IBM Security Redbooks

Assessing Hardware Failures on IBM PureData System for Analytics N2001, N2002, and N3001
Analytics

Web Doc, published 29 Sep 2016

This IBM Analytics Support Wed Doc describes possible hardware component failures on IBM PureData System for Analytics, their effect on the system, and its criticality and consequences if multiple components fail. This document also describes the architecture of IBM PureData System for Analytics to clarify the relationships between components. It also provides guidance on replacement scenarios. This information is intended to help users correctly respond to failures and open problem management records (PMR) with an accurate level of severity. This document provides information to help you ... [more]

Changing Physical Disk Storage in IBM DB2 pureScale: A Practical Example
Data Management

Web Doc, published 22 Sep 2016, last updated 26 Sep 2016

  (based on 3 reviews)

IBM® DB2® pureScale® provides continuous availability with multiple active servers that share a common set of disk storage subsystems. DB2 pureScale includes multiple components for high availability (HA), such as IBM Tivoli® System Automation (TSA) and IBM General Parallel File System (IBM GPFS™) for clustered file systems. Like any component in an IT infrastructure, DB2 pureScale eventually might require a migration to meet the demands of upgraded hardware and software. Database administrators, operating system administrators, and system administrators working with DB2 pureScale in ... [more]

IBM BigInsights Security Implementation: Part 1 Introduction to Security Architecture
Analytics

Web Doc, published 25 Aug 2016

Big data analytics involves processing large amounts of data that cannot be handled by conventional systems. The IBM® BigInsights® platform processes large amounts of data by breaking the computation into smaller tasks that can be distributed onto several nodes. As this platform is shared by users in different roles (developers, analysts, data scientists, and testers), it introduces the challenge of provisioning access and authorization to the cluster and securing the data. Big data platforms are an amalgamation of several individual components that are still evolving, and are based on the ... [more]

IBM PureData System for Analytics: Improving Query Performance by Tuning Netezza Optimizer Through Postgres Configuration

Web Doc, published 23 Jun 2016

The IBM® PureData® System for Analytics, powered by Netezza® technology (“IBM Netezza”), is a data warehouse appliance that features a purpose-built analytics engine. Netezza generates a query plan for all queries that run on the system. The query plan describes the optimal execution query path as determined by the query optimizer component, which relies on statistics that are available about the database objects that are involved in the query. The Netezza query optimizer is a cost-based optimizer; that is, it determines the cost for the various execution alternatives and chooses the path ... [more]

What to Consider When Switching IBM InfoSphere Information Server to Use LDAP Authentication
Analytics

Web Doc, published 18 Apr 2016

When changing IBM® InfoSphere® Information Server to authenticate with Lightweight Directory Access Protocol (LDAP), consider several aspects before making the switch. This document discusses the two types of LDAP registries, what to consider when deciding which registry is best for your company, what information is needed for the configuration, and what else can be done to optimize the configuration. This IBM Rebooks® Analytics Support Web Doc applies to IBM InfoSphere Information Server versions 9.1 through 11.5. This document is intended for systems and InfoSphere Information Server ... [more]

Reduce Risk and Improve Security on IBM Mainframes: Volume 1 Architecture and Platform Security
IBM Z

Redbooks, published 8 Dec 2014, last updated 22 Mar 2016

  (based on 2 reviews)

This IBM® Redbooks® publication documents the strength and value of the IBM security strategy with IBM System z® hardware and software. In an age of increasing security consciousness, IBM System z provides the capabilities to address the needs of today's business security challenges. This publication explores how System z hardware is designed to provide integrity, process isolation, and cryptographic capability to help address security requirements. This book highlights the features of IBM z/OS® and other operating systems, which offer various customizable security elements under the ... [more]

Cloud Security Guidelines for IBM Power Systems
Power Systems

Redbooks, published 1 Mar 2016, last updated 9 Mar 2016

  (based on 3 reviews)

