Smart Disk Monitor Server Edition Retail v1.13 serial key or number

Cisco Email Security Appliance Licensing

Feature Keys

Adding and Managing Feature Keys

For physical appliances, feature keys are specific to the serial number of the appliance and specific to the feature being enabled (you cannot re-use a key from one system on another system).

To work with feature keys in the CLI, use the command.

Procedure

What to do next

Related Topics

Automating Feature Key Download and Activation

You can set the appliance to automatically check for, download, and activate feature keys that are issued for this appliance.

Procedure

What to do next

Related Topics

Expired Feature Keys

A smart card, chip card, or integrated circuit card (ICC or IC card) is a physical electronic authorization device, used to control access to a resource. It is typically a plastic credit card-sized card with an embedded integrated circuit (IC) chip.^[1] Many smart cards include a pattern of metal contacts to electrically connect to the internal chip. Others are contactless, and some are both. Smart cards can provide personal identification, authentication, data storage, and application processing.^[2] Applications include identification, financial, mobile phones (SIM), public transit, computer security, schools, and healthcare. Smart cards may provide strong security authentication for single sign-on (SSO) within organizations. Numerous nations have deployed smart cards throughout their populations.

The universal integrated circuit card, or SIM card, is also a type of smart card. As of 2015^[update], 10.5 billion smart card IC chips are manufactured annually, including 5.44 billion SIM card IC chips.^[3]

History[edit]

The basis for the smart card is the siliconintegrated circuit (IC) chip.^[4] It was invented by Robert Noyce at Fairchild Semiconductor in 1959, and was made possible by Mohamed M. Atalla's silicon surface passivation process (1957) and Jean Hoerni's planar process (1959).^[5][6][7] The invention of the silicon integrated circuit led to the idea of incorporating it onto a plastic card in the late 1960s.^[4] Smart cards have since used MOS integrated circuit chips, along with MOS memory technologies such as flash memory and EEPROM (electrically erasable programmable read-only memory).^[8]

Invention[edit]

One of the first smart card prototypes, created by its inventor Roland Moreno around 1975. The chip has not yet been miniaturized. On this prototype, one can see how each pin of the microchip (center) is connected to the exterior world by a copper connector.

First smart card manufactured by Giesecke & Devrient in 1979, already with the finally standardized dimension (ID-1) and a contact area with eight pads (initially on the upper left corner)

The idea of incorporating an integrated circuit chip onto a plastic card was first introduced by two German engineers in the late 1960s, Helmut Gröttrup and Jürgen Dethloff.^[4] In February 1967, Gröttrup filed the patent DE1574074^[9] in West Germany for a tamper-proof identification switch based on a semiconductor device. Its primary use was intended to provide individual copy-protected keys for releasing the tapping process at unmanned gas stations. In September 1968, Helmut Gröttrup, together with Dethloff as an investor, filed further patents for this identification switch, first in Austria^[10] and in 1969 as subsequent applications in the United States^[11][12], Great Britain, West Germany and other countries.^[13]

Independently, Kunitaka Arimura of the Arimura Technology Institute in Japan developed a similar idea of incorporating an integrated circuit onto a plastic card, and filed a smart card patent in March 1970.^[4][14] The following year, Paul Castrucci of IBM filed an American patent titled "Information Card" in May 1971.^[14]

In 1974 Roland Moreno patented a secured memory card later dubbed the "smart card".^[15][16] In 1976, Jürgen Dethloff introduced the known element (called "the secret") to identify gate user as of USP 4105156.^[17]

In 1977, Michel Ugon from Honeywell Bull invented the first microprocessor smart card with two chips: one microprocessor and one memory, and in 1978, he patented the self-programmable one-chip microcomputer (SPOM) that defines the necessary architecture to program the chip. Three years later, Motorola used this patent in its "CP8". At that time, Bull had 1,200 patents related to smart cards. In 2001, Bull sold its CP8 division together with its patents to Schlumberger, who subsequently combined its own internal smart card department and CP8 to create Axalto. In 2006, Axalto and Gemplus, at the time the world's top two smart-card manufacturers, merged and became Gemalto. In 2008, Dexa Systems spun off from Schlumberger and acquired Enterprise Security Services business, which included the smart-card solutions division responsible for deploying the first large-scale smart-card management systems based on public key infrastructure (PKI).

The first mass use of the cards was as a telephone card for payment in French payphones, starting in 1983.^{[citation needed]}

Carte bleue[edit]

After the Télécarte, microchips were integrated into all French Carte Bleuedebit cards in 1992. Customers inserted the card into the merchant's point-of-sale (POS) terminal, then typed the personal identification number (PIN), before the transaction was accepted. Only very limited transactions (such as paying small highway tolls) are processed without a PIN.

Smart-card-based "electronic purse" systems store funds on the card, so that readers do not need network connectivity. They entered European service in the mid-1990s. They have been common in Germany (Geldkarte), Austria (Quick Wertkarte), Belgium (Proton), France (Moneo^[18]), the Netherlands (Chipknip Chipper (decommissioned in 2015)), Switzerland ("Cash"), Norway ("Mondex"), Spain ("Monedero 4B"), Sweden ("Cash", decommissioned in 2004), Finland ("Avant"), UK ("Mondex"), Denmark ("Danmønt") and Portugal ("Porta-moedas Multibanco"). Private electronic purse systems have also been deployed such as the Marines corps (USMC) at Parris Island allowing small amount payments at the cafeteria.

Since the 1990s, smart cards have been the subscriber identity modules (SIMs) used in GSM mobile-phone equipment. Mobile phones are widely used across the world, so smart cards have become very common.

EMV[edit]

Europay MasterCard Visa (EMV)-compliant cards and equipment are widespread with the deployment led by European countries. The United States started later deploying the EMV technology in 2014, with the deployment still in progress in 2019. Typically, a country's national payment association, in coordination with MasterCard International, Visa International, American Express and Japan Credit Bureau (JCB), jointly plan and implement EMV systems.

Historically, in 1993 several international payment companies agreed to develop smart-card specifications for debit and credit cards. The original brands were MasterCard, Visa, and Europay. The first version of the EMV system was released in 1994. In 1998 the specifications became stable.

EMVCo maintains these specifications. EMVco's purpose is to assure the various financial institutions and retailers that the specifications retain backward compatibility with the 1998 version. EMVco upgraded the specifications in 2000 and 2004.^[19]

EMV compliant cards were first accepted into Malaysia in 2005 ^[20] and later into United States in 2014. MasterCard was the first company that was allowed to use the technology in the United States. The United States has felt pushed to use the technology because of the increase in identity theft. The credit card information stolen from Target in late 2013 was one of the largest indicators that American credit card information is not safe. Target made the decision on April 30, 2014 that it would try to implement the smart chip technology in order to protect itself from future credit card identity theft.

Before 2014, the consensus in America was that there were enough security measures to avoid credit card theft and that the smart chip was not necessary. The cost of the smart chip technology was significant, which was why most of the corporations did not want to pay for it in the United States. The debate came when online credit theft was insecure enough for the United States to invest in the technology. The adaptation of EMV's increased significantly in 2015 when the liability shifts occurred in October by the credit card companies.

Development of contactless systems[edit]

Contactless smart cards do not require physical contact between a card and reader. They are becoming more popular for payment and ticketing. Typical uses include mass transit and motorway tolls. Visa and MasterCard implemented a version deployed in 2004–2006 in the U.S., with Visa's current offering called Visa Contactless. Most contactless fare collection systems are incompatible, though the MIFARE Standard card from NXP Semiconductors has a considerable market share in the US and Europe.

Use of "Contactless" smart cards in transport has also grown through the use of low cost chips NXP Mifare Ultralight and paper/card/PET rather than PVC. This has reduced media cost so it can be used for low cost tickets and short term transport passes (up to 1 year typically). The cost is typically 10% that of a PVC smart card with larger memory. They are distributed through vending machines, ticket offices and agents. Use of paper/PET is less harmful to the environment than traditional PVC cards . See also transport/transit/ID applications.

Smart cards are also being introduced for identification and entitlement by regional, national, and international organizations. These uses include citizen cards, drivers’ licenses, and patient cards. In Malaysia, the compulsory national ID MyKad enables eight applications and has 18 million users. Contactless smart cards are part of ICAObiometric passports to enhance security for international travel.

Design[edit]

A smart card may have the following generic characteristics:

• Dimensions similar to those of a credit card. ID-1 of the ISO/IEC 7810 standard defines cards as nominally 85.60 by 53.98 millimetres (3.37 in × 2.13 in). Another popular size is ID-000, which is nominally 25 by 15 millimetres (0.98 in × 0.59 in) (commonly used in SIM cards). Both are 0.76 millimetres (0.030 in) thick.
• Contains a tamper-resistant security system (for example a secure cryptoprocessor and a secure file system) and provides security services (e.g., protects in-memory information).
• Managed by an administration system, which securely interchanges information and configuration settings with the card, controlling card blacklisting and application-data updates.
• Communicates with external services through card-reading devices, such as ticket readers, ATMs, DIP reader, etc.
• Smart cards are typically made of plastic, generally polyvinyl chloride, but sometimes polyethylene-terephthalate-based polyesters, acrylonitrile butadiene styrene or polycarbonate.

Since April 2009, a Japanese company has manufactured reusable financial smart cards made from paper.^[21]

Contact smart cards[edit]

Illustration of smart-card structure and packaging

4 by 4 mm silicon chip in a SIM card, which was peeled open. Note the thin gold bonding wires and the regular, rectangular digital-memory areas.

Smart-card reader on a laptop

A smart-card pinout. VCC: Power supply. RST: Reset signal, used to reset the card's communications. CLK: Provides the card with a clock signal, from which data communications timing is derived. GND: Ground (reference voltage). VPP: ISO/IEC 7816-3:1997 designated this as a programming voltage: an input for a higher voltage to program persistent memory (e.g., EEPROM). ISO/IEC 7816-3:2006 designates it SPU, for either standard or proprietary use, as input and/or output. I/O: Serial input and output (half-duplex). C4, C8: The two remaining contacts are AUX1 and AUX2 respectively and are used for USB interfaces and other uses.^[22] However, the usage defined in ISO/IEC 7816-2:1999/Amd 1:2004 may have been superseded by ISO/IEC 7816-2:2007.^[23]

Contact-type smart cards may have many different contact pad layouts, such as these SIMs.

Contact smart cards have a contact area of approximately 1 square centimetre (0.16 sq in), comprising several gold-plated contact pads. These pads provide electrical connectivity when inserted into a reader,^[24] which is used as a communications medium between the smart card and a host (e.g., a computer, a point of sale terminal) or a mobile telephone. Cards do not contain batteries; power is supplied by the card reader.

The ISO/IEC 7810 and ISO/IEC 7816 series of standards define:

• physical shape and characteristics,
• electrical connector positions and shapes,
• electrical characteristics,
• communications protocols, including commands sent to and responses from the card,
• basic functionality.

Because the chips in financial cards are the same as those used in subscriber identity modules (SIMs) in mobile phones, programmed differently and embedded in a different piece of PVC, chip manufacturers are building to the more demanding GSM/3G standards. So, for example, although the EMV standard allows a chip card to draw 50 mA from its terminal, cards are normally well below the telephone industry's 6 mA limit. This allows smaller and cheaper financial card terminals.

Communication protocols for contact smart cards include T=0 (character-level transmission protocol, defined in ISO/IEC 7816-3) and T=1 (block-level transmission protocol, defined in ISO/IEC 7816-3).

Contactless smart cards[edit]

Contactless smart cards communicate with technology (at data rates of 106–848 kbit/s). These cards require only proximity to an antenna to communicate. Like smart cards with contacts, contactless cards do not have an internal power source. Instead, they use a loop antenna coil to capture some of the incident radio-frequency interrogation signal, rectify it, and use it to power the card's electronics. Contactless smart media can be made with PVC, paper/card and PET finish to meet different performance, cost and durability requirements.

APDU transmission by a contactless interface is defined in ISO/IEC 14443-4.

Hybrids[edit]

A hybrid smart card, which clearly shows the antenna connected to the main chip

Hybrid cards implement contactless and contact interfaces on a single card with dedicated modules/storage and processing.

Dual-interface

Dual-interface cards implement contactless and contact interfaces on a single card with some shared storage and processing. An example is Porto's multi-application transport card, called Andante, which uses a chip with both contact and contactless (ISO/IEC 14443 Type B) interfaces.

