IBM Helps S/390 Customers Grow Their e-businesses

Select a topic or year

SOMERS, N.Y - 23 Aug 1999: -- IBM today announced the most powerful release to date of S/390's flagship operating system, OS/390. The new release features significant enhancements to help enterprise server customers meet the need for greater integration, availability and security brought on by e-business growth.

e-business is all about integration -- between business processes, across the enterprise and beyond to business partners, suppliers and customers. An important part of this integration is the need for a highly robust infrastructure to perform e-transaction processing, in which e-business-related IT processes can be completed without intervention. OS/390 Version 2 Release 8 delivers enhancements in security, connectivity and systems management to help customers meet the requirements of e-transaction processing. At the heart of today's announcement are security and systems management features, including the ability to dynamically manage Virtual Private Network (VPN) encryption keys through the Internet Key Exchange (IKE), enhanced management and administration of digital certificates used by both server applications and end-users, higher availability of TCP/IP in an S/390 Parallel Sysplex clustering environment, and the capability to print from enterprise resource planning (ERP) and Internet-related applications.

"As e-businesses grow, companies are realizing that success depends upon the ability to integrate their core business processes both within their own enterprise and across the value net of their suppliers, partners and customers," said Doug Balog, director, IBM S/390 software. "This is driving a dramatic shift in the nature and volumes of transactions, where a single Web site hit can spawn a multitude of transactions. This shift, known as e-transaction processing, brings with it a new set of infrastructure requirements for scaling, availability and security that OS/390 is uniquely positioned to address."

Secure e-transactions
The industry-leading security and directory capabilities of OS/390 continue to be key strengths of the S/390 enterprise server platform. These security functions are found in both the OS/390 base product and the SecureWay Security Server for OS/390 (formerly OS/390 Security Server). The Security Server, an optional feature of OS/390, includes Resource Access Control Facility (RACF), Lightweight Directory Access Protocol (LDAP) server support, Firewall Technologies and Distributed Computing Environment (DCE) Security Server.

-- VPN (Virtual Private Network) Support -- OS/390 Firewall Technologies IPSec (IP Security) VPN provides a secure pathway between OS/390 and other IPSec VPN capable systems, routers and firewalls. This secure pathway is achieved through encryption techniques, utilizing the industry-leading S/390 hardware CMOS Cryptographic Coprocessor.

New in Release 8 -- The exchange of encryption keys between the end-points of IPSec VPN can be automated and dynamically managed through Internet Key Exchange (IKE) -- an industry-accepted IPSec protocol for cryptographic key and security management.

-- Centralized management of digital certificates -- A key element in e-business security is the use of digital certificates and public key infrastructure for identification and authentication of users and servers. The Security Server has provided integrated support for these technologies since OS/390 2.4.

New in Release 8 -- Centralized management of digital certificates belonging to server applications and their related private encryption keys will help customers and application developers provide common, secure management of these server digital certificates as well as the chain of trust needed to verify client (user) certificates presented to these applications.

In addition, enhanced processing of client (user) digital certificates and their "mapping" to RACF user IDs will eliminate the need to install all user certificates individually in RACF, streamlining and consolidating management and access control .

-- LDAP (Lightweight Directory Access Protocol) Version 3 protocol -- A fast-growing technology for new networked e-business application development, LDAP is a standards-based directory capability implemented with both LDAP Client and LDAP Server components on OS/390. LDAP on OS/390 includes Java support, LDAP access to RACF information, and LDAP client authentication using RACF. It also supports SSL (Secure Sockets Layer) for encrypted privacy of communication and it supports multiple LDAP servers on multiple systems in an S/390 Parallel Sysplex cluster environment for added scalability. Integrated in OS/390 since Release 7,System SSL provides a callable set of SSL API functions to help application developers exploit the high security and encryption capabilities of the popular SSL Internet protocol.System SSL can utilize the S/390 CMOS Cryptographic Coprocessor to offload complex SSL cryptographic operations, freeing up software instruction cycles to perform other application processing.

New in Release 8 -- LDAP server has been enhanced to support LDAP V3 protocol, enabling OS/390 LDAP Server to interoperate with other LDAP V3 clients and servers.

Enhanced network and host availability
The SecureWay Communications Server for OS/390 (formerly the eNetwork Communications Server for OS/390) provides a secure communications gateway for connecting diverse application and network environments. Included as a base element of OS/390, the Communications Server provides mission-critical, business-to-business and business-to-consumer communications across local area networks, wide area networks, intranets and the Internet.

New in Release 8 -- SecureWay Communications Server for OS/390 provides Virtual IP Addressing (VIPA) Takeover. VIPA Takeover allows real IP (Internet Protocol) addresses for network connections to be associated with a "pseudo" address, assigned to an end-user in the S/390 server. If a connection fails, traffic is automatically routed to an alternate connection associated with the same VIPA. This feature further highlights the high-availability attributes of TCP/IP services when IP stacks supporting the virtual addresses are in an S/390 Parallel Sysplex clustering environment -- IBM's leading clustering technology.

