Security as you can imagine is incredibly important on z. If I can't keep my data away from hackers, I'm toast. Nobody would ever trust my environment with their applications. Security is actually a three-sided system. There's the confidentiality aspect. That part limits the access people have to resources and by resources, that's not just files, it's also devices, system access, applications, and every resource needs to be controlled from a security angle. Then there's availability. Technically, the world's most secure system is one that nobody can even do anything with, but what's the point of that? I have to make those resources available to the people who should have access to them, and that's availability. The third aspect is integrity, being able to verify that the data being accessed hasn't been messed around with. This is not only for data like financial records, but also for applications. How can I be sure the program I'm about to run hasn't been altered by a hacker to move a whole bunch of money from my account into theirs? If you have all three of these things, you've got the makings of a pretty good security model. When a user or a program goes to access something, here's what happens, and it's important to remember that what it's accessing a resource. So that could be a data-set, it could be a disk storage system, it could be a program, it could be a terminal, it could be anything. So what happens first is the user makes a request that says, "I want to do this thing", and he makes a request to the resource manager. Now, the resource manager is ultimately what makes the connection or doesn't make the connection between the requesting user and the resource at once to get. So it needs to make a decision. It's going to make a request to SAF the system authorization facility. That acts as a router which routes the request to the right system to make that decision. In this case, let's just say we're using RACF. RACF stands for the Resource Access Control Facility. RACF is going to go through widths database and look for any records that has about that resource and that user, and it can come back and say, "Yeah that user can access that", or it might come back and say, "You know what? It says right here they're not suppose to have access to them. Don't make that connection." Or, it can actually come back and say, "You know what? I don't know anything about either of those things. So it's up to you resource manager." Ultimately, the resource manager is going to say yes or no to the user and make that connection or not. Something that makes this possible is the 4767 cryptographic co-processor. This is a hardware security module, HSM that improve security by performing a lot of cryptographic functions on its specialized hardware. On z, that's the Crypto Express. It's one of those PCIe cards that lives in the IO section of the frame. This card supports the Federal Information Processing Standard, FIPS, which is the US government security standard. It supports security level four, which is the highest level of security. At this level, the physical security mechanisms provide a complete envelope of protection around the cryptographic module. So if someone were to pull a highest where they broke into a data center with their masks on and they tiptoe over to the mainframe and they gently slide out the HSM, throw it in their bag and jumping the getaway helicopter, the card would detect that it's being tampered with and delete all the sensitive information on it including those keys. Hammers, screwdrivers, electrical probes, stethoscopes, they're not getting anything important out of that card. All of this helps create the most secure computing environment around.
