Embed Size (px)
Citation preview
zSecure Manager for RACF z/VMVersion 1.11.2
Release Information
���
zSecure Manager for RACF z/VMVersion 1.11.2
Release Information
���
NoteBefore using this information and the product it supports, read the information in “Notices” on page 15.
March 2015
This edition applies to version 2, release 1, modification 1 of IBM Security zSecure products and version 1, release11, modification 2 of IBM Security zSecure Manager for RACF z/VM (product number 5655-T13), and to allsubsequent releases and modifications until otherwise indicated in new editions.
© Copyright IBM Corporation 2015.US Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contractwith IBM Corp.
Contents
Chapter 1. What's new for IBM SecurityzSecure Manager for RACF z/VM V1.11.2 1
Chapter 2. Release notes for IBMSecurity zSecure Manager for RACFz/VM . . . . . . . . . . . . . . . . 5
Chapter 3. Documentation updates . . . 7IBM Security zSecure CARLa Command Reference . . . 7
COPY command . . . . . . . . . . . . 7
SHOW command . . . . . . . . . . . . 8NEWLIST TYPE=RACF: RACF profiles . . . . 8
Manager for RACF z/VM User Reference Manual . . . 9RACF Administration Guide . . . . . . . . 9
IBM Security zSecure Messages Guide . . . . . . 11
Chapter 4. System requirements. . . . 13
Notices . . . . . . . . . . . . . . 15Trademarks . . . . . . . . . . . . . . 17
© Copyright IBM Corp. 2015 iii
iv Release Information
Chapter 1. What's new for IBM Security zSecure Manager forRACF z/VM V1.11.2
IBM® Security zSecure™ Manager for RACF z/VM version 1.11.2 includes newfeatures specifically for the z/VM platform. Other new features and enhancementsare a result of updates included in the IBM Security zSecure Admin and IBMSecurity zSecure Audit for z/OS version 1.13.1, 2.1.0, and 2.1.1 product releasesthat share functionality with the z/VM version of the product.
The most notable of these features is the zSecure Audit Compliance TestingFramework introduced in zSecure 1.13.1 with the extensions to the user interfaceand configuration options provided by zSecure 2.1.0 and 2.1.1, allowing you todefine your own security standard and report on compliance with it.
New enhancements to IBM Security zSecure Manager for RACF z/VM version1.11.2 are described briefly here. See the specified topics in the library for moreinformation.v Compliance, auditing, and monitoring:
– The compliance framework has been extended for automation and coveragefor compliance verification.- Provides the capability to improve results through a comprehensive,
automated audit referencing a built-in knowledge base.- Reduces the manual processes for gathering data to support activities for
compliance.- Coverage for Security Technical Implementation Guide (STIG) for z/VM,
and the ability to extend beyond STIG or define your own standard.v Enhanced comparison processing:
– ISPF user interface is enhanced to help you compare your security settingsagainst an approved version or against other systems and databases.
v Enhanced multi-system support:– New concept: collection a group of sets of input files.– The D line command on profiles is now allowed on summaries to issue
cross-complex deletions.v CARLa enhancements:
– DEFINE...PARSE(field,[begin sep][,end sep]):The begin separator specification and the end separator presence are nowoptional. This allows unwanted suffixes to be ignored.
– New parameter for the REPORT SCOPE statement:Use extra parameter RACLIST_MERGE to switch from reporting individualprofiles (GXFACILI/XFACILIT) to merged profiles (“XFACILIT”).
– New parameters for SHOW command:
CKFINThe SHOW CKFIN command causes a message CKR2218 to be issued foreach CKFREEZE data set with the CKFCOLL input parameters that limitor extend the information collected into the CKFREEZE snapshot data set.
CKFMSGThe SHOW CKFMSG command causes a message CKR2219 to be issued
© Copyright IBM Corp. 2015 1
for each CKFREEZE data set with the error and warning messages issuedby CKFCOLL during creation of the CKFREEZE snapshot data set.
v New CARLa report types and fields:– New fields for NEWLIST TYPE=DASDVOL:
FORMATReflects the format of the disk volume (CP, AIX, LINUX, NOVTOC, orVTOCTRK0).
MINIDISK
This flag field is true if the disk volume is a nondedicated VM minidisk.It is part of the system repeat group.
