1.
Define the cryptographic facility for the LPAR in which z/VM runs through the
Hardware Configuration Definition.
2.
Define the cryptographic capability for each Linux virtual machine in the user
directory.
3.
Have the z90crypt device driver integrated into the Linux operating system.
Some distributions have the device driver integrated, while other distributions
require you to install it.
The user directory statement
CRYPTO APVIRT
provides access to the cryptographic
hardware and allows the z90crypt device driver to use cryptographic instructions.
z/VM manages a pool of hardware cryptographic queues that are shared among
all the guests using the cryptographic facility. You can create more guests that
share the cryptographic facility than the actual number of hardware queues
available. Even though the hardware queues are shared, the data remains isolated
and is not vulnerable or exposed to other Linux images.
“Steps for defining a master virtual machine for Linux” on page 71 shows you
how to add the
CRYPTO APVIRT
user directory statement to the master Linux virtual
machine, which means all replicas of this master have access to the cryptographic
facility. If you prefer, you can leave this statement out of the master Linux virtual
machine and add the user directory statement to individual Linux virtual machines
only.
z/VM provides CP commands to manage the cryptographic facility. See “Step for
managing real devices” on page 100, and “Virtual machine operation tasks” on
page 107.
Related information
v
For more information about defining the cryptographic facility for the LPAR in
which z/VM runs, consult your hardware and Hardware Configuration
Definition documentation.
v
For more information about z/VM's support for the cryptographic facility, see
“Using a Cryptographic Coprocessor Facility” in
z/VM: CP Planning and
Administration
.
v
For information about setting up secure SSL communications, see “Configuring
the SSL Server” in
z/VM: TCP/IP Planning and Customization
.
v
For information about the z90crypt device driver, see
Linux on System z: Device
Drivers, Features, and Commands
on the IBM developerWorks Linux on System z
Web site entitled “Documentation for Development stream” at:
http://www.ibm.com/developerworks/linux/linux390/documentation_dev.html
Planning for user management
To add a new user to z/VM, you must create a directory entry for a new virtual
machine. Through native facilities, you can update a file called USER DIRECT,
then run the DIRECTXA utility to compile the source file and place the new user
directory online. The USER DIRECT file is simply a CMS file containing various
directory statements. A virtual machine definition is a grouping of directory
statements beginning with a USER statement and ending with either the next
USER statement or the end of the file.
You can administer the user directory by editing the USER DIRECT file, then
placing the user directory online through the DIRECTXA command. However, such
a method of user management is cumbersome and error prone. Because the user
32
z/VM: Getting Started with Linux on System z
Summary of Contents for ZVM - FOR LINUX V6 RELEASE 1
Page 1: ...z VM Getting Started with Linux on System z version 6 release 1 SC24 6194 00...
Page 2: ......
Page 3: ...z VM Getting Started with Linux on System z version 6 release 1 SC24 6194 00...
Page 10: ...viii z VM Getting Started with Linux on System z...
Page 12: ...x z VM Getting Started with Linux on System z...
Page 14: ...xii z VM Getting Started with Linux on System z...
Page 64: ...50 z VM Getting Started with Linux on System z...
Page 76: ...62 z VM Getting Started with Linux on System z...
Page 80: ...66 z VM Getting Started with Linux on System z...
Page 156: ...142 z VM Getting Started with Linux on System z...
Page 160: ...146 z VM Getting Started with Linux on System z...
Page 162: ...148 z VM Getting Started with Linux on System z...
Page 166: ...152 z VM Getting Started with Linux on System z...
Page 170: ...156 z VM Getting Started with Linux on System z...
Page 171: ......
Page 172: ...Program Number 5741 A07 Printed in USA SC24 6194 00...