Integrating solutions on IBM Z with Secure Service Container

Abstract

Today's IT solutions often consist of many structural elements, with some essential ones deployed as hardware appliances. The IBM Secure Service Container for IBM Z provides the means to integrate and consolidate these elements into a secure, reliable, and easy-to-maintain software container instead of in hardware. An appliance, in this case, is defined as a collection of operating system, middleware, and software components that works autonomously to provide core services and infrastructure. Appliances can serve as part of a data center infrastructure (e.g., firewall) or as an addition to a service or solution stack (e.g., database accelerator). Appliances integrated into IBM Z with Secure Service Container are encrypted and signed for security, and inherit the core reliability, performance, and overall platform characteristics of IBM Z. These appliances are tamper-proof, and only the appliance administrator has access to the appliance software. Not even the system administrator can access the appliance software unless specifically authorized. Also, the administration of appliances hosted in a Secure Service Container is consistent for all appliances hosted in that infrastructure. In this paper, we discuss the design, capabilities, and attributes of Secure Service Container as well as the IBM Z firmware that supports it.