This IBM® Redbooks® publication is a comprehensive guide that covers cloud security considerations for IBM Power Systems™. The first objectives of this book are to examine how Power Systems can fit into the current and developing cloud computing landscape and to outline the proven Cloud Computing Reference Architecture (CCRA) that IBM employs in building private and hybrid cloud environments. The book then looks more closely at the underlying technology and hones in on the security aspects for the following subsystems:
- IBM Hardware Management Console
- IBM PowerVM
- ... [more]

Industrial Controls Security
Security

Redguide, published 30 Dec 2015, last updated 6 Jan 2016

  (based on 1 review)

As cybersecurity threats evolve, we must adapt the way to fight them. The typical countermeasures are no longer adequate, given that advanced persistent threats (APTs) are the most imminent attacks that we face today. This IBM® Redguide™ publication explains why industrial installations are an attractive target and why it is so important to protect them in a new way. To help you better understand what you might be facing, we explain how attacks work, who the potential attackers are, what they want to achieve, and how they work to achieve it. We give you insights into a world that seems like ... [more]

Streamline Management of the IBM z Systems Host Cryptographic Module Using IBM Trusted Key Entry
IBM Z

Point-of-View, published 12 Nov 2015

Every organization has the goal and responsibility to ensure data confidentiality, integrity, and authenticity. Cryptographic systems are extensively used to provide the security needed for data transport. Cryptographic systems use keys to lock and unlock the encrypted data. The security and management of these keys is critical to the cryptographic system’s viability. For IBM® z Systems™, the Host Cryptographic Module keys are the most important keys that you have. Many standards require that the key parts for master keys never be in the clear outside of a Hardware Security Module (HSM). ... [more]

Reduce Risk and Improve Security on IBM Mainframes: Volume 3 Mainframe Subsystem and Application Security
IBM Z

Redbooks, published 2 Nov 2015

  (based on 1 review)

This IBM® Redbooks® publication documents the strength and value of the IBM security strategy with IBM z™ Systems hardware and software. In an age of increasing security consciousness and more and more dangerous advanced persistent threats, IBM z Systems™ provides the capabilities to address the needs of today's business security challenges. This publication explores how z Systems hardware is designed to provide integrity, process isolation, and cryptographic capability to help address security requirements. We highlight the features of IBM z/OS® and other operating systems, which offer a ... [more]

IBM Security Access Manager Appliance Deployment Patterns
Security

Redpaper, published 23 Oct 2015, last updated 2 Nov 2015

IBM® Security Access Manager is a modular, integrated access management appliance that helps secure access to web, mobile, and cloud workloads. It is offered both as a physical appliance and as a virtual appliance image that runs on several popular hypervisors. The integrated appliance form factor enables easier and more flexible deployment and maintenance. This IBM Redpaper™ publication describes the different Security Access Manager Appliance V9.0 deployment patterns and uses hands-on examples to demonstrate how to initially configure systems in those deployments. It also describes ... [more]

Reduce Risk and Improve Security on IBM Mainframes: Volume 2 Mainframe Communication and Networking Security
IBM Z

Redbooks, published 25 Sep 2015

This IBM® Redbooks® publication documents the strength and value of the IBM security strategy with IBM z Systems hardware and software (referred to in this book by the previous product name, IBM System z®). In an age of increasing security consciousness and more dangerous and advanced persistent threats, System z provides the capabilities to address today’s business security challenges. This book explores how System z hardware is designed to provide integrity, process isolation, and cryptographic capability to help address security requirements. We highlight the features of IBM z/OS® and ... [more]

End to End Security with z Systems
IBM Z Software

Redpaper, published 3 Apr 2015

  (based on 9 reviews)

This IBM® Redpaper™ provides a broad understanding of the components necessary to secure your IBM z Systems environment. It provides an end-to-end architectural reference document for a use case that employs both mobile and analytics. It also provides an end to end explanation of security on z Systems from the systems of record through the systems of engagement. Security is described in terms of transactions, covering what happens after a transaction hits the system of engagement and what needs to be in place from that moment forward. The audience for this paper is IT architects and those ... [more]