USB[edit]

The CCID (Chip Card Interface Device) is a USB protocol that allows a smart card to be connected to a computer, using a standard USB interface. This allows the smart card to be used as a security token for authentication and data encryption such as Bitlocker. A typical CCID is a USB dongle and may contain a SIM.

Applications[edit]

Financial[edit]

Smart cards serve as credit or ATM cards, fuel cards, mobile phone SIMs, authorization cards for pay television, household utility pre-payment cards, high-security identification and access badges, and public transport and public phone payment cards.

Smart cards may also be used as electronic wallets. The smart card chip can be "loaded" with funds to pay parking meters, vending machines or merchants. Cryptographic protocols protect the exchange of money between the smart card and the machine. No connection to a bank is needed. The holder of the card may use it even if not the owner. Examples are Proton, Geldkarte, Chipknip and Moneo. The German Geldkarte is also used to validate customer age at vending machines for cigarettes.

These are the best known payment cards (classic plastic card):

• Visa: Visa Contactless, Quick VSDC, "qVSDC", Visa Wave, MSD, payWave
• Mastercard: PayPass Magstripe, PayPass MChip
• American Express: ExpressPay
• Discover: Zip
• Unionpay: QuickPass

Roll-outs started in 2005 in the U.S. Asia and Europe followed in 2006. Contactless (non-PIN) transactions cover a payment range of ~$5–50. There is an ISO/IEC 14443 PayPass implementation. Some, but not all, PayPass implementations conform to EMV.

Non-EMV cards work like magnetic stripe cards. This is common in the U.S. (PayPass Magstripe and Visa MSD). The cards do not hold or maintain the account balance. All payment passes without a PIN, usually in off-line mode. The security of such a transaction is no greater than with a magnetic stripe card transaction.^{[citation needed]}

EMV cards can have either contact or contactless interfaces. They work as if they were a normal EMV card with a contact interface. Via the contactless interface they work somewhat differently, in that the card commands enabled improved features such as lower power and shorter transaction times.

SIM[edit]

The subscriber identity modules used in mobile-phone systems are reduced-size smart cards, using otherwise identical technologies.

Identification[edit]

Smart-cards can authenticate identity. Sometimes they employ a public key infrastructure (PKI). The card stores an encrypted digital certificate issued from the PKI provider along with other relevant information. Examples include the U.S. Department of Defense (DoD) Common Access Card (CAC), and other cards used by other governments for their citizens. If they include biometric identification data, cards can provide superior two- or three-factor authentication.

Smart cards are not always privacy-enhancing, because the subject may carry incriminating information on the card. Contactless smart cards that can be read from within a wallet or even a garment simplify authentication; however, criminals may access data from these cards.

Cryptographic smart cards are often used for single sign-on. Most advanced smart cards include specialized cryptographic hardware that uses algorithms such as RSA and Digital Signature Algorithm (DSA). Today's cryptographic smart cards generate key pairs on board, to avoid the risk from having more than one copy of the key (since by design there usually isn't a way to extract private keys from a smart card). Such smart cards are mainly used for digital signatures and secure identification.

The most common way to access cryptographic smart card functions on a computer is to use a vendor-provided PKCS#11 library.^{[citation needed]} On Microsoft Windows the Cryptographic Service Provider (CSP) API is also supported.

The most widely used cryptographic algorithms in smart cards (excluding the GSM so-called "crypto algorithm") are Triple DES and RSA. The key set is usually loaded (DES) or generated (RSA) on the card at the personalization stage.

Some of these smart cards are also made to support the National Institute of Standards and Technology (NIST) standard for Personal Identity Verification, FIPS 201.

Turkey implemented the first smart card driver's license system in 1987. Turkey had a high level of road accidents and decided to develop and use digital tachograph devices on heavy vehicles, instead of the existing mechanical ones, to reduce speed violations. Since 1987, the professional driver's licenses in Turkey have been issued as smart cards. A professional driver is required to insert his driver's license into a digital tachograph before starting to drive. The tachograph unit records speed violations for each driver and gives a printed report. The driving hours for each driver are also being monitored and reported. In 1990 the European Union conducted a feasibility study through BEVAC Consulting Engineers, titled "Feasibility study with respect to a European electronic drivers license (based on a smart-card) on behalf of Directorate General VII". In this study, chapter seven describes Turkey's experience.

Argentina's Mendoza province began using smart card driver's licenses in 1995. Mendoza also had a high level of road accidents, driving offenses, and a poor record of recovering fines.^{[citation needed]} Smart licenses hold up-to-date records of driving offenses and unpaid fines. They also store personal information, license type and number, and a photograph. Emergency medical information such as blood type, allergies, and biometrics (fingerprints) can be stored on the chip if the card holder wishes. The Argentina government anticipates that this system will help to collect more than $10 million per year in fines.

In 1999 Gujarat was the first Indian state to introduce a smart card license system.^[25] As of 2005, it has issued 5 million smart card driving licenses to its people.^[26]

In 2002, the Estonian government started to issue smart cards named ID Kaart as primary identification for citizens to replace the usual passport in domestic and EU use. As of 2010 about 1 million smart cards have been issued (total population is about 1.3 million) and they are widely used in internet banking, buying public transport tickets, authorization on various websites etc.

By the start of 2009, the entire population of Belgium was issued eID cards that are used for identification. These cards contain two certificates: one for authentication and one for signature. This signature is legally enforceable. More and more services in Belgium use eID for authorization.^[27]

Spain started issuing national ID cards (DNI) in the form of smart cards in 2006 and gradually replaced all the older ones with smart cards. The idea was that many or most bureaucratic acts could be done online but it was a failure because the Administration did not adapt and still mostly requires paper documents and personal presence.^{[28][29][30][31]}

On August 14, 2012, the ID cards in Pakistan were replaced. The Smart Card is a third generation chip-based identity document that is produced according to international standards and requirements. The card has over 36 physical security features and has the latest^{[clarification needed]} encryption codes. This smart card replaced the NICOP (the ID card for overseas Pakistani).

Smart cards may identify emergency responders and their skills. Cards like these allow first responders to bypass organizational paperwork and focus more time on the emergency resolution. In 2004, The Smart Card Alliance expressed the needs: "to enhance security, increase government efficiency, reduce identity fraud, and protect personal privacy by establishing a mandatory, Government-wide standard for secure and reliable forms of identification".^[32]emergency response personnel can carry these cards to be positively identified in emergency situations. WidePoint Corporation, a smart card provider to FEMA, produces cards that contain additional personal information, such as medical records and skill sets.

In 2007, the Open Mobile Alliance (OMA) proposed a new standard defining V1.0 of the Smart Card Web Server (SCWS), an HTTP server embedded in a SIM card intended for a smartphone user.^[33] The non-profit trade association SIMalliance has been promoting the development and adoption of SCWS. SIMalliance states that SCWS offers end-users a familiar, OS-independent, browser-based interface to secure, personal SIM data. As of mid-2010, SIMalliance had not reported widespread industry acceptance of SCWS.^[34] The OMA has been maintaining the standard, approving V1.1 of the standard in May 2009, and V1.2 is expected was approved in October 2012.^[35]

Smart cards are also used to identify user accounts on arcade machines.^[36]

Public transit[edit]

SmartRider smart card (Transperth)

Smart cards, used as transit passes, and integrated ticketing are used by many public transit operators. Card users may also make small purchases using the cards. Some operators offer points for usage, exchanged at retailers or for other benefits.^[37] Examples include Singapore's CEPAS, Malaysia's Touch n Go, Ontario's Presto card, Hong Kong's Octopus card, London's Oyster card, Ireland's Leap card, Brussels' MoBIB, Québec's OPUS card, San Francisco's Clipper card, Auckland's AT Hop, Brisbane's go card, Perth's SmartRider, Sydney's Opal card and Victoria's myki. However, these present a privacy risk because they allow the mass transit operator (and the government) to track an individual's movement. In Finland, for example, the Data Protection Ombudsman prohibited the transport operator Helsinki Metropolitan Area Council (YTV) from collecting such information, despite YTV's argument that the card owner has the right to a list of trips paid with the card. Earlier, such information was used in the investigation of the Myyrmanni bombing.^{[citation needed]}

The UK's Department for Transport mandated smart cards to administer travel entitlements for elderly and disabled residents. These schemes let residents use the cards for more than just bus passes. They can also be used for taxi and other concessionary transport. One example is the "Smartcare go" scheme provided by Ecebs.^[38] The UK systems use the ITSO Ltd specification. Other schemes in the UK include period travel passes, carnets of tickets or day passes and stored value which can be used to pay for journeys. Other concessions for school pupils, students and job seekers are also supported. These are mostly based on the ITSO Ltd specification.

Many smart transport schemes include the use of low cost smart tickets for simple journeys, day passes and visitor passes. Examples include Glasgow SPT subway. These smart tickets are made of paper or PET which is thinner than a PVC smart card e.g. Confidex smart media.^[39] The smart tickets can be supplied pre-printed and over-printed or printed on demand.

In Sweden, as of 2018-2019, smart cards have started to be phased out and replaced by smart phone apps. The phone apps have less cost, at least for the transit operators who don't need any electronic equipment (the riders provide that). The riders are able buy tickets anywhere and don't need to load money onto smart cards. The smart cards are still in use for foreseeable future (as of 2019).

Video Games[edit]

In Japanese amusement arcades, contactless smart cards (usually referred to as "IC cards") are used by game manufacturers as a method for players to access in-game features (both online like KonamiE-Amusement and SEGAALL.Net and offline) and as a memory support to save game progress. Depending on a case by case scenario, the machines can utilize a game-specific card or a "universal" one usable on multiple machines from the same manufacturer/publisher. Amongst the most widely used there are Banapassport by Bandai Namco, e-Amusement Pass by Konami, Aime by SEGA and Nesica by Taito.

In 2018, in an effort to make arcade game IC cards more user friendly^[40], Konami, Bandai Namco and SEGA have agreed on a unified system of cards named Amusement IC. Thanks this agreement, the three companies are now using a unified card reader in their arcade cabinets, so that players are able to use their card, no matter if a Banapassport, a e-Amusement Pass or an Aime, with hardware and ID services of all three manufacturers. A common logo for Amusement IC cards has been created, and this is now displayed on compatible cards from all three companies. In January 2019, Taito announced^[41] that his Nesica card was also joining the Amusement IC agreement with the other three companies.

Computer security[edit]

Smart cards can be used as a security token.

Mozilla'sFirefoxweb browser can use smart cards to store certificates for use in secure web browsing.^[42]

Some disk encryption systems, such as VeraCrypt and Microsoft's BitLocker, can use smart cards to securely hold encryption keys, and also to add another layer of encryption to critical parts of the secured disk.

GnuPG, the well known encryption suite, also supports storing keys in a smart card.^[43]

Smart cards are also used for single sign-on to log on to computers.

Schools[edit]

Smart cards are being provided to students at some schools and colleges.^[44][45][46] Uses include:

• Tracking student attendance
• As an electronic purse, to pay for items at canteens, vending machines, laundry facilities, etc.
• Tracking and monitoring food choices at the canteen, to help the student maintain a healthy diet
• Tracking loans from the school library
• Access control for admittance to restricted buildings, dormitories, and other facilities. This requirement may be enforced at all times (such as for a laboratory containing valuable equipment), or just during after-hours periods (such as for an academic building that is open during class times, but restricted to authorized personnel at night), depending on security needs.
• Access to transportation services

Healthcare[edit]

Smart health cards can improve the security and privacy of patient information, provide a secure carrier for portable medical records, reduce health care fraud, support new processes for portable medical records, provide secure access to emergency medical information, enable compliance with government initiatives (e.g., organ donation) and mandates, and provide the platform to implement other applications as needed by the health care organization.^[47][48]

Other uses[edit]

Smart cards are widely used to encrypt digital television streams. VideoGuard is a specific example of how smart card security worked.

Multiple-use systems[edit]

The Malaysian government promotes MyKad as a single system for all smart-card applications. MyKad started as identity cards carried by all citizens and resident non-citizens. Available applications now include identity, travel documents, drivers license, health information, an electronic wallet, ATM bank-card, public toll-road and transit payments, and public key encryption infrastructure. The personal information inside the MYKAD card can be read using special APDU commands.^[49]

Security[edit]

Smart cards have been advertised as suitable for personal identification tasks, because they are engineered to be tamper resistant. The chip usually implements some cryptographic algorithm. There are, however, several methods for recovering some of the algorithm's internal state.