READ_ONLYThis flag field is true if the volume is linked in read-only mode to thevirtual machine that is running the operating system image.
VMLINKThis flag is true if the device is accessed through VM.
– New: NEWLIST TYPE=ID:This report type shows attributes for ID in the current RACF source. Thisreport type is not yet implemented in the user interface.
– New field for NEWLIST TYPE=RACF:
VOLSER_KEY, VOLUME_KEYFor non-VSAM data set profiles and tape profiles, this field contains thefirst volume serial of the volume serial list. This value is the same as thevalue used on the VOLUME and FVOLUME parameters of the RACF ADDSD andALTSD commands.
– New: NEWLIST TYPE=RESOURCE:RESOURCE reports on the protection of users or groups collected fromseveral subsystems. It shows the profiles and, optionally, the resources towhich a user or group has direct or indirect access.
– New fields for NEWLIST TYPE=SYSTEM and NEWLIST TYPE=SETROPTS:
PWD_MIN_LENThis field returns the minimum user password length as a decimalnumber; the default output width is 2 digits. If no password length rulehas been defined, the default returned value is 1.
RACF_PWD_ALGORITHMThis field shows the password algorithm in effect.
RACF_PWD_SPECIAL_CHARThis flag field indicates whether special characters are allowed inpasswords.
v Usability enhancements:– Profiles can be selected without specific ACL entry– OVM segment handling during copy user or group– Look up in the base segment from an application segment– SMF Event reporting based on Connected-to-Group– SMF Event reporting about superuser activity– Search for userid by name in restricted context– Tailor action commands per class and segment
v z/VM exploitation:
2 Release Information
– Exploitation of z/VM 6.3; for example, the ability to obtain SMF settings forRACF server.
– The UI panels now support the Open Extensions OVM segment for the USERand GROUP classes.
– z/VM exploitation and toleration support for z/VM 6.3 PTFs:- Exploitation: VM65498: NEW FUNCTION - ADDITIONAL
INFORMATION FROM DIAGNOSE X'A0' SUBCODE X'50'- Toleration: VM65322: D/T2107 VM SUPPORT FOR SOFT FENCE AND
QUERY HOST ACCESSv Documentation:
The chapters on the CARLa command language and the NEWLIST fields havebeen split off from the User Reference Manuals into a separate, licensed, book:IBM Security zSecure CARLa Command Reference, LC27-6548-00. This bookcombines the information about CARLa commands and NEWLIST fields forzSecure Manager for RACF® z/VM® and zSecure for RACF, ACF2, and TopSecret.
Chapter 1. What's new for IBM Security zSecure Manager for RACF z/VM V1.11.2 3
4 Release Information
Chapter 2. Release notes for IBM Security zSecure Managerfor RACF z/VM
Read this document to find important installation information for IBM SecurityzSecure Manager for RACF z/VM V1.11.2. You can also learn about compatibilityissues, limitations, and known problems.
If you are upgrading from a version of IBM Security zSecure Manager for RACFz/VM that is older than version 1.11.1, also see the Release Information for theversions that you skipped. You can retrieve the Release Information documents,starting with IBM Security zSecure Manager for RACF z/VM version 1.11.1. Startwith the oldest version at the IBM Knowledge Center for IBM Security zSecureManager for RACF z/VM.
This chapter covers the following topics:v “Installing IBM Security zSecure Manager for RACF z/VM”v “Incompatibility warnings”v “Limitations and known problems” on page 6
Installing IBM Security zSecure Manager for RACF z/VM
For installation instructions, see the following documents:v Program directoryv Installation and deployment
For an installation roadmap that shows all steps to install, configure, and deploy anew installation of zSecure Manager for RACF z/VM or an upgrade to IBMSecurity zSecure Manager for RACF z/VM V1.11.2, see the Manager for RACF z/VMInstallation and Deployment Guide at the IBM Knowledge Center for IBM SecurityzSecure Manager for RACF z/VM.
Incompatibility warnings
Installation and deployment
v The sample CKV EXEC bootstrap is now delivered as CKV SAMPLEand no longer uses fixed target device addresses or filemodes.
v The sample C2R$PARV CKVPARM configuration file is now delivered asC2R$PARV SAMPLE (It was C2R$PARV CARLA in earlier releases.)