Also in Release 8, security against unauthorized access to S/390 SNA (System Network Architecture) applications from TCP/IP users is made stronger by the addition of SSL client authentication to the TN3270 server, the function that allows TCP/IP clients to access critical customer applications that have been traditionally only accessible from a 3270 (green screen).

Enhancements in Release 8 also allow SNA users to take advantage of Triple DES (Data Encryption Standard) -- a high-level data encryption implementation that provides dramatically improved encryption capability.

Service Policy Enhancements improve the capability to monitor and manage network performance to Service Level Agreements (SLAs). Additionally, service policies can be dynamically updated without impacting network availability.

New in Release 8 -- A dynamic update feature has been added to the policy agent, allowing service policies to be implemented anytime to meet the changing needs of the enterprise network, without impacting network availability. Additionally, support for the Resource Reservation Protocol (RSVP) allows users to invoke reservation services, reserve bandwidth and classify reservations through an RSVP API. OS/390 users seeking to exploit streaming and multimedia applications are now able to invoke this open standard to manage bandwidth availability. Additionally, a new SNMP Service Level Agreement (SLA) subagent is available to enable network administrators to retrieve data and make determinations whether the current set of SLA policy definitions are performing as desired.

Systems management and consolidation
Infoprint Server (formerly OS/390 Print Server) consolidates enterprise print workloads on OS/390, eliminating multiple print-only servers. It connects client environments such as AIX, Windows NT, Solaris and OS/390 UNIX System Services to the enhanced OS/390 Print Server environment.

New in Release 8 -- Infoprint Server will use the Internet Printing Protocol (IPP) to process print jobs over the Internet. Combined with OS/390's security features, this enhancement provides customers with an integrated and secure method to print documents. In addition, Infoprint will use datastream transforms to translate data from one printer format to another to allow printing from popular PC and workstation applications as well as many ERP applications, eliminating the need for multiple print drivers. The transforms can convert PCL, Postscript and PDF files into datastreams for printing on high-speed or departmental printers.

S/390's industry-leading Workload Manager (WLM) dynamically manages assignment of system resources, based on customer-defined business priorities. Workload Manager is an important asset in today's unpredictable IT environments, as it can direct critical work to available processors and adapts the system to accommodate unforeseen spikes in computing demand.

New in Release 8 -- WLM now has the capability to prioritize workloads at the "request" level. For example, one Web request may produce database intensive work, while another needs only to return simple Web pages, while yet another is executing a business transaction with security that links into a credit card processing network. WLM can manage each of these requests separately, achieving established business performance objectives without affecting other workloads.

OS/390 e-business Integration Test
IBM has established an OS/390 e-business integration test team to continue to fine-tune OS/390 as the premiere e-business platform and to help ensure that customers can successfully implement e-transaction processing with OS/390 and related products. The test team simulates realistic production, focusing on real-world enterprise tasks. This testing validates the interactions of the various e-business products and solutions working together as part of the S/390 platform, which is capable of simultaneously running multiple and varied workloads. These integration tests may include Web-page serving with dynamic content and Web application serving, as well as e-commerce and mission-critical operations, with a special focus on security.

OS/390 Version 2 Release 9
Available next year, OS/390 2.9 plans to include further enhancements to native file and print serving for Windows clients, text search support for XML documents and unicode and additional UNIX System Services function.

High Capacity for e-transactions
IBM is making generally available four previously announced turbo models for its S/390 Parallel Enterprise Server -- Generation 6 family of processors as well as new upgrade paths from the S/390 G3 and G4 models into the G6 family. These models and upgrade paths provide customers with a more options to manage enterprise growth needs and better positions them to take advantage of e-business opportunities.

# # #

Editor's note: As with earlier releases, OS/390 2.8 will be supported by IBM Operational Support Services - Support Line from IBM Global Services. Support Line is a remote, operational support solution for eligible IBM and multivendor operating systems and software products. Customers can use Support Line to address their OS/390 installation, configuration, operational and technical questions. Remote assistance is available through a toll-free telephone number or electronically (where available). For more information, visit the Support Line Web site at

IBM news releases and fact sheets are available on the World Wide Web at S/390 news releases and fact sheets also are available on and

IBM, S/390, OS/390, SecureWay, AIX, and Parallel Sysplex are trademarks or registered trademarks of the International Business Machines Corporation, in the United States and other countries.

Java and all Java-related trademarks and logos are trademarks of Sun Microsystems, Inc. in the United States and other countries.

UNIX is a registered trademark of The Open Group.

Microsoft, Windows, and Windows NT are registered trademarks of Microsoft Corporation.