IBM Deals On PowerSC Security Wares, And IBM i Hooks In
November 13, 2012 Timothy Prickett Morgan
Sometimes, it takes a while for something to sink into my thick skull. I have known for a while that IBM has a security software layer called PowerSC, short for security and compliance, and I figured that given all the built-in security in the IBM i platform as well as the several add-ons from third-party vendors, this was not something we need to worry about. But, of course, the PowerVM hypervisor and AIX partitions running on Power Systems machines at your site need to be locked down. And that is what PowerSC is all about.
PowerSC was launched back in October 2011, and like you, I thought it was an AIX thing and therefore not particularly useful for IBM i shops. It is basically a templating system for PowerVM and AIX that uses pre-built system profiles that adhere to various security standards–including the Payment Card Industry Data Security Standard (PCI), the Health Insurance Portability and Accountability Act Privacy and Security Rules (HIPAA), the U.S. Department of Defense Security Technical Implementation Guide (STIG), and the Control Objectives for Information and related Technology (COBIT) best practices guides–and make sure you stay within these guidelines as you set up logical partitions on PowerVM or AIX instances.
PowerSC is based on the IBM Compliance Expert, and that was rebranded to PowerSC Express Edition a year ago. The Standard Edition added in new features on top of that, and in April of this year IBM buried a network firewall in PowerSC Standard Edition so you would not need to fire up a firewall on each of your PowerVM logical partitions for VM-to-VM traffic. PowerSC also gas Trusted Boot, a feature that uses digital signatures to verify that software has been unchanged since it shipped from the vendor. (IBM i and i5/OS have had such features since the 5.1 release.)
With the October 3 announcements, IBM beefed up the capabilities of PowerSC with a new feature called Trusted Surveyor, which monitors virtual networks and network segmentation policies for compliance. As IBM i chief scientist Steve Will explains in his blog, Trusted Surveyor takes a snapshot of network settings and monitors it for drift over time so you know as you are moving out of compliance with whatever rules your IT operations are bound by.
PowerSC Express 1.1 also got support for HIPAA compliance automation as part of the October announcements. Which in plain
IBM is telling customers that in a site with 500 virtual machines, using PowerSC with all of the bells and whistles can yield savings of $700,000 in the first year. What I am thinking when I hear numbers like that is you system admins are not getting paid as much as Big Blue thinks you are.
When it was announced back in October 2009, the PowerSC Express Edition, then known as Compliance Expert, cost from $300 to $1,000 per core server, depending on the smallness, mediumness, or largesse of the machine. I suspect those prices are no longer current, with PowerSC Standard Edition running from $125 to $625 per core. (IBM doesn’t publish a software price list that is current that the public can view, so it is hard to check.) PowerSC Trusted Surveyor costs $10,000 per system and is not licensed on a per-core basis like most of Big Blue’s software.
To help curb the costs and bolster usage of PowerSC, IBM is offering a 30 percent price break to PowerSC Standard Edition buyers if they buy before December 31.