Differential power analysis involves measuring the precise time and electric current required for certain encryption or decryption operations. This can deduce the on-chip private key used by public key algorithms such as RSA. Some implementations of symmetric ciphers can be vulnerable to timing or power attacks as well.

Smart cards can be physically disassembled by using acid, abrasives, solvents, or some other technique to obtain unrestricted access to the on-board microprocessor. Although such techniques may involve a risk of permanent damage to the chip, they permit much more detailed information (e.g., photomicrographs of encryption hardware) to be extracted.

Benefits[edit]

The benefits of smart cards are directly related to the volume of information and applications that are programmed for use on a card. A single contact/contactless smart card can be programmed with multiple banking credentials, medical entitlement, driver's license/public transport entitlement, loyalty programs and club memberships to name just a few. Multi-factor and proximity authentication can and has been embedded into smart cards to increase the security of all services on the card. For example, a smart card can be programmed to only allow a contactless transaction if it is also within range of another device like a uniquely paired mobile phone. This can significantly increase the security of the smart card.

Governments and regional authorities save money because of improved security, better data and reduced processing costs. These savings help reduce public budgets or enhance public services. There are many examples in the UK, many using a common open LASSeO specification.^[50]

Individuals have better security and more convenience with using smart cards that perform multiple services. For example, they only need to replace one card if their wallet is lost or stolen. The data storage on a card can reduce duplication, and even provide emergency medical information.

Advantages[edit]

The first main advantage of smart cards is their flexibility. Smart cards have multiple functions which simultaneously can be an ID, a credit card, a stored-value cash card, and a repository of personal information such as telephone numbers or medical history. The card can be easily replaced if lost, and, the requirement for a PIN (or other form of security) provides additional security from unauthorised access to information by others. At the first attempt to use it illegally, the card would be deactivated by the card reader itself.

The second main advantage is security. Smart cards can be electronic key rings, giving the bearer ability to access information and physical places without need for online connections. They are encryption devices, so that the user can encrypt and decrypt information without relying on unknown, and therefore potentially untrustworthy, appliances such as ATMs. Smart cards are very flexible in providing authentication at different level of the bearer and the counterpart. Finally, with the information about the user that smart cards can provide to the other parties, they are useful devices for customizing products and services.

Other general benefits of smart cards are:

• Portability
• Increasing data storage capacity
• Reliability that is virtually unaffected by electrical and magnetic fields.

Smart cards and electronic commerce[edit]

Smart cards can be used in electronic commerce, over the Internet, though the business model used in current electronic commerce applications still cannot use the full potential of the electronic medium. An advantage of smart cards for electronic commerce is their use customize services. For example, in order for the service supplier to deliver the customized service, the user may need to provide each supplier with their profile, a boring and time-consuming activity. A smart card can contain a non-encrypted profile of the bearer, so that the user can get customized services even without previous contacts with the supplier.

Disadvantages[edit]

A false smart-card, with two 8-bit CMOSmicrocontrollers, used in the nineties to decode the signals of Sky Television.

The plastic or paper card in which the chip is embedded is fairly flexible. The larger the chip, the higher the probability that normal use could damage it. Cards are often carried in wallets or pockets, a harsh environment for a chip and antenna in contactless cards. PVC cards can crack or break if bent/flexed excessively. However, for large banking systems, failure-management costs can be more than offset by fraud reduction.^{[citation needed]}

The production, use and disposal of PVC plastic is known to be more harmful to the environment than other plastics.^[51] Alternative materials including chlorine free plastics and paper are available for some smart applications.

If the account holder's computer hosts malware, the smart card security model may be broken. Malware can override the communication (both input via keyboard and output via application screen) between the user and the application. Man-in-the-browser malware (e.g., the Trojan Silentbanker) could modify a transaction, unnoticed by the user. Banks like Fortis and Belfius in Belgium and Rabobank ("random reader") in the Netherlands combine a smart card with an unconnected card reader to avoid this problem. The customer enters a challenge received from the bank's website, a PIN and the transaction amount into the reader. The reader returns an 8-digit signature. This signature is manually entered into the personal computer and verified by the bank, preventing point-of-sale-malware from changing the transaction amount.

Smart cards have also been the targets of security attacks. These attacks range from physical invasion of the card's electronics, to non-invasive attacks that exploit weaknesses in the card's software or hardware. The usual goal is to expose private encryption keys and then read and manipulate secure data such as funds. Once an attacker develops a non-invasive attack for a particular smart card model, he or she is typically able to perform the attack on other cards of that model in seconds, often using equipment that can be disguised as a normal smart card reader.^[52] While manufacturers may develop new card models with additional information security, it may be costly or inconvenient for users to upgrade vulnerable systems. Tamper-evident and audit features in a smart card system help manage the risks of compromised cards.

Another problem is the lack of standards for functionality and security. To address this problem, the Berlin Group launched the ERIDANE Project to propose "a new functional and security framework for smart-card based Point of Interaction (POI) equipment".^[53]

See also[edit]

References[edit]

The 2964 is the IBM z13. New market forces are changing the face of every industry, requiring almost every business to transform. Successful leaders see possibilities by embracing digital business. This means supporting existing clients with new services and offerings, while providing an environment that helps previously underserved businesses and citizens to gain access to products, services, and societal benefits. A successful journey through your transformation requires an underlying IT infrastructure that is efficient, secure, adaptive, and integrated. This IT infrastructure must be designed to handle the explosive growth of increasingly mobile clients and employees, able to leverage new and vast amounts of data, and able to provide deeper real-time insight at the point of the greatest business impact, and it needs to do this with a secure and resilient cloud-ready infrastructure.

Also, IBM System z has been renamed to IBM z Systems. This new name will encompass every IBM Mainframe from S/360 through the new z13, and all future systems. The name change serves to signal evolution of the product line, positioning of expanding capabilities, and the role of the mainframe in the new digital era of IT.

The IBM z13 provides the infrastructure that will help differentiate you as a refined digital business. It offers the capacity and processing power to improve business performance and growth. It helps better protect sensitive transactions to minimize business risk and client exposure, and it helps to deliver on service level agreements for an exceptional customer experience. New economic efficiencies allow the IBM z13 to offer more throughput and capabilities with less impact to the IT budget.

z/OS V2.1 running on IBM z13 sets the groundwork for digital business by providing the foundation you need to support demanding workloads such as operational analytics and clouds alongside your traditional mission-critical applications. z/OS V2.1 continues to support the z Integrated Information Processor (zIIP) which can take advantage of simultaneous multithreading. z/OS V2.1 is designed to support the new vector extension facility (SIMD) instructions available on IBM z13 servers to provide a powerful framework for development of new Business Analytics workloads, porting math- intensive workloads from other platforms, and accelerating Business Analytics workloads on IBM z13.

z/OS features many I/O-related enhancements such as extending the reach of workload management into the SAN fabric. With enhancements to management and operations, z/OS V2.1 and z/OS Management Facility V2.1 can help systems administrators and other personnel handle configuration tasks with ease. Recent Mobile Workload Pricing for z/OS can help reduce the cost of growth for mobile transactions processed by programs such as IBM CICS Transaction Server for z/OS, IMS, and DB2 for z/OS.

The new 141-core design delivers massive scale across all workloads and enables cost-saving consolidation opportunities. z/VM V6.3 has been enhanced to exploit simultaneous multithreading offered on the new processor chip. When running on IBM z13, z/VM supports twice as many processors (up to 64) or as many as 64 threads for Linux workloads. With support for sharing OSA-Express Port Groups across z/VM systems within a central processor complex (CPC), z/VM V6.3 delivers increased optimization of OSA-Express and reduced cost of ownership for IEEE 802.3 Link Aggregation networking environments.

The IBM z13 brings a new approach for enterprise-grade Linux with offerings and capabilities for availability, virtualization with z/VM, and a focus on open standards and architecture with new support of KVM on the mainframe (see Statement of General Direction). Best of all, many of our clients have IBM zEnterprise EC12 (zEC12) and IBM zEnterprise 196 (z196) servers, which can be upgraded to the IBM z13 for the greatest levels of investment protection.

This extends IBM z Systems leadership with:

• Up to 40% more total system capacity compared to the zEC12
• Up to 10 terabytes (TB) of available Redundant Array of Independent Memory (RAIM) real memory per server
• Cryptographic performance improvements with new Crypto Express5S
• Economies of scale with simultaneous multithreading delivering more throughput for Linux and zIIP-eligible workloads
• Improved performance of complex mathematical models, perfect for analytics processing, with Single Instruction Multiple Data (SIMD)
• IBM zAware cutting-edge pattern recognition analytics for fast insight into system health extended to Linux on z Systems
• A reduction in elapsed time for I/O-bound batch jobs with new FICON Express16S versus FICON Express8S
• Support for larger memory configurations planned to be supported on z/OS systems, which can be used to improve transaction response times, lower CPU costs, simplify capacity planning and ease deploying memory-intensive workloads (The IBM z13 offers up to 10 TB memory.)
• I/O service time improvement when writing data remotely using the new zHPF Extended Distance II
• Support for up to 256 coupling CHPIDs, which provides enhanced connectivity and scalability for a growing number of coupling channel types
• IBM Integrated Coupling Adapter (ICA SR), which offers greater short reach coupling connectivity than existing link technologies and enables greater overall coupling connectivity per IBM z13 than prior server generations
• Capability to extend z/OS workload management policies into the SAN fabric
• New rack-mounted Hardware Management Console (HMC), helping to save space in the data center
• Nonraised floor option, offering flexible possibilities for the data center
• Optional water cooling, providing the ability to cool systems with user-chilled water
• Optional high-voltage dc power, which can help IBM z Systems clients save on their power bills
• Optional top exit power and I/O cabling designed to provide increased flexibility
• New IBM z BladeCenter Extension (zBX) Model 004 in support of heterogeneous resources managed by IBM z Unified Resource Manager

Model abstract 2964-N30

The IBM 2964 z13 Model N30 has 1 to 30 PUs, 64 to 2464 GB memory, 4 GX++ I/O hubs, 0 to 2 I/O drawers, 10 PCI-e I/O hubs, and 0 to 2.5 PCI-e drawers.

Model abstract 2964-N63

The IBM 2964 z13 Model N63 has 1 to 63 PUs, 64 to 5024 GB memory, 8 GX++ I/O hubs, 0 to 2 I/O drawers, 20 PCI-e I/O hubs, and 0 to 5 PCI-e drawers.

Model abstract 2964-N96

The IBM 2964 z13 Model N96 has 1 to 96 PUs, 64 to 7584 GB memory, 12 GX++ I/O hubs, 0 to 2 I/O drawers, 30 PCI-e I/O hubs, and 0 to 5 PCI-e drawers.

Model abstract 2964-NC9

The IBM 2964 z13 Model NC9 has 1 to 129 PUs, 64 to 10144 GB memory, 16 GX++ I/O hubs, 0 to 2 I/O drawers, 40 PCI-e I/O hubs, and 0 to 5 PCI-e drawers.

Model abstract 2964-NE1

The IBM 2964 z13 Model NE1 has 1 to 141 PUs, 64 to 10144 GB memory, 16 GX++ I/O hubs, 0 to 2 I/O drawers, 40 PCI-e I/O hubs, and 0 to 5 PCI-e drawers.