Administration and operation
Changed behavior of the less than(<) operator for RACF date fieldsThe less than operator (<) in the SELECT/EXCLUDE statementapplied against RACF date fields no longer considers missingvalues. Therefore, the less than condition for such cases results ina no match outcome.
Messages CKR2225 and CKR2226Messages CKR2226 and CKR2226 indicate that a VERIFY or NEWLISTwas requested, but that no CKFREEZE file was connected (CKR2225)or that the CKFREEZE was restricted in content (CKR2226). Thesemessages are suppressible, but results are unpredictable.
© Copyright IBM Corp. 2015 5
Limitations and known problems
Calling the CARLA engineCalling the CARLA engine in ISPF split screen mode does not work andhas been disabled.
Virtual storage requirementTo prevent out-of-storage errors, the UI requires a minimum of 256MB ofvirtual storage.
Insufficient authority
v If the CMS user has no access to DIAG A0-50:– Obtaining LIVE RACF information is not possible.– ABEND might occur.
v User requires one of the following:– Needs class B.– Must explicitly specify link information.– Must provide a CKFREEZE file.
Limitations and problems that arise after publication of this Release Informationdocument are documented in technotes. Therefore, regularly scan for updates onIBM Security zSecure at Search support and downloads.
6 Release Information
Chapter 3. Documentation updates
The following documentation changes apply and replace the information asdescribed in the zSecure Manager for RACF z/VM product library for release1.11.2.
IBM Security zSecure CARLa Command Reference
The following sections have been changed.
COPY command
The following parameters have been added to the COPY command in Chapter 1.CARLa Command Language:
NEWOVMFSROOT('new root path')NEWOVMFSROOT='new root path'
This parameter can be used with the COPY USER= TOUSER= command toset the path to the z/VM Open Extensions (OVM) file system rootdirectory for the new user ID. The string can be enclosed in single, double,or left quotation marks. The FSROOT path name can consist of anycharacters, including quotation marks.
NEWOVMGID(new gid)NEWOVMGID=new gid
This parameter can be used with the COPY GROUP= TOGROUP=command to set the value of the z/VM GID for the new group. The valueof the new GID can be a number. If the NEWOVMGID keyword is notpresent on the copy command, the value of the GID for the source group isused.
NEWOVMHOME('new home directory')NEWOVMHOME='new home directory'
This parameter can be used with the COPY USER= TOUSER= command toset the path to the z/VM Open Extensions (OVM) home directory for thenew user ID. The string can be enclosed in single, double, or left quotationmarks. The HOME path name can consist of any characters, includingquotation marks.
NEWOVMPROGRAM('new shell command')NEWOVMPROGRAM='new shell command'
This parameter can be used with the COPY USER= TOUSER= command toset the path to the z/VM Open Extensions (OVM) default shell programfor the new user ID. The string can be enclosed in single, double, or leftquotation marks. The PROGRAM path name can consist of any characters,including quotation marks.
NEWOVMUID(new uid)NEWOVMUID=new uid
This parameter can be used with the COPY USER= TOUSER= command toset the value of the z/VM Open Extensions (OVM) UID for the new userID. The value of new uid can be a number. If the NEWOVMUID keywordis not present on the copy command, the value of the source user's UID isused.
© Copyright IBM Corp. 2015 7
NOOVMUsing the COPY command with the NOOVM parameter prevents theduplication of the OVM segment of the user or group that is being copied.The NOOVM parameter is mutually exclusive with the NEWOVMUID,NEWOVMGID, NEWOVMFSROOT, NEWOVMPROGRAM, andNEWOVMHOME parameters.
SHOW commandThe CKFIN and CKFMSG parameter descriptions changed as follows:
CKFINThe SHOW CKFIN command causes a message CKR2218 to be issued foreach CKFREEZE data set with the CKFCOLL (z/OS) or CKVCOLL (z/VM)input parameters that limit or extend the information collected into theCKFREEZE snapshot data set.
CKFMSGThe SHOW CKFMSG command causes a message CKR2219 to be issuedfor each CKFREEZE data set with the error and warning messages issuedby CKFCOLL (z/OS) or CKVCOLL (z/VM) during creation of theCKFREEZE snapshot data set.
NEWLIST TYPE=RACF: RACF profiles
The FSROOT, GID, HOME, PROGRAM, and UID parameter descriptions changedas follows:
FSROOT
This field is found on the OVM segment of the user profile. It contains theuser's z/VM OpenExtensions file system root directory.
