IBM Friday announced enhanced security features for its System z9 Business Class mainframe. The new features include IPSec-based network encryption using IBM's zIIP crypto engine, as well as host-based public-key encryption based on its CryptoExpress2 hardware module.
"This is part of our new strategy to reinvent the mainframe," says Mary Moore, IBM Systems z security initiative leader. Introduced last year with a product launch in China, the System z9 is intended to be a low-end mainframe costing about US$100,000 for the midsize business market, says Moore.
The newly added zIIP crypto engine enables secure connections between the mainframe and remote servers and devices using IPSec.
The CryptoExpress2 modular hardware holds a FIPS 140-2 Level 4 rating from the U.S. government evaluation program and provides public-key infrastructure-based cryptography. It makes use of the Advanced Encryption Standard, which is approved by the federal government, and other algorithms.
With CryptoExpress2, encryption keys are stored in a tamper-resistant hardware device and never appear in the clear.