IBM z13 delivers a data and transaction system reinvented as a system of insight for digital business. The z13 extends IBM z Systems leadership with:

• Enhancements for creating an exceptional client experience
  • Improved ability to meet Service Level Agreements with new processor chip technology that includes simultaneous multithreading, analytical vector processing, redesigned and larger cache, and enhanced accelerators for hardware compression and cryptography
  • Better availability and more efficient use of critical data with up to 10 TB available RAIM memory
  • Validation of transactions, network management, and assignment of business priority for SAN devices available with updates to the I/O subsystem
  • Continued management of heterogeneous workloads with IBM z BladeCenter Extension (zBX) Model 004 and IBM z Unified Resource Manager
• IT infrastructure with new economics
  • Consolidation savings with 40% more total capacity in the same footprint, improved scaling and connectivity for coupling, improved sharing capabilities for networking and cryptographic features, and increased LPAR support
  • Large memory on z/OS which can be used to improve transaction response times, lower CPU costs, simplify capacity planning and ease deploying memory intensive workloads. The IBM z13 offers up to 10 TB memory.
  • Potential to lower client costs, and to improve performance and availability by supporting the sharing of switches between FICON and FCP
  • Technology Update Pricing for IBM z13
• Trustful, reliable, and secure operations to lessen business risk
  • Stronger and faster protection and integrity of data across an enterprise cloud environment with new Crypto Express5S cryptographic adapter
  • Enhanced public key support for constrained digital environments using Elliptic Curve Cryptography (ECC) for users such as Chrome, Firefox, and Apple's iMessage
  • Ability to minimize reformatting of databases with new exploitation of VISA format preserving encryption (FPE) for credit card numbers
  • Faster insight into the health of your Linux system with new IBM zAware pattern recognition analytics extended to Linux on z Systems
• Full upgradability to IBM z13 from IBM zEnterprise EC12 and zEnterprise 196, and full upgradability within the IBM z13 family

The IBM z13 provides the infrastructure that will help differentiate you as a refined digital business. It offers the capacity and processing power to improve business performance and growth. It helps better protect sensitive transactions to minimize business risk and client exposure, and it helps to deliver on service level agreements for an exceptional customer experience. New economic efficiencies allow the IBM z13 to offer more throughput and capabilities with less impact to the IT budget.

z/OS V2.1 running on IBM z13 sets the groundwork for digital business by providing the foundation you need to support demanding workloads such as operational analytics and clouds alongside your traditional mission-critical applications. z/OS V2.1 continues to support the z Integrated Information Processor (zIIP) which can take advantage of simultaneous multithreading. z/OS V2.1 is designed to support the new vector extension facility (SIMD) instructions available on IBM z13 servers to provide a powerful framework for development of new Business Analytics workloads, porting math- intensive workloads from other platforms, and accelerating Business Analytics workloads on IBM z13.

z/OS features many I/O-related enhancements such as extending the reach of workload management into the SAN fabric. With enhancements to management and operations, z/OS V2.1 and z/OS Management Facility V2.1 can help systems administrators and other personnel handle configuration tasks with ease. Recent Mobile Workload Pricing for z/OS can help reduce the cost of growth for mobile transactions processed by programs such as IBM CICS Transaction Server for z/OS, IMS, and DB2 for z/OS.

The 141-core design delivers massive scale across all workloads and enables cost-saving consolidation opportunities. z/VM V6.3 has been enhanced to exploit simultaneous multithreading offered on the new processor chip. When running on IBM z13, z/VM supports twice as many processors (up to 64) or as many as 64 threads for Linux workloads. With support for sharing OSA-Express Port Groups across z/VM systems within a central processor complex (CPC), z/VM V6.3 delivers increased optimization of OSA-Express and reduced cost of ownership for IEEE 802.3 Link Aggregation networking environments.

The IBM z13 brings a new approach for enterprise-grade Linux with offerings and capabilities for availability, virtualization with z/VM, and a focus on open standards and architecture with new support of KVM on the mainframe (see Statement of General Direction). Best of all, many of our clients have IBM zEnterprise EC12 (zEC12) and IBM zEnterprise 196 (z196) servers, which can be upgraded to the IBM z13 for the greatest levels of investment protection.

The z13 extends IBM z Systems leadership with:

• Up to 40% more total system capacity compared to the zEC12
• Up to 10 terabytes (TB) of available Redundant Array of Independent Memory (RAIM) real memory per server
• Cryptographic performance improvements with new Crypto Express5S
• Economies of scale with simultaneous multithreading delivering more throughput for Linux and zIIP-eligible workloads
• Improved performance of complex mathematical models, perfect for analytics processing, with Single Instruction Multiple Data (SIMD)
• IBM zAware cutting-edge pattern recognition analytics for fast insight into system health extended to Linux on z Systems
• A reduction in elapsed time for I/O-bound batch jobs with new FICON Express16S versus FICON Express8S
• Support for larger memory configurations planned to be supported on z/OS systems, which can be used to improve transaction response times, lower CPU costs, simplify capacity planning and ease deploying memory-intensive workloads (The IBM z13 offers up to 10 TB memory.)
• I/O service time improvement when writing data remotely using the zHPF Extended Distance II
• Support for up to 256 coupling CHPIDs, which provides enhanced connectivity and scalability for a growing number of coupling channel types
• IBM Integrated Coupling Adapter (ICA SR), which offers greater short reach coupling connectivity than existing link technologies and enables greater overall coupling connectivity per IBM z13 than prior server generations
• Capability to extend z/OS workload management policies into the SAN fabric
• New rack-mounted Hardware Management Console (HMC), helping to save space in the data center
• Nonraised floor option, offering flexible possibilities for the data center
• Optional water cooling, providing the ability to cool systems with user-chilled water
• Optional high-voltage dc power, which can help IBM z Systems clients save on their power bills
• Optional top exit power and I/O cabling designed to provide increased flexibility
• IBM z BladeCenter Extension (zBX) Model 004 in support of heterogeneous resources managed by IBM z Unified Resource Manager

A member of the IBM z family, the IBM z13 (z13)*, is designed from the chip level for data serving and transaction processing. There is unmatched support for data including a strong, fast I/O infrastructure, cache on the processor chip to bring data close to processing power, security and compression capabilities of the coprocessors and I/O features, and the 99.999% data availability design of our coupling technologies. The IBM z13 intelligent design delivers new levels of performance and capacity for large-scale consolidation and growth. The IBM z13 is designed to provide:

• Up to 10% faster uniprocessor performance as compared to zEC12
• Up to 40% system capacity performance improvement over zEC12 101 way
• 141 cores to configure (versus 101 on zEC12)
• 231 capacity settings (versus 161 on zEC12)
• Up to 10 TB RAIM memory to improve transaction response times, lower CPU costs, simplify capacity planning and ease deploying memory intensive workloads
• z/Architecture enhancements designed to enable performance improvements in Linux, Java, and DB2
• Enhanced cache design which is designed to provide twice as much second level cache and substantially more third and fourth level caches compared to the zEC12, helping to avoid untimely swaps and memory waits while maximizing the throughput of concurrent workloads
• Features and functions for the storage area network:
  • The newest generation of FICON features, FICON Express16S 10KM LX and FICON Express16S SX, are designed to support a link rate of 16 Gbps with reduced latency for large read/write operations and increased bandwidth.
  • Forward Error Correction (FEC) capabilities have been added to the FICON Express16S channels which allows those channels to operate at higher speeds, over longer distances, with reduced power and higher throughput, while retaining the same resiliency and robustness that clients have come to expect from their FICON channels.
  • FICON Dynamic Routing enables exploitation of Storage Area Network (SAN) dynamic routing polices in the fabric to lower cost, improve performance, and simplify systems management for supporting I/O devices.
  • Storage Area Network (SAN) Fabric I/O Priority extends the z/OS Work Load Manager to the SAN fabric providing improved resilience and autonomic capabilities.
  • High Performance FICON for z Systems (zHPF) has been enhanced to allow all large write operations (> 64 KB) at distances up to 100 km to be executed in a single round trip to the control unit thereby not elongating the I/O service for these write operations at extended distances.
  • Improved channel subsystem (CSS) scalability supports six logical channel subsystems (LCSS), four subchannel sets (to support more devices per logical channel subsystem), and 32K devices per FICON channel.
• Support for up to 256 coupling CHPIDs per CPC to provide enhanced connectivity and scalability for a growing number of coupling channel types
• IBM Integrated Coupling Adapter (ICA SR) which offers greater short reach coupling connectivity than existing link technologies and enables greater overall coupling connectivity per CPC footprint than prior server generations
• Flash Express to handle paging workload spikes and improve application availability
• IBM zAware support for Linux on z Systems for improved problem determination
• Cryptographic performance improvements with Crypto Express5S and CP Assist for Cryptographic Function (CPACF)
• Improved performance of complex mathematical models, perfect for analytics processing, with Single Instruction Multiple Data (SIMD)
• z/VM support for IBM z13 including:
  • Improved price performance with support for multithreading technology for Linux workloads
  • Support for twice as many processors - 64 threads when simultaneous multithreading (SMT) is enabled or 64 cores when SMT is not enabled
  • Increased availability and reduced cost of ownership in network environments by sharing OSAs across z/VM systems
• zBX Model 004 standalone upgradability from zBX Model 002 and zBX Model 003
• Full upgradability to IBM z13 from IBM zEnterprise EC12 and zEnterprise 196, and full upgradability within the IBM z13 family

The performance advantage

IBM's Large Systems Performance Reference (LSPR) method is designed to provide comprehensive z/Architecture processor capacity ratios for different configurations of Central Processors (CPs) across a wide variety of system control programs and workload environments. For IBM z13, the z/Architecture processor capacity indicator is defined with a 4XX, 5XX, 6XX, or 7XX notation, where XX is the number of installed CPs.

In addition to the general information provided for z/OS V2.1, the LSPR also contains performance relationships for z/VM and Linux operating environments.

The performance of an IBM z13 (2964) processor is expected to be up to 1.1 times the performance of a zEC12 (2827) based on workload and model. The largest IBM z13 (2964-7E1) is expected to provide up to 1.4 times the capacity of the largest zEC12 (2827-7A1).

The IFL and zIIP processors on the IBM z13 also provide an optional IBM z13 multithreading technology capability; with the multithreading function enabled, the performance capacity of the IFL is expected to be up to 1.3 times the performance capacity of these processors on the zEC12; the performance capacity of the zIIP processors is expected to be up to 1.4 times the performance capacity of these processors on the zEC12.

The LSPR contains the Internal Throughput Rate Ratios (ITRRs) for the IBM z13 and the previous-generation IBM z Systems processor families based upon measurements and projections using standard IBM benchmarks in a controlled environment. The actual throughput that any user may experience will vary depending upon considerations such as the amount of multiprogramming in the user's job stream, the I/O configuration, and the workload processed. Therefore, no assurance can be given that an individual user will achieve throughput improvements equivalent to the performance ratios stated.

For more detailed performance information, consult the Large Systems Performance Reference (LSPR) available at:

Simultaneous multithreading (SMT)

Incremental throughput is achieved partly because the new processor chip offers intelligently implemented 2-way simultaneous multithreading. Simultaneous multithreading (SMT) allows two active instruction streams per core, each dynamically sharing the core's execution resources. SMT will be available in IBM z13 for workloads running on the Integrated Facility for Linux (IFL) and the IBM z Integrated Information Processor (zIIP).

Each software Operating System / Hypervisor has the ability to intelligently drive SMT in a way that is best for its unique requirements. z/OS SMT management consistently drives the cores to high thread density, in an effort to reduce SMT variability and deliver repeatable performance across varying CPU utilization - thus providing more predictable SMT capacity. z/VM SMT management optimizes throughput by spreading a workload over the available cores until it demands the additional SMT capacity.

Next-generation availability

The IBM z13 continues the drive for continuous reliable operation provided by its predecessors with the following Reliability, Availability and Serviceability (RAS) improvements:

• Improved soft error resilience in the processor cores
• Lane shadowing, hardware buffer retry, and independent channel recovery which are designed to improve the DIMM interface
• Continued use of RAIM in the main memory to protect DRAM
• Improved robustness in the level 3 and level 4 cache
• Improved FRU isolation with the addition of integrated time domain reflectometry logic to chip interfaces
• RAS changes to adjust to the new CPC drawer structure
• Enhanced integrated sparing designed to reduce the complexity and number of repair actions

Flash Express is designed to help improve availability and handling of paging workload spikes when running z/OS V1.13 with the z/OS V1.13 RSM Enablement Offering web deliverable, and this function is integrated in z/OS V2.1. With this support, z/OS is designed to help improve system availability and responsiveness by using Flash Express across transitional workload events such as market openings, and diagnostic data collection. z/OS is also designed to help improve processor performance by supporting middleware exploitation of pageable large (1 MB) pages. Flash Express can also be used in coupling facility images to provide extended capacity and availability for workloads making use of Websphere MQ Shared Queues structures, as previously announced for zEC12. Using Flash Express can help availability by reducing latency from paging delays that can occur at the start of the workday or during other transitional periods. It is also designed to help eliminate delays that can occur when collecting diagnostic data during failures. Flash Express can therefore help organizations meet their most demanding service level agreements enabling them to compete more effectively. Flash Express is designed to be easy to configure, and to provide rapid time to value.