GID
This field is found in group profiles and is part of the OMVS and OVMsegments. It indicates the numerical group id used for z/OS UNIX (OMVSsegment) and z/VM OpenExtensions (OVM segment).
For OMVS segments: If the overtype option is active, you can suffix thenumber with an S (for example, 1001S), so that the SHARED commandkeyword is added.
HOME
This field is found in user profiles and is part of the OMVS and OVMsegments. It indicates the home directory used for z/OS UNIX (OMVSsegment) and z/VM OpenExtensions (OVM segment). The home directory is acase-sensitive character string of up to 1024 characters.
PROGRAM
The PROGRAM field is found in the BASE segment of DATASET profiles andin the OMVS and OVM segments of user profiles; it has a different meaning inthe two profile types.
In DATASET profiles, it indicates the program name of a conditional access listentry. This is a repeated field that can be combined with the PROGACS,USER2ACS, PACSCNT, and ACL2VAR fields. The number of conditional accesslist entries is listed in the ACL2CNT field. The easiest way to display normaland conditional access list entries is the ACL combination field.
8 Release Information
In user profiles, it indicates the start-up program or shell used for z/OS UNIX(OMVS segment) and z/VM OpenExtensions (OVM segment). The start-upprogram is a case-sensitive character string of up to 1024 characters.
UID
This field is found in user profiles and is part of the OMVS and OVMsegments. It indicates the numerical userid used for z/OS UNIX (OMVSsegment) and z/VM OpenExtensions (OVM segment).
For OMVS segments: When the overtype option is active, you can suffix thenumber with an S (for example, 1001S), so the SHARED command keyword isadded. You can also specify AUTO, which results in addition of the AUTOUIDcommand keyword.
Manager for RACF z/VM User Reference Manual
The following sections have been changed.
RACF Administration GuideLine commands on profile displays: C - Copy
The GROUP COPY panel changed as follows:
RA.4.0 Copy user - Copy an existing user to a new user
The User Multiple copy panel changed as follows:
zSecure Suite - RACF - Group CopyCommand ===>_______________________________________________________________
From group . . . . C##BDOCTo id . . . . . . . ________
_ Do not create OVM segmentOr OVM gid . . . . ___________ (numeric id)_ Copy permits only (target id may be a group or a user)_ Generate RACF commands even when the target group exists_ Copy CUSTOMDATA
Specify options for new group/ Copy catalog aliases (only if CKFREEZE is present)/ Issue ADDSD/RDEF for user resources
_ Copy RACFVARS profiles/members too (if option above selected)
Figure 1. GROUP COPY panel
Chapter 3. Documentation updates 9
After specifying all the criteria, press Enter to generate the applicable RACFcommands. The results are shown in an edit panel showing the CKRCMD file.
RA.4.1 Copy group - Copy existing groups to new groups
The Group multiple copy panel changed as follows:
The option Do not create OVM segment can be used to suppress the duplicationof the OVM segment of the groups that are being copied.
When the Copy CUSTOMDATA option is selected, RACF commands aregenerated to copy custom fields. You can also specify whether catalog aliases are tobe cloned and whether group-specific data sets and general resource profiles are tobe cloned as well. If these profiles are cloned, then you can also specify whetherthe RACFVARS profiles are also to be cloned.
Note: By default the occurrence of a valid group ID as a member or the key of aRACFVARS profile is considered meaningful, although RACF itself assigns nospecial meaning to this occurrence.
zSecure Manager for RACF - RACF - User Multiple copyCommand ===> _________________________________________________________________
Optional parametersDo not connect new user(s) to following group(s):________ ________ ________ ________ ________________ ________ ________ ________ ________Also connect new user(s) to following group(s):________ ________ ________ ________ ________________ ________ ________ ________ ________
_ Generate RACF commands even when the target user exists_ Copy USERDATA and CUSTOMDATA
Specify options for new userid_ Do not create OVM segment_ Revoke new userid/ Copy catalog aliases (only if CKFREEZE is present)_ Issue ADDSD/RDEF for dataset and resource profiles related to the user
/ Copy RACFVARS profiles/members too
Press ENTER to generate RACF commands.
