How to Order
This page provides information about how to place an order for an IBM Cryptographic HSM.
IBM 4769 / CEX7S
IBM Systems offers high-end, high-performance hardware security modules (HSMs) which provide a flexible solution suitable for high-security processing and cryptographic operations to address your cryptographic needs.
- IBM Z® mainframes (z15® only) as FC 0898/0899 (CEX7S).
- IBM Power Systems® as FC EJ35 / EJ37, and
- Appropriate x64 servers as MTM 4769-001.
Order HSM
The IBM 4769 Cryptographic Coprocessor is the latest generation and fastest of the IBM hardware security module (HSM) family. This page describes how to order the HSM.
- IBM Z® family z15® mainframes, either on z/OS® or Linux® on IBM Z operating systems, ordered as a Crypto feature code (FC) 0898 or 0899 – Crypto Express 7S (CEX7S).
- x64 servers as an IBM Z machine type-model (MTM), on Red Hat® Enterprise Linux (RHEL) 64-bit operating systems. Smart cards are required to manage the IBM 4769. See smart card information below for ordering smart cards and smart card readers.
- IBM Power Systems™ POWER10® servers, either on IBM AIX®, IBM i®, or PowerLinux™ (RHEL or SLES) operating systems and IBM POWER9® servers, either on IBM AIX or IBM i operating systems. On IBM AIX and PowerLinux, smart cards are required to manage the IBM 4769. See smart card information below for ordering smart cards and smart card readers.
Order a CEX7S for IBM Z
To place an order for the CEX7S feature, contact your IBM Customer Engineer. A minimum of 2 features is required per computer, with a maximum of 60.
Order a 4769-001 for x64
To place an order for a 4769-001, contact your Americas Call Centers, local IBM representative, or your IBM Business Partner. To identify your local IBM representative or IBM Business Partner, seeContact Cryptocards to contact the Cryptocards team.
Order a 4769 for Power Systems
To order the feature for IBM Power Systems (FC EJ35 or EJ37), see the IBM Power Systems website for information. The coprocessor and its software and firmware are obtained as features of the IBM Power Systems and not from this website.
Order smart cards and readers
-
Identiv smart card readers
Smart card readers can be ordered from Identiv (SPR332 v2.0 Secure Class 2 PIN Pad Reader (link resides outside of ibm.com), part number 905127-1).Note: IBM cannot guarantee the quality of smart card readers from external sources. Two smart card readers are required because the smart card readers interact during some operations. You may want to consider purchasing one or two additional smart card readers for redundancy. -
IBM smart cards
IBM smart cards can be ordered from IBM (part number 00RY790, commonly known as blue smart cards). Contact your local IBM representative, your IBM Business Partner, IBM's Directory of worldwide contacts for information about ordering from IBM in your country. In North America, you can also use the IBM Maintenance Parts retail website (link resides outside of ibm.com) to order smart cards.
- Two readers are required because there are operations where smart card readers interact with each other.
- A minimum of two smart cards are needed because you must have a Certificate Authority (CA) smart card and at least one TKE smart card. Please