IBM zAware: With IBM zEnterprise EC12 and BC12, IBM introduced a new technology, IBM zAware, based on machine learning developed by IBM Research.

The new version of IBM zAware introduces a new generation of technology with improved analytics to provide better results. The previous version of IBM zAware required message streams with well- formed message IDs; now IBM zAware can process message streams that do not have message IDs. This opens up new possibilities going forward with the ability to handle a broader variety of unstructured data.

IBM zAware delivered on IBM z13 builds on previous IBM zAware function with:

• Support for Linux on z Systems message log analysis
• Support for native or guest Linux on z Systems images
• The ability to process message streams with no message IDs
• The ability to group multiple systems that have similar operational characteristics for modeling and analysis
  • Recognition of dynamic activation and deactivation of a Linux image into a group, and appropriate modeling and analysis.
  • Aggregated Sysplex view for z/OS and system views.
  • User-defined grouping. For Linux on IBM z Systems, the user can group multiple systems' data into a combined model: by workload (one for all web servers, one for all databases, and so on); by 'solution' (for instance, one model for your cloud); or by VM host.
• Heat map display which provides a consolidated/aggregated/higher level view with the ability to drill down to detail views
• Improved usability and GUI functional enhancements addressing many customer requirements
  • Enhanced filtering and visualization, with better use of GUI real estate
  • Improved UI navigation
  • Display of local time in addition to UTC time
  • Enhancements based on IBM One UI guidelines
• Enhanced analytics
• More robust data store
• Expanded browser support with Mozilla Firefox 31 and Internet Explorer 9, 10, and 11

IBM zAware is designed to use near real-time continuous learning algorithms, providing a diagnostics capability intended to help you quickly pinpoint problems, which in turn, can lead to better availability and a more efficient system. IBM zAware uses analytics to intelligently examine z/OS or Linux on z Systems messages to find unusual patterns, inconsistencies, and variations. Large operating system environments can sometimes generate more than 25 million messages per day. This can make manual analysis time-consuming and error-prone when exceptional problems occur. IBM zAware provides a simple graphical user interface (GUI) and APIs to help you find message anomalies quickly which can help speed problem resolution when seconds count.

Common Criteria Evaluation Assurance Level 5+ (EAL 5+) certification

The IBM z13 is designed for Common Criteria Evaluation Assurance Level 5+ (EAL 5+) certification for security of logical partitions. This means that the IBM z13 is designed to prevent an application running on one operating system image on one LPAR from accessing application data running on a different operating system image on another LPAR on the server.

Common Cryptographic Architecture (CCA) enhancements

VISA Format Preserving Encryption (VFPE)

Support for VISA Format Preserving Encryption (VFPE) algorithms in CCA-based callable services. This support will rely on the Crypto Express5S coprocessor. Format Preserving Encryption (FPE) refers to a method of encrypting data such that the resulting cipher-text has the same format and length as the input-clear text. This helps allow legacy databases to contain encrypted data of sensitive fields without having to restructure the database or applications. Supported are functions for the VISA Data Secure Platform (Visa DSP) with Point to Point Encryption technology. Three new Visa DSP-related callable services are added to the CCA API. In addition to VFPE, support for the Visa DSP standard TDES encryption method is also available.

Greater than 16 Domain support

Support to allow a cryptographic coprocessor to be shared across more than 16 domains, up to the maximum number of LPARs on the system. With the adjunct processor (AP) extended addressing (APXA) facility installed, the z Systems crypto architecture can support greater than 16 domains in an AP. Customers will have the flexibility of mapping individual LPARs to unique crypto domains or continuing to share crypto domains across LPARs.

Trusted Key Entry (TKE) 8.0 Licensed Internal Code (LIC)

The following functions are planned to be supported in the TKE 8.0 level of LIC:

The Crypto Express5S Coprocessor support: TKE 8.0 is required for managing Crypto Express5S cryptographic coprocessors and manages them through the same Crypto Module notebook functions as previous generations of Cryptographic modules. The configuration migration tasks feature of the TKE is planned to be enhanced to also support the Crypto Express5S coprocessor. You can use TKE 8.0 to collect data from previous generations of Cryptographic modules and apply the data to Crypto Express5S coprocessors.

FIPS Certified Smart Card: A FIPS certified smart card, part number 00JA710, is now included in the smart card reader and additional smart cards optional features. The new smart card part number is 00JA710.

Crypto Coprocessors with more than 16 domains: TKE 8.0 is planned to allow the management of domains beyond the current limit of 16. This support will require the latest levels of code on the IBM z13 to allow more than 16 domains on the Crypto Express5S. This support is only available with z13.

Full function migration wizard for EP11: The full function migration wizard is designed to provide the ability to quickly and accurately collect and apply data to the Crypto Express features configured as EP11 coprocessors. This wizard previously supported CCA, however Crypto Module Group support has been removed: Crypto Module Groups are no longer supported on TKE 8.0. All group management must now be done from a Domain Group.

New master key management functions: TKE 8.0 is planned to allow support of two new master key management functions which are available when managing any type of master key:

1. Generate a set of master key parts wizard-like feature which allows you to create a new key part for each of the different types of master keys.
2. Load all new master keys wizard-like feature which allows you to load a new key for each of the different types of master keys.

Smart Card Readers Available indicator TKE 8.0 is planned to now display a window title that will include information if the smart card readers are available if the application or utility has access to smart card readers.

Configure Displayed Hash Size: TKE 8.0 is planned to support a configuration to allow the administrator to set the display length of certain hash values displayed on the TKE workstation. Hash types that can be affected by this function are: MDC-4, SHA-1, AES-VP, and ENC-ZERO. The Configure Display Hash Size utility is only available when you have signed on with the Privileged Mode Access user ID of ADMIN.

ECC Authority Signature Keys: TKE 8.0 is planned to allow a user to select a key strength of 320-bit ECC key when creating an Authority Signature Key that is to be assigned to an Authority Index on a Crypto Express5S coprocessor. This option is only available when you are creating an Authority Signature key from inside a Crypto Module Notebook of a Crypto Express5S.

Print Capability: TKE 8.0 is planned to have limited print support. The Configure Printers utility allows the administrator to add printers to the TKE. The only printers allowed to be added are printers that have device drivers on the TKE including the GUTENPRINT and HPLIP device driver packages. You will not be able to load your own device drivers.

New Features in the Crypto Node Management (CNM) Utility: The TKE Workstation Setup utility allows you to load and save user roles and profiles. The CNM utility now has stand-alone launch points for these two tasks in the Access Control pull down menu.

ENC-Zero Verification Pattern for 24-byte DES Operational Keys: TKE 8.0 is planned to support an ENC-Zero verification pattern that is computed and displayed with 24-byte DES operational keys.

Usability Enhancements: TKE 8.0 is planned to have many usability enhancements including the ability for users to select a check box that will allow them to change their passphrase on the logon screen for a passphrase profile. Additionally, users can now select multiple items in the Hosts container, Crypto Module Groups container, or Domain Groups container of the main window of the TKE application. If more than one item is selected, you can delete all of the definitions or close all of the hosts or groups at once.

FICON Express16S - a new generation for FICON, zHPF, and FCP

IBM is releasing a new I/O infrastructure that will strengthen the synergy between DS8870 and IBM z Systems, delivering improved, predictable and repeatable performance, and enhanced resiliency for mission critical environments. IBM plans to announce the support of this new I/O infrastructure for DS8870 Storage Systems in May of 2015.

Note: IBM's statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM's sole discretion. Information regarding potential future products is intended to outline our general product direction and it should not be relied on in making a purchasing decision. The information mentioned regarding potential future products is not a commitment, promise, or legal obligation to deliver any material, code, or functionality. Information about potential future products may not be incorporated into any contract. The development, release, and timing of any future features or functionality described for our products remain at our sole discretion.

With the introduction of FICON Express16S on the IBM z13, you now have additional growth opportunities for your storage area network (SAN). FICON Express16S supports a link data rate of 16 gigabits per second (Gbps) and auto-negotiation to 4 or 8 Gbps for synergy with existing switches, directors, and storage devices. With support for native FICON, High Performance FICON for z Systems (zHPF), and Fibre Channel Protocol (FCP), the IBM z13 server enables you to position your SAN for even higher performance -- helping you to prepare for an end-to-end 16 Gbps infrastructure to meet the lower latency and increased bandwidth demands of your applications.

The FICON Express16S channel will work with your existing fiber optic cabling environment, both single mode and multimode optical cables. The FICON Express16S feature running at end-to-end 16 Gbs link speeds will provide reduced latency for large read/write operations and increased bandwidth compared to the FICON Express8S feature.

Increased performance for the zHPF protocol: In laboratory measurements using FICON Express16S in an IBM z13 with the zHPF protocol and small data transfer I/O operations, FICON Express16S operating at 16 Gbps achieved a maximum of 93,000 IOs/sec. In laboratory measurements, using FICON Express16S in an IBM z13 with the zHPF protocol and a mix of large sequential read and write data transfer I/O operations, FICON Express16S operating at 16 Gbps achieved a maximum throughput of 2600 MB/sec (reads + writes) compared to a maximum of 1600 MB/sec (reads + writes) achieved with FICON Express8S operating at 8 Gbps. This represents an approximately 63% increase. This performance data was measured in a controlled environment running an I/O driver program under z/OS. The actual throughput or performance that any user will experience will vary depending upon considerations such as the amount of multiprogramming in the user's job stream, the I/O configuration, the storage configuration, and the workload processed.

Increased performance for the FCP protocol: A FICON Express16S feature, when defined as CHPID type FCP, conforms to the Fibre Channel Protocol (FCP) standard to support attachment of SCSI devices, to complement the classical storage attachment supported by FICON and zHPF channels.

In laboratory measurements, using FICON Express16S in an IBM z13 with the FCP protocol for small data transfer I/O operations, FICON Express16S operating at 16 Gbps achieved a maximum of 110,000 IOs/sec, compared to the maximum of 92,000 IOs/sec achieved with FICON Express8S operating at 8 Gbps.

In laboratory measurements, using FICON Express16S in an IBM z13 with the FCP protocol and FICON Express16S operating at 16 Gbps, FICON Express16S achieved a maximum throughput of 2560 MB/sec (reads + writes) compared to the maximum of 1600 MB/sec (reads + writes) achieved with FICON Express8S operating at 8 Gbps. This represents approximately a 60% increase. The actual throughput or performance that any user will experience will vary depending upon considerations such as the amount of multi-programming in the user's job stream, the I/O configuration, the storage configuration, and the workload processed.

With the introduction of the FICON Express16S in an IBM z13 operating using the FCP protocol, several recommended and allowable operating characteristic values have increased which will enable additional workload consolidation. Specifically, the recommended maximum number of NPIV hosts defined to any single physical FCP channel has increased from 32 to 64, the allowable maximum number of remote N_Ports a single physical channel can communicate with has increased from 512 to 1024, an the maximum number of LUNs addressable by a single physical channel has increased from 4096 to 8192. In support of these increases, the FCP channels have also been designed to now support 1528 concurrent I/O operations, an increase from the prior generation FCP channel limit of 764.

The FCP protocol is supported by z/VM, z/VSE (TM), and Linux on IBM z Systems. Refer to the Software requirements section.

16Gb FICON & FC host adapters on IBM DS8870: Improve SAN performance and resiliency with faster 16Gb Fibre Channel and FICON host adapters on DS8870. For DB2 Log Writes, this new host adapter will help to improve the efficiency of the 16 Gbps zHPF and heritage FICON to reduce large log write latency, resulting in DB2 transactional latency improvements for applications and middleware, including SAP. For managed file transfer with Connect Direct these new host adapters can help to reduce elapsed times. In addition, I/O bound batch jobs will improve lapsed times.

FCP SAN Explorer FCP SAN Explorer: A new function is available on the HM through the Problem Determination panels that provides a centralized vie of Storage SAN facilities available to an FCP channel. The tool facilitates configuration setting and debug without requiring an operating system to be running. It does require the IBM z13 to have completed an Initial Machine Load (IML) and the partitions of interest t be activated. The tool can also operate concurrently with customer I/O workloads in a non-disruptive manner. It provides an operator with a layered view of the SAN environment. Specifically, device numbers (hosts assigned to a partition, the fabric zone members available to the host, the remote end port error statistics, the accessible logical unit number (LUN's) and basic LUN configuration information can be queried and displayed using this tool. This data can also optionally be exported in CSV format.

