) and Docker containers on Linux within the SSC, without requiring special programming to adapt to SSC architecture. In other words, the IBM Secure Service Container (SSC) is the outer "envelope" within which VMs and software containers (such as Docker containers) run in a highly secure, trusted execution environment. IBM uses SSCs to host many of its own public cloud services, includin
IBM Cloud Hyper Protect Services
First adopters of IBM SSC technologies include organizations with extremely demanding security requirements, including digital asset and
cryptocurrency A cryptocurrency, crypto-currency, or crypto is a digital currency designed to work as a medium of exchange through a computer network that is not reliant on any central authority, such as a government or bank, to uphold or maintain it. It i ...
firms such as Digital Asset Custody Services (DACS). Most organizations using IBM Secure Service Container also rely heavily on the services that IBM's
FIPS 140-2 The Federal Information Processing Standard Publication 140-2, (FIPS PUB 140-2), is a U.S. government computer security standard used to approve cryptographic modules. The title is ''Security Requirements for Cryptographic Modules''. Initial publ ...
Level 4 certified Crypto Express
hardware security module A hardware security module (HSM) is a physical computing device that safeguards and manages secrets (most importantly digital keys), performs encryption and decryption functions for digital signatures, strong authentication and other cryptograp ...
s and Trusted Key Entry (TKE) equipment provide, although these IBM Z and IBM LinuxONE system features can also be used separately, on their own.


See also

*
IBM mainframe IBM mainframes are large computer systems produced by IBM since 1952. During the 1960s and 1970s, IBM dominated the large computer market. Current mainframe computers in IBM's line of business computers are developments of the basic design of th ...
*
Linux on IBM Z Linux on IBM Z or Linux on zSystems is the collective term for the Linux operating system compiled to run on IBM mainframes, especially IBM Z / IBM zSystems and IBM LinuxONE servers. Similar terms which imply the same meaning are ''Linux/390'', ...
* IBM Cloud Hyper Protect


References

{{Reflist, 30em Security Security technology IBM software