Figure 2. User Multiple copy panel
zSecure Manager for RACF - RACF - Mass update - Copy groupCommand ===> _________________________________________________________________
From group . . . . ________To id . . . . . . . ________ ________ ________ ________ ________
________ ________ ________ ________ ________
_ Do not create OVM segment_ Copy permits only (target id may be a group or a user)_ Generate RACF commands even when the target group exists_ Copy CUSTOMDATA
Specify options for new group:_ Copy catalog aliases (only if CKFREEZE is present)_ Issue ADDSD/RDEF for user resources
_ Copy RACFVARS profiles/members too (if option above selected)
Figure 3. Group multiple copy panel
10 Release Information
After completing this panel, press Enter to generate the applicable RACF and TSOcommands. The generated commands are shown in an edit panel showing theCKRCMD file.
IBM Security zSecure Messages Guide
The following message has been added.
CKR2235 The NOOVM keyword is mutuallyexclusive with the NEWOVMUID,NEWOVMGID, NEWOVMPROGRAM,NEWOVMHOME, andNEWOVMFSROOT keywords.
Explanation: If the NOOVM keyword is used with theCOPY command, then the NEWOVMUID,NEWOVMGID, NEWOVMPROGRAM,NEWOVMHOME, and NEWOVMFSROOT keywordscannot be used.
User response: Remove the appropriate keyword andreissue the COPY command.
Severity: 12
CKR2235
Chapter 3. Documentation updates 11
12 Release Information
Chapter 4. System requirements
This section lists the supported platforms and processor, space, and memoryrequirements and the supported platforms for IBM Security zSecure Manager forRACF z/VM V1.11.2.
Requirements
For processor, memory, programming and space requirements, see the IBMSecurity zSecure Manager for RACF z/VM program directory, available with theproduct or in the IBM Knowledge Center for IBM Security Manager for RACFz/VM.
For an installation roadmap that shows all steps to install, configure, and deploy anew installation of IBM Security zSecure Manager for RACF z/VM or an upgradeto IBM Security zSecure Manager for RACF z/VM V1.11.2, see the IBM SecurityzSecure Manager for RACF z/VM Installation and Deployment Guide at the IBMKnowledge Center for IBM Security Manager for RACF z/VM.
Supported platforms
IBM Security zSecure Manager for RACF z/VM V1.11.2 is supported on thefollowing platforms:v z/VM V5R4v z/VM V6R2v z/VM V6R3
Note: IBM Security zSecure Manager for RACF z/VM V1.11.2 does not providesupport for z/VM V6R1
© Copyright IBM Corp. 2015 13
14 Release Information
Notices
This information was developed for products and services offered in the U.S.A.
IBM may not offer the products, services, or features discussed in this document inother countries. Consult your local IBM representative for information on theproducts and services currently available in your area. Any reference to an IBMproduct, program, or service is not intended to state or imply that only that IBMproduct, program, or service may be used. Any functionally equivalent product,program, or service that does not infringe any IBM intellectual property right maybe used instead. However, it is the user's responsibility to evaluate and verify theoperation of any non-IBM product, program, or service.
IBM may have patents or pending patent applications covering subject matterdescribed in this document. The furnishing of this document does not give youany license to these patents. You can send license inquiries, in writing, to:
IBM Director of LicensingIBM CorporationNorth Castle DriveArmonk, NY 10504-1785U.S.A.
For license inquiries regarding double-byte (DBCS) information, contact the IBMIntellectual Property Department in your country or send inquiries, in writing, to:
Intellectual Property LicensingLegal and Intellectual Property LawIBM Japan, Ltd.1623-14, Shimotsuruma, Yamato-shiKanagawa 242-8502 Japan
The following paragraph does not apply to the United Kingdom or any othercountry where such provisions are inconsistent with local law:
INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THISPUBLICATION "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHEREXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIEDWARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY OR FITNESSFOR A PARTICULAR PURPOSE.
Some states do not allow disclaimer of express or implied warranties in certaintransactions, therefore, this statement might not apply to you.
This information could include technical inaccuracies or typographical errors.Changes are periodically made to the information herein; these changes will beincorporated in new editions of the publication. IBM may make improvementsand/or changes in the product(s) and/or the program(s) described in thispublication at any time without notice.
Any references in this information to non-IBM Web sites are provided forconvenience only and do not in any manner serve as an endorsement of those Web
© Copyright IBM Corp. 2015 15
sites. The materials at those Web sites are not part of the materials for this IBMproduct and use of those Web sites is at your own risk.