Cleaning discipline for FICON Express16S fiber optic cabling

With the introduction of 16 Gbps link data rates, it is even more critical to ensure your fiber optic cabling infrastructure performs as expected. With proper fiber optic cleaning and maintenance, you can be assured that the "data gets through."

With 16 Gbps link data rates over multimode fiber optic cabling, link loss budgets and distances are reduced. Single mode fiber optic cabling is more "reflection sensitive." With high link data rates and single mode fiber optic cabling there is also less margin for error. The cabling is no longer scratch-tolerant and contaminants such as dust and oil can present a problem.

To keep the data flowing, proper handling of fiber trunks and jumper cables is critical as well as thorough cleaning of fiber optic connectors. Work with your data center personnel or IBM personnel to ensure you have fiber optic cleaning procedures in place.

Enabling the Transition to FICON Express16S with Forward Error Correction (FEC)

FICON Express16S channels running at 16 Gbps can take advantage of Forward Error Correction (FEC) capabilities when connected to devices that support FEC. FEC allows FICON Express16S channels to operate at higher speeds, over longer distances, with reduced power and higher throughput, while retaining the same reliability and robustness that FICON channels have traditionally been known for. FEC is a technique used for controlling errors in data transmission over unreliable or noisy communication channels. When running at 16 Gbps link speeds, clients should see fewer I/O errors, thus easing the transition to the high-speed link technologies and reducing the potential impact to production workloads by I/O errors.

Forward Error Correction Codes support on 16Gbps adapters on IBM DS8870: For Peer to Peer Remote Copies, FEC helps to preserve data reliability. This enhancement is designed to provide the equivalent reliability improvement as doubling the optical signal strength.

FICON Dynamic Routing

With the IBM z13 server, FICON channels are no longer restricted to the use of static Storage Area Network (SAN) routing policies for Inter-Switch Links (ISLs) for cascaded FICON directors. The z Systems feature that supports dynamic routing in the Storage Area Network (SAN) is called FICON Dynamic Routing (FIDR). It is designed to support the dynamic routing policies provided by the FICON Director manufacturers, for example, Brocade's Exchange Based Routing (EBR) and Cisco's Open Exchange ID Routing (OxID). Please check with the switch provider for their support statement.

FICON Dynamic Routing can help clients reduce costs by having the ability to share SANs between their FICON and FCP traffic, improve performance due to SAN dynamic routing policies better exploiting all the available ISL bandwidth through higher utilization of the ISLs, and simplify management of their SAN fabrics due to static routing policies assigning different ISL routes with each power-on-reset which makes the SAN fabric performance difficult to predict.

Clients will need to ensure that all devices in their FICON SAN support FICON Dynamic Routing before they implement this feature.

FICON Dynamic Routing on IBM DS8870 enables clients to use SAN dynamic routing policies across cascaded FICON Directors to simplify configuration and capacity planning, and to provide persistent and repeatable performance and higher resiliency. In Peer to Peer Remote Copy configurations sharing of switches is simplified and hardware costs can be reduced by allowing FICON and FCP to share the same switch infrastructure. IBM's Metro Mirror technology uses FCP as the transport. So, now FICON and Metro Mirror can flow over the same Inter Switch Links (ISLs) and be managed with consistent fabric priority, described below.

Storage Area Network (SAN) Fabric I/O Priority

This function on the IBM z13 provides the ability for z/OS to specify an I/O priority for the SAN fabric to utilize. This capability allows z/OS to extend the z/OS Work Load Manager (WLM) to manage the SAN fabric, completing the management of the entire end-to- end flow of an I/O operation. WLM will assign an I/O priority consistent with the client-specified goals for the workloads within the supported range of I/O priorities in the SAN fabric. SAN fabric I/O priority is especially useful in circumstances that can lead to SAN fabric contention such as workload spikes and hardware failures to provide additional resilience and allow z/OS WLM to deliver the highest I/O priority to the most important work first.

SAN Fabric Priority on IBM DS8870: IBM will be the first platform to exploit this industry feature with a fully integrated workload management solution provided by z/OS and supported by DS8870. Intelligent access to data and greater efficiencies are reached with SAN Fabric I/O Priority enabled by DS8870. The DS8870 will also propagate the fabric priority for write operations to the resulting Metro Mirror traffic to provide a consistent prioritization with FICON when sharing the same SAN infrastructure and Inter Switch Links (ISLs).

Improved High Performance FICON for z Systems (zHPF) I/O Execution at Distance

High Performance FICON for z Systems (zHPF) has been enhanced to allow all large write operations (> 64 KB) at distances up to 100 km to be executed in a single round trip to the control unit thereby not elongating the I/O service time for these write operations at extended distances.

zHPF Extended Distance II on IBM DS8870: zHPF Extended Distance II allows customers to achieve service level agreements after a disaster or when a storage control unit failure causes a HyperSwap event. This capability is required especially for GDPS HyperSwap configurations where the secondary DASD subsystem is in another site. For multi-site configurations, the zHPF Extended Distance II feature can help to reduce the impact of distance on I/O response times, increasing remote data transfer with better performance when writing data remotely (remote site recovery).

Improved Channel Subsystem (CSS) Scalability

The IBM z13 server has improved the channel subsystem (CSS) scalability with support for six logical channel subsystems (LCSSs) which are required to support the eighty five LPARs for IBM z13, four subchannel sets (to support more devices per logical channel subsystem), and 32K devices per FICON(R) channel up from 24K channels in the previous generation.

Additionally, a fourth subchannel set for each logical channel subsystem (LCSS) is provided to facilitate elimination of single points of failure for storage after a disk failure by simplifying the exploitation of IBM's DS8870 Multi-target Metro Mirror storage replication with TPC-R HyperSwap.

z/OS Support for the IBM z13 (z13)

Continued tight integration between hardware and software technologies has become increasingly important to meeting the capacity and performance demands of mission-critical workloads. Accordingly, z/OS exploits many of the new functions and features of IBM z13 including:

• z/OS V2.2 (5650-ZOS) is planned to support the operation of zIIP processors in simultaneous multithreading (SMT) mode, with two threads per processor. This new function is designed to help improve throughput for zIIP workloads and provide appropriate performance measurement, capacity planning, and SMF accounting data. This support is also planned to be available for z/OS V2.1 with PTFs at IBM z13 general availability.
• z/OS V2.2 is planned to support up to 141 processors (CPs and zIIPs) per LPAR or up to 128 physical processors (256 logical processors) per LPAR in SMT mode. z/OS V2.2 is also planned to support up to 4 TB of real memory per LPAR. This support is also planned to be available on z/OS V2.1 with PTFs.
• z/OS V2.2 is planned to provide support for the new vector extension facility (SIMD) instructions available on IBM z13 servers. This new support, also planned to be available for z/OS V2.1 with PTFs in February 2015, is intended to help enable high-performance analytics processing, and is planned to be exploited by z/OS XML System Services; IBM 31-bit SDK for z/OS, Java Technology Edition, Version 8 (5655-DGG); IBM 64-bit SDK for z/OS, Java Technology Edition, Version 8 (5655-DGH); Enterprise PL/I for z/OS V4.5 (5655-W67); and Enterprise COBOL for z/OS 5.2 (5655-W32) in February 2015. IBM intends to exploit the 64-bit SDK for z/OS, Java Technology Edition, Version 8 in IBM WebSphere Liberty Profile for z/OS, and in the full profile of WebSphere Application Server for z/OS, which is also expected to benefit from SIMD exploitation.

  Application serving with SSL could see up to 2x improvement in throughput per core with IBM 64-bit SDK for z/OS, Java Technology Edition, Version 8 on IBM z13 with SMT vs. Java 7 on zEC12.

• z/OS V2.2 will be designed to provide prioritization data for the FICON fabric on IBM z13 processors, so the highest priority write operations can be done first when the fabric becomes congested. This support is also planned to be available for z/OS V1.13 (5694-A01) and z/OS V2.1 with PTFs in 3Q2015. This new function is intended to provide end-to-end prioritization according to WLM policy for write operations, in addition to the existing support for channel and control unit prioritization for both read and write operations.
• z/OS V2.2 is planned to support up to four subchannel sets on IBM z13 servers. This helps relieve subchannel constraints, and can allow you to define larger I/O configurations that support multi-target Metro Mirror (PPRC) along with large numbers of PPRC secondaries and Parallel Access Volume (PAV) aliases. As with the prior support for up to three subchannel sets, you can define base devices, aliases, and secondaries in the first subchannel set (set zero), and define only aliases and secondaries in subchannel sets one, two, and three. All four subchannel sets support FICON and zHPF protocols. This support is also planned for z/OS V1.13 and z/OS V2.1 with a PTF at IBM z13 general availability.
• z/OS V2.2 running on IBM z13 processors with IBM System Storage DS8000 series devices and a minimum MCL is planned to support a new health check for FICON dynamic routing. This health check will be designed to check all components of a dynamic routing fabric, the channel subsystem, and disk control units to make sure that dynamic routing requirements are met if dynamic routing has been enabled for one or more FICON switches. This support, also planned for V1.13 and z/OS V2.1 with PTFs at functional availability, is intended to help you identify misconfiguration errors that can result in data integrity exposures.
• z/OS V2.2 Communications Server is planned to support the new virtualization capability planned for the 10GbE RoCE Express features on IBM z13 processors. This new support will be designed to allow you to fully utilize the ports in the RoCE feature and to share features across up to 31 z/OS images on an IBM z13 processor. Also, z/OS V2.2 Communications Server is planned to support selecting between TCP/IP and RoCE transport layer protocols automatically based on traffic characteristics, and to support MTU sizes up to 4K for RoCE features. The virtualization support is also available on z/OS V2.1 with a PTF.
• Full support for the new Crypto Express5S (CEX5S) features is planned for z/OS V2.2 and with the Enhanced Cryptographic Support for z/OS V1.13 - z/OS V2.1 web deliverable planned to be available at IBM z13 general availability.
• z/OS V2.2 XL C/C++ is planned to provide support for the new IBM z13 processor, with new ARCH(11) and TUNE(11) parameters designed to take advantage of the instructions to deliver increased optimizations for your generated code. XL C/C++ will be designed to also support the single instruction, multiple data (SIMD) instructions with the vector programming language extensions, and the IBM MASS (Mathematical Accelerator Subsystem) and ATLAS (Automatically Tuned Linear Algebra Software) libraries. The MASS library may be used for accelerated execution of elementary math functions and serve as a higher performance alternative to the standard math library that is part of the z/OS XL C/C++ Runtime. The ATLAS library provides linear algebra function support for BLAS (Basic Linear Algebra Subprograms) and LAPACK (Linear Algebra PACKage) functions routinely used in Business Analytics and Optimization solutions. Together these two libraries provide a powerful framework for development of new Business Analytics workloads, porting math intensive workloads from other platforms, and accelerating Business Analytics workloads on IBM z13. This function is also planned to be available in February 2015 for z/OS V2.1 XL C/C++ with a web deliverable from the z/OS download site:

  http://www.ibm.com/systems/z/os/zos/tools/downloads/#webdees

IBM z13 systems are supported by z/OS V1.13 (5694-A01) and z/OS Version 2 (5650-ZOS).

Note: IBM's statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM's sole discretion. Information regarding potential future products is intended to outline our general product direction and it should not be relied on in making a purchasing decision. The information mentioned regarding potential future products is not a commitment, promise, or legal obligation to deliver any material, code, or functionality. Information about potential future products may not be incorporated into any contract. The development, release, and timing of any future features or functionality described for our products remain at our sole discretion.

z/VM Support for the IBM z13 (z13)

With the PTF for APAR VM65577, z/VM provides support that will enable guests to exploit zEC12 function supported by z/VM on the IBM z13 (z13). z/VM support for IBM z13 includes support for:

• Hardware facilities
  • z/VM supports the following new hardware facilities transparently.
    • Load/Store-on-condition Facility 2
    • Load-and-Zero-Rightmost-Byte Facility
    • Decimal-Floating-Point Packed Conversion Facility
    • Delay Facility

  Facility bits have been defined that will be passed to a guest and can be tested to determine if a hardware facility is available. A guest can use the STFLE instruction to obtain the facilities list.