Securing the IBM Mainframe
IBM Z

Solution Guide, published 27 Mar 2015

Cybercrime is a sophisticated activity. It is no longer a playing field for “script-kiddies” trying to get access to systems and servers for fun, and it is not about quick hacks to get in and get out quickly. It is now about real commercial, political, or even military advantages. There have been reports in the press recently of large systems data breaches, and it is apparent that some of these are associated with attempts to access mainframe data. The skills and knowledge that are required to manage and operate a sophisticated IBM System z mainframe are different from those that are used ... [more]

Centrally Managing Access to Self-Encrypting Drives in Lenovo System x Servers Using IBM Security Key Lifecycle Manager
System x

Redbooks, published 16 Mar 2015

Data security is one of the paramount requirements for organizations of all sizes. Although many companies invested heavily in protection from network-based attacks and other threats, few effective safeguards are available to protect against potentially costly exposures of proprietary data that results from a hard disk drive being stolen, misplaced, retired, or redeployed. Self-encrypting drives (SEDs) can satisfy this need by providing the ultimate in security for data-at-rest and can help reduce IT drive retirement costs in the data center. Self-encrypting drives are also an excellent ... [more]

Key Management Deployment Guide: Using the IBM Enterprise Key Management Foundation
IBM Z

Redbooks, published 12 Oct 2014

In an increasingly interconnected world, data breaches grab headlines. The security of sensitive information is vital, and new requirements and regulatory bodies such as the Payment Card Industry Data Security Standard (PCI-DSS), Health Insurance Portability and Accountability Act (HIPAA), and Sarbanes-Oxley (SOX) create challenges for enterprises that use encryption to protect their information. As encryption becomes more widely adopted, organizations also must contend with an ever-growing set of encryption keys. Effective management of these keys is essential to ensure both the ... [more]

Simplify Software Audits and Cut Costs by Using the IBM License Metric Tool
Security

Redpaper, published 17 Sep 2014

In this IBM® Redpaper™ publication, you learn how to implement the IBM subcapacity licensing functions and the IBM License Metric Tool to track and manage licenses for your IBM WebSphere® Application Server instances. It also summarizes the different licensing models that IBM employs, the advantages of using software asset management for IT companies, and explains how to save money by using these the subcapacity model for WebSphere Application Server licenses. The primary purpose of the License Metric Tool is counting the processor value units (PVU) and resource value units (RVU) for ... [more]

IBM License Metric Tool tracks and manages licenses for WebSphere® Application Server
Security

Solution Guide, published 18 Aug 2014, last updated 3 Sep 2014

Virtually every aspect of managing an IT environment has drastically increased in complexity as new technologies and business shifts have altered the way businesses organize their IT infrastructure. As companies move to greater usage of virtualization, sub-capacity based technologies, and cloud based technologies to manage their infrastructure requirements, the licensing of that software has become increasingly difficult to track and manage. In addition, licensing models have changed to accommodate modern IT infrastructure models. This IBM® Redbooks® Solution Guide describes how IBM® ... [more]

Addressing Emerging Threats and Targeted Attacks with IBM Security Network Protection
Security

Redguide, published 16 Jul 2014

In networks today, organizations are faced with hundreds of new web and non-web applications that are available to their users. Social media applications, peer-to-peer file transfer applications, Voice over Internet Protocol (VoIP), web-based email, cloud data storage, and many others are all readily available. The ease and speed at which these new applications can be installed or simply accessed reduces the effectiveness of a perimeter-based security architecture and provides many new types of risks. These applications can be used by an attacker to obtain initial access into the ... [more]

Performance Tuning for IBM Security Directory Server
Security

Redpaper, published 2 Apr 2014

  (based on 1 review)

In today’s highly connected world, directory servers are the IT cornerstone of many businesses. These components of the corporate infrastructure are the foundation of authentication systems for internal and, more commonly, external user populations. Managing a directory server with several hundred internal users is not all that difficult. However, managing a directory server with several million external users in all 24 time zones throughout the world is a much more daunting task. IBM® Security Directory Server software can handle millions of entries, given the right architecture, ... [more]