IBM may use or distribute any of the information you supply in any way itbelieves appropriate without incurring any obligation to you.
Licensees of this program who wish to have information about it for the purposeof enabling: (i) the exchange of information between independently createdprograms and other programs (including this one) and (ii) the mutual use of theinformation which has been exchanged, should contact:
IBM Corporation2Z4A/10111400 Burnet RoadAustin, TX 78758 U.S.A.
Such information may be available, subject to appropriate terms and conditions,including in some cases payment of a fee.
The licensed program described in this document and all licensed materialavailable for it are provided by IBM under terms of the IBM Customer Agreement,IBM International Program License Agreement or any equivalent agreementbetween us.
Any performance data contained herein was determined in a controlledenvironment. Therefore, the results obtained in other operating environments mayvary significantly. Some measurements may have been made on development-levelsystems and there is no guarantee that these measurements will be the same ongenerally available systems. Furthermore, some measurement may have beenestimated through extrapolation. Actual results may vary. Users of this documentshould verify the applicable data for their specific environment.
Information concerning non-IBM products was obtained from the suppliers ofthose products, their published announcements or other publicly available sources.IBM has not tested those products and cannot confirm the accuracy ofperformance, compatibility or any other claims related to non-IBM products.Questions on the capabilities of non-IBM products should be addressed to thesuppliers of those products.
All statements regarding IBM's future direction or intent are subject to change orwithdrawal without notice, and represent goals and objectives only.
This information contains examples of data and reports used in daily businessoperations. To illustrate them as completely as possible, the examples include thenames of individuals, companies, brands, and products. All of these names arefictitious and any similarity to the names and addresses used by an actual businessenterprise is entirely coincidental.
COPYRIGHT LICENSE:
This information contains sample application programs in source language, whichillustrate programming techniques on various operating platforms. You may copy,modify, and distribute these sample programs in any form without payment toIBM, for the purposes of developing, using, marketing or distributing applicationprograms conforming to the application programming interface for the operatingplatform for which the sample programs are written. These examples have not
16 Release Information
been thoroughly tested under all conditions. IBM, therefore, cannot guarantee orimply reliability, serviceability, or function of these programs. You may copy,modify, and distribute these sample programs in any form without payment toIBM for the purposes of developing, using, marketing, or distributing applicationprograms conforming to IBM‘s application programming interfaces.
If you are viewing this information in softcopy form, the photographs and colorillustrations might not be displayed.
TrademarksIBM, the IBM logo, and ibm.com are trademarks or registered trademarks ofInternational Business Machines Corp., registered in many jurisdictions worldwide.Other product and service names might be trademarks of IBM or other companies.A current list of IBM trademarks is available on the Web at “Copyright andtrademark information” at www.ibm.com/legal/copytrade.shtml.
Adobe, the Adobe logo, Acrobat, PostScript, and the PostScript logo are eitherregistered trademarks or trademarks of Adobe Systems Incorporated in the UnitedStates, and/or other countries.
IT Infrastructure Library is a registered trademark of the Central Computer andTelecommunications Agency which is now part of the Office of GovernmentCommerce.
Intel, Intel logo, Intel Inside, Intel Inside logo, Intel Centrino, Intel Centrino logo,Celeron, Intel Xeon, Intel SpeedStep, Itanium, and Pentium are trademarks orregistered trademarks of Intel Corporation or its subsidiaries in the United Statesand other countries.
Linux is a registered trademark of Linus Torvalds in the United States, othercountries, or both.
Microsoft, Windows, Windows NT, and the Windows logo are trademarks ofMicrosoft Corporation in the United States, other countries, or both.
ITIL is a registered trademark, and a registered community trademark of the Officeof Government Commerce, and is registered in the U.S. Patent and TrademarkOffice.
UNIX is a registered trademark of The Open Group in the United States and othercountries.
Cell Broadband Engine is a trademark of Sony Computer Entertainment, Inc. in theUnited States, other countries, or both and is used under license therefrom.
Linear Tape-Open, LTO, the LTO Logo, Ultrium and the Ultrium Logo aretrademarks of HP, IBM Corp. and Quantum in the U.S. and other countries.
Other company, product, and service names may be trademarks or service marksof others.
Notices 17
18 Release Information
����
Printed in USA