  TRACE, DISPLAY I, and VMDUMPTL support for interpreting the new instructions associated with these facilities for display purposes is not provided.

• Updates to monitor records for CPU-Measurement Counter Facility The new Counter Second Version Number value (4) is supported and appropriate counters are collected and stored in the CPU-Measurement Facility Counters monitor record (Domain 5 Record 13).
• CPU-Measurement Counter Facility collection enhancement Host exploitation is provided for a new instruction to allow collection of multiple counters simultaneously, when the store-CPU-counter-multiple facility is installed. This is expected to reduce the overhead for collecting CPUMF data for z/VM monitor records.
• I/O related architectures: Support is provided for new I/O related architectures and features of z13 including:
  • PCI function measurement block enhancements for the RDMA over Converged Ethernet (RoCE) adapter
  • Dynamic I/O support for new channel path type CS5 (Coupling over PCIe)
  • Dynamic I/O support for specifying virtual channel IDs (VCHIDs) for HiperSockets (IQD) channels
• Crypto Express5S and enhanced domain support for Crypto Express5S

z/VM SMT support

With the PTF for APAR VM65586, z/VM provides host exploitation support for SMT on IBM z13, which will enable z/VM to dispatch work on up to two threads (logical CPUs) of an IFL processor core. z/VM simultaneous multithreading support is enabled only for IFL processors in a Linux only mode or z/VM mode logical partition.

z/VM exploitation of SMT enables z/VM on z13 to dispatch work on an individual thread of a core, allowing a core to be shared by two guest CPUs or z/VM Control Program tasks. This can result in increased throughput per core from more efficient use of shared core resources.

Simultaneous multithreading support is available on a z/VM system only if the facility is installed on the hardware and enabled on the z/VM system with the MULTITHREADING system configuration statement. The MULTITHREADING statement is optional, and multithreading is disabled if the statement is omitted.

z/VM host simultaneous multithreading exploitation support does not virtualize threads for guest exploitation. However, Linux guests may benefit from the host support because the first level z/VM system is able to achieve higher throughput from the multi-threaded IFL cores.

z/VM CPU pools provide a mechanism for limiting the CPU resources consumed by a group of virtual machines to a specific capacity. In an environment without SMT, these capacities are enforced in terms of a number of cores. In an SMT environment, these capacities are enforced in terms of a number of threads. Consequently, it might be necessary to increase the capacities of CPU pools, in order to provide adequate resource to CPU pool members.

Increased z/VM CPU scalability

With the PTF for APAR VM65586, z/VM will support up to 64 logical processors on z13:

• 64 cores are supported with multithreading disabled.
• 32 cores (up to 2 threads per core) are supported with multithreading enabled.
• z/VM V6.3 continues to support up to 32 logical processors on prior machines.

z/VM Multi-VSwitch Link Aggregation Support

With the PTFs for APARs VM65583 and PI21053, z/VM V6.3 provides Multi-VSwitch Link Aggregation Support, allowing a port group of OSA-Express features to span multiple virtual switches within a single z/VM system or between multiple z/VM systems. Sharing a Link Aggregation Port Group (LAG) with multiple virtual switches increases optimization and utilization of the OSA-Express when handling larger traffic loads. Higher adapter utilization protects customer investments, which is increasingly important as 10 gigabit deployments become more prevalent. This enhancement makes it possible to do VSwitch Link Aggregation with OSAs shared with other z/VM logical partitions, lifting the previous restriction of requiring dedicated OSAs.

IBM Wave for z/VM (IBM Wave) IBM Wave allows IT organizations and service providers to simplify and automate the management of virtualized environments beginning with z/VM. Featuring an intelligent content-rich interface to manage Linux virtual servers, IBM Wave's capabilities have been recently enhanced to further simplify operations, drive productivity, and leverage existing skills to help customers efficiently deploy and manage highly virtualized infrastructures.

IBM Wave can help IT organizations manage any combination of z/VM instances: standalone z/VM instances, SSI clusters, or z/VM instances sharing directories, all using a flexible and highly customizable Wave architecture. With recent enhancements, IBM Wave for z/VM now offers enhanced SCSI-only support for managing EDEVs, new support for cross- system virtual server cloning, and LDAP for authentication purposes.

IBM Wave is a comprehensive management tool designed for administrators, operators, system programmers and more. It is now included in several virtualization solutions on z Systems including Enterprise Linux Server, Solution Edition for Enterprise Linux, Enterprise Cloud Systems and IBM Infrastructure Suite.

Access to a Parallel Sysplex Environment

Parallel Sysplex is a synergy between hardware and software - a highly advanced technology for clustering designed to enable the aggregate capacity of multiple z/OS systems to be applied against common workloads. z/OS combined with IBM z13, zEC12, zBC12, z196, and z114 servers, Coupling Facilities, Server Time Protocol (STP), and coupling links (ICA SR, InfiniBand), allows you to harness the power of multiple systems as though they were a single logical computing system.

Coupling links provide a path to transmit/receive Coupling Facility (CF) data as well as Server Time Protocol (STP) timekeeping messages. The CF data may be exchanged between z/OS and the CF or between CFs.

The IBM Integrated Coupling Adapter (ICA SR), introduced on the IBM z13 platform, is a two-port, short distance coupling fanout that utilizes a new coupling channel type: CS5. The ICA SR utilizes PCIe Gen3 technology, with x16 lanes that are bifurcated into x8 lanes for coupling. The ICA SR is designed to drive distances up to 150 m and support a link data rate of 8 GBps. It is also designed to support up to 4 CHPIDs per port and 7 subchannels (devices) per CHPID. The maximum number of ICA SR fanout features is limited to 16 per system.

The ICA SR fanout resides in the PCIe I/O fanout slot on the IBM z13 CPC drawer, which supports 10 PCIe I/O slots. Up to 10 ICA SR fanouts and up to 20 ICA SR ports are supported on a IBM z13 CPC drawer, enabling greater connectivity for short distance coupling on a single processor node compared to prior generations.

The ICA SR can only be used for coupling connectivity between IBM z13 servers, and the ICA SR can only connect to another ICA SR. IBM recommends that you order ICA SR (#0172) on the IBM z13 processors used in a Parallel Sysplex to help ensure coupling connectivity with future processor generations.

The ICA SR fanout requires new cabling. For distances up to 100 m, clients can choose the OM3 fiber type. For distances up to 150 m, clients must choose the OM4 fiber type. Refer to IBM z Systems Planning for Fiber Optic Links (FICON/FCP, Coupling Links, and Open System Adapters), GA23-1407, and to IBM z Systems Maintenance for Fiber Optic Links (FICON/FCP, Coupling Links, and Open System Adapters), SY27-7694, which can be found in the Library section of Resource Link at:

http://www.ibm.com/servers/resourcelink/svc03100.nsf? OpenDatabase

Refer to the Software requirements section.

InfiniBand coupling links are high-speed links, up to 6 GBps for 12x InfiniBand and up to 5 Gbps for 1x InfiniBand:

• 12x InfiniBand can be used for short distances - up to 150 meters (492 feet). 12x IFB links support up to 7 subchannels (devices) per CHPID.
• 1x InfiniBand are used for longer distances - up to 10 km (6.2 miles) unrepeated. 1x IFB links support up to 32 subchannels (devices) per CHPID.

HCA3-O fanout for 12x InfiniBand: 12x InfiniBand coupling links utilize the Host Channel Adapter 3 optical (HCA3-O) fanout. The HCA3-O fanout has two ports/links and is compatible with the HCA2-O fanout on zEC12, zBC12, z196, or z114 machines. HCA2-O is not supported on IBM z13.

HCA3-O LR fanout for 1x InfiniBand: 1x InfiniBand coupling links utilize the Host Channel Adapter 3 optical long reach (HCA3-O LR) fanout. The HCA3-O LR fanout has four ports/links and is compatible with the HCA2-O LR fanout on zEC12, zBC12, z196, or z114 machines, which has two ports/links. HCA2-O LR is not supported on IBM z13.

Two protocols - 12x IFB and 12x IFB3 - for 12x InfiniBand coupling links

• 12x IFB3 protocol: When HCA3-Os are communicating with HCA3-Os and have been defined with four or fewer CHPIDs per port, the 12x IFB3 protocol is utilized. The 12x IFB3 protocol is designed to provide improved latency compared to the 12x IFB protocol.
• 12x IFB protocol: If more than four CHPIDs are defined per HCA3-O port or HCA3-O features are communicating with HCA2-O features on zEC12, zBC12, z196 or z114 servers, links will run with the 12x IFB protocol.

The maximum number of all HCA3 fanout features is limited to 16 per system. Internal coupling links (ICs) can also be used for internal communication between Coupling Facilities (CFs) and z/OS images on the same server.

ISC-3 links are not supported on IBM z13.

Note: The ICA SR and InfiniBand (PSIFB) link data rates do not represent the performance of the link. The actual performance is dependent upon many factors including latency through the adapters, cable lengths, and the type of workload. Systems Lab Services can assist your migration to ICA SR and PSIFB coupling links by providing services to assess the impact of the migration or to assist with the implementation of the migration.

STP - Time Synchronization for Parallel Sysplex

Server Time Protocol (STP) is designed to allow events occurring in different servers to be properly sequenced in time. STP is designed for servers that have been configured in a Parallel Sysplex or a basic Sysplex (without a Coupling Facility), as well as servers that are not in a Sysplex but need time synchronization.

STP is a server-wide facility that is implemented in the Licensed Internal Code (LIC), presenting a single view of time to Processor Resource/Systems Manager (PR/SM). STP uses a message-based protocol in which timekeeping information is passed over externally defined coupling links between servers. The STP design introduced a concept called Coordinated Timing Network (CTN), a collection of servers and Coupling Facilities that are time-synchronized to a time value called Coordinated Server Time.

A CTN can be configured in two ways:

• STP-only CTN which does not require a Sysplex Timer.
• Mixed CTN (External Time Reference (ETR) and STP) which requires a Sysplex Timer. The Sysplex Timer provides the timekeeping information in a Mixed CTN. zEC12, zBC12, z196, and z114 servers do not support attachment to a Sysplex Timer, but they can participate in a Mixed CTN that has a z10 synchronized to the Sysplex Timer. This maintains the capability for servers to concurrently migrate from an existing ETR network to a Mixed CTN and from a Mixed CTN to an STP-only CTN.

The IBM z13 can only participate in an STP-only CTN.

STP Enhancements

• Enable STP communications via the IBM Integrated Coupling Adapter (ICA SR)
• Initialized Time Panel enhanced to list time zone and leap second offset as well as indicates if the system time was set; this enables users to quickly check fields during CTN configuration
• Set Date and Time Panel enhanced to encourage use of External Time Source to set CTN time
• Time Zone panel enhanced with confirmation messages when setting STP time zone via adjust Time Zone panel on Current Time Server (CTS); also lists scheduled switch times for leap seconds and time zone/daylight savings time on Timing Network Tab
• Added support for view-only STP panels

Parallel Sysplex Enhancements

Scalability Improvements: As data sharing workloads continue to grow, the Parallel Sysplex infrastructure needs to anticipate the increased requirements for coupling resources. To do this, we have increased configuration limits to support larger data sharing environments. In the Coupling Facility, we have added an availability enhancement that is a scalability enabler for large cache structures.

• IBM z13 will support up to 256 Coupling CHPIDs, twice the 128 coupling CHPIDs supported on zEC12. This provides enhanced connectivity and scalability for a growing number of coupling channel types and facilitates consolidation of multiple Sysplexes into the same set of physical servers. Note that each CF image will continue to support a maximum of 128 coupling CHPIDs.
• Up to 141 ICF engines can be ordered on a single server across multiple Coupling Facility LPARs. This helps environments that use a server hosting multiple Coupling Facilities to support multiple Parallel Sysplexes. There is still a limit of 16 ICF engines for a single Coupling Facility LPAR.
• CFCC Level 20 supports the Coupling Facility use of Large Memory to improve availability for larger CF cache structures and data sharing performance with larger DB2 Group Buffer Pools (GBP). This support removes inhibitors to using large CF cache structures, enabling use of Large Memory to appropriately scale to larger DB2 Local Buffer Pools (LBP) and Group Buffer Pools (GBP) in data sharing environments.

  To learn more about the performance benefits of large DB2 structures, reference "IBM zEnterprise System(R): Performance Report on Exploiting Large Memory for DB2 Buffer Pools with SAP(R)" at

  http://www.ibm.com/support/techdocs/atsmastr.nsf/WebI ndex/WP102461

CICS Transaction Server for z/OS support for IBM z13 (z13)

All in-service releases of IBM CICS Transaction Server for z/OS (CICS TS) will support the z13 hardware. This gives CICS TS customers, at an appropriate level of z/OS, the potential to benefit from facilities of z13, including:

• Simultaneous multithreading (SMT) can be used on zIIP processors by CICS Java applications.
• Greater data compression and reduced data transfer time are provided by enhanced zEnterprise Data Compression (zEDC), which could be exploited by CICS SMF data when using SMF log streams.
• CICS TS transactions using SSL or TLS could take advantage of cryptographic acceleration with the Crypto Express5S cryptographic adapter.
• Planned availability of Large Memory on z/OS, up to 4 TB per z/OS image, could be useful to customers requiring more real memory to back large amounts of virtual storage, such as large, or large numbers of, CICS Shared Data Tables, CICS main temporary storage above-the-bar, and JVM server heap storage.

IBM z BladeCenter Extension (zBX) Model 004

The onsite upgrade to an IBM z BladeCenter Extension (zBX) Model 004 continues to support workload optimization and integration for zEnterprise. The zBX Model 004 is available as an upgrade from an existing zBX Model 002 or Model 003. The upgrade will decouple the zBX from its controlling CPC and with the addition of redundant Support Elements, it will become a standalone Node within an ensemble. An ensemble must contain a z114, z196, zBC12, zEC12, and/or z13. Once upgraded, any available slots in an existing chassis can be used with the proper entitlements. Environmental options and Optics will be available to support reconfiguration and relocation.

Hardware Management Console (HMC)

Alternative to USB Flash Memory Drive: With the Hardware Management Console 2.13.0, the USB Flash Memory Drive will continue to be supported. However, the Hardware Management Console 2.13.0 will also provide alternative options for each task that currently has an option to utilize a USB Flash Memory Drive, and this will allow customers to eliminate the requirement for USB Flash Memory Drive. These alternatives such as FTP Servers and Remote Browser from workstation will be documented in IBM Knowledge Center. If you prefer no USB Flash Memory Drive usage, please select the Feature Code 0845 'Read-Only Media Option' if presented to you during certain eConfig options. Note that these USB Flash Memory Drive options are only available for managed IBM z13 systems. The legacy managed systems (zEC12 or earlier) still have a requirement for the USB Flash Memory Drive.

Discontinuance of System Activity Display Task: With the Hardware Management Console 2.13.0, the System Activity Display task is no longer supported for IBM z13 systems. The Monitors Dashboard task (available since z196) provides equivalent functionality. The System Activity display functionality is available for legacy systems (zEC12 or earlier) which are managed by the Hardware Management Console 2.13.0.

Hardware Management Console Data Replication Versioning: The Hardware Management Console 2.13.0 Data Replication task has added versioning support, and this requires all Hardware Management Consoles to update to the 2.13.0 level in order for Data Replication to replicate data between the Hardware Management Consoles. Any Hardware Management Console at 2.12.1 level or earlier will not be able to perform the data replication with a Hardware Management Console 2.13.0.

Hardware Management Console Time Source Change: The Hardware Management Console 2.13.0 will no longer define its time source using the Add Object Definition. The time source is now defined on the Customize Console Date/Time task. This will provide a clearer identification of all defined time sources including validation of Server Time Protocol (STP) Coordinated Timing Network IDs (CTN IDs).

Trusted Computing: The Hardware Management Console currently validates all licensed internal code delivery and updates onto itself with a digitally signed firmware process. Version 2.13.0 has been enhanced to remove a default option of including boot from media for the Hardware Management Console. This will address some security analysis programs which flag this as an issue.

User Management Dashboard: The Hardware Management Console 2.13.0 has re-engineered user related tasks by establishing a User Management Dashboard task which replaces the following tasks: User Profiles, Customer User Controls, Password Profiles, Manage Enterprise Directory Server Definitions, User Templates, and User ID Patterns. This User Management Dashboard task provides additional functionality such as more granular user management controls and inheritance controls for objects added to groups. It is recommended to look at the Hardware Management Console What's New section in the online help or IBM Knowledge Center to view detailed descriptions for this new task including getting started tutorials for different usage scenarios.

Refer to the Hardware requirements section for a list of HMC system support.

Enhancements to Advanced Workload License Charges

Complementing the announcement of the z13 server IBM is introducing:

• A Technology Transition Offering (TTO) called Technology Update Pricing for the IBM z13
• Revised Transition Charges for Sysplexes TTOs for actively coupled Parallel Sysplexes (z/OS) and Loosely Coupled Complexes (z/TPF)

Technology Update Pricing for the IBM z13 extends the software price/performance provided by AWLC for z13 servers. The new and revised Transition Charges for Sysplexes programs provide a transition to Technology Update Pricing for the IBM z13 for sysplex customers who have not yet fully migrated to z13 servers. This ensures that aggregation benefits are maintained and also phases in the benefits of Technology Update Pricing for the IBM z13 pricing as customers migrate.

When a z13 server is in an actively coupled Parallel Sysplex or a Loosely Coupled Complex, you may choose either aggregated AWLC pricing or aggregated Parallel Sysplex License Charges (PSLC) pricing, subject to all applicable terms and conditions.

When a z13 server is running z/VSE, you may choose Mid-Range Workload License Charges (MWLC), subject to all applicable terms and conditions.

For more information about AWLC, PSLC, MWLC, or the Technology Update Pricing and Transition Charges for Sysplexes TTO offerings, refer to

http://ibm.com/systems/z/resources/swprice/

Accessibility by people with disabilities

A U.S. Section 508 Voluntary Product Accessibility Template (VPAT) containing details on accessibility compliance can be requested at

http://www.ibm.com/able/product_accessibility/index.html

A member of the IBM z Systems family, the IBM z13, is designed to deliver new levels of performance and capacity for large-scale consolidation and growth. From the microprocessor to the software that exploits it, the IBM z13 is designed enable the digital era for cloud, mobile and advanced analytics capabilities. Users are able to efficiently store, manage, retrieve, and analyze vast amounts of data for business insight without unnecessary cost or complexity. Additionally, IBM z13 brings trusted security and reliability at every level for critical business processes and applications, and protects data that is the most valuable resource of your business.

Analytics offers the opportunity to anticipate demand and infuse analytics processing into every new solution. A key value is the integration of analytics with business-critical transactions to deliver real-time insights for the next best action, at the most impactful time. Examples are being able to send offers to shoppers based on loyalty status and buying history, or providing up sell or cross sell opportunities, or understanding the potential for fraud when your client's credit card is being used inconsistently with prior purchases or in locations not consistent with the client's physical location. The IBM z13 offers up to 10 TB of RAIM memory, double cache density over zEC12, and double system I/O bandwidth. Both on-chip and feature compression help to serve up more of the right data at the critical point of impact. The IBM z13 is designed for real-time transactional analytics.

Mobile applications are no longer just about consumer applications; they are enabling how we transact business and do our jobs. They are now connected to the Internet of things, gathering data and transacting with not only smartphones, but numerous other devices that sensor and monitor physical conditions, machines and infrastructure. What used to be a single retail banking transaction that would have involved an account look up and withdrawal, has been transformed into something else, often kicking off ten times or more incremental transactions to improve client experience and offer your business the opportunity to conduct more business. To keep up with the volume and pace of supporting mobile applications, you need a backend infrastructure that is fast, accurate and secure. IBM z13 has superior scale with up to 141 configurable cores and intelligent I/O with workload management, enhanced error correction capability and improved recovery. IBM z13 offers next-generation security enhancements including a performance improvement on the Crypto Express5S to support the mobile world. IBM z13 is designed for secure transactional growth.

Everyone is looking for ways to leverage the cloud and to provide greater levels of efficiency through new IT delivery models. City governments can ensure effective administration of citizen services. Universities can provide students virtual desktops with flexible, reliable and secure access. Insurers can rapidly develop and provide new offerings at lower costs. But challenges exist in scale, speed, and management of cloud deployment. IBM z13 is designed for scaling with up to 30% throughput improvement for Integrated Facility for Linux and up to 40% capacity improvement for IBM z Integrated Information Processor specialty engines using simultaneous multithreading compared to the same processor types on zEC12. IBM z13 delivers the infrastructure with z Systems qualities of service for enterprise-grade Linux on either z/VM or KVM (see Statement of General Direction). IBM zAware is now available for Linux on z Systems to deliver a creative availability solution to help maximize service levels. IBM z13 is committed to open standards and has enhanced sharing of I/O and networking features. Implementation of the new GDPS Appliance for Linux (see Statement of General Direction) offers business continuity in support of cloud. IBM z13 enables the rapid and flexible development and delivery of new offerings and is designed for efficiency and trusted cloud services.

IBM z13 continues to provide heterogeneous platform investment protection with the updated IBM z BladeCenter(R) Extension (zBX) Model 004 and IBM z Unified Resource Manager. Enhancements to the zBX include the uncoupling of the zBX from the server and installing redundant Support Elements (SEs) into the zBX. zBX Model 002 and Model 003 can be upgraded to the zBX Model 004.

Model summary matrix

Note: (1) An additional 96GB is delivered and reserved for HSA. One additionl memory channel will be dedicated for RAIM. Every fifth DIMM configured is reserved for this purpose.

Note: (2) Carry forward or MES with IO drawer consolidation.

Note: (3) Maximum number of 5 includes a mix of IO drawer and PCI-e drawer.

Note: (4) Offerings are the same for both air cooled machines and water cooled machines.

Processor Unit Summary

Listed below are the minimums and maximums of processor units that customers may permanently purchase. The feature codes affected are identified in parentheses.

Note: (5) A z13 with subcapacity CPs can have a maximum of 30 subcapacity features CP4 (#1915), CP5 (#1916), or CP6 (#1917)

Note: One CP (#1915, #1916, #1917, or #1918), IFL (#1919) or ICF (#1920) is required for any model.

Note: The total number of PUs purchased cannot exceed the total number available for that model.

Note: One CP (#1915, #1916, #1917 or #1918) must be installed with the

Note: One CP (#1915, #1916, #1917 or #1918), or one IFL(#1919), or one ICF (#1920) installation of any uIFLs or prior to the installation of any uIFLs.

Note: One CP (#1915, #1916, #1917 or #1918) must be installed with the installation of any zIIPs or prior to the installation of any zIIPs.

• The total number of zIIPs (#1922) purchased cannot exceed twice the number of CPs (#1915, #1916, #1917 or #1918) purchased.
• For upgrades from zEC12's with zAAPs, conversions from zAAPs may increase this ratio to 4:1

Note: There are two spares per system.

Note: The number of SAPs provided to the customer as standard PUs are as follows:

• Model N30 = Six SAPs
• Model N63 = Twelve SAPs
• Model N96 = Eighteen SAPs
• Model NC9 = Twenty four SAPs
• Model NE1 = Twenty four SAPs

Customer setup (CSU)

Customer setup is not available on this machine.

Devices supported

The hardware requirements for the IBM z Systems and its features and functions are identified.

A new driver level is required. HMC (V2.13.0) plus MCLs and the Support Element (V2.13.0) are available on March 9, 2015.

You should review the PSP buckets for minimum Machine Change Levels (MCLs) and software PTF levels before IPLing operating systems.

Peripheral hardware and device attachments

IBM devices previously attached to IBM System z10, z196, zEC12 and zSeries servers are supported for attachment to IBM z13 channels, unless otherwise noted. The subject I/O devices must meet the FICON and Fibre Channel Protocol (FCP) architectures to be supported. I/O devices that meet OEMI architecture requirements are supported only using an external converter. Prerequisite Engineering Change Levels may be required. For further detail, contact IBM service personnel.

While the z13 supports devices as described above, IBM does not commit to provide support or service for an IBM device that has reached its End of Service effective date as announced by IBM.

Note: IBM cannot confirm the accuracy of performance, compatibility, or any other claims related to non-IBM products. Questions regarding the capabilities of non-IBM products should be addressed to the suppliers of those products.

Information on switches and directors qualified for IBM z Systems FICON and FCP channels can be found in the Library section of Resource Link.

https://www.ibm.com/servers/resourcelink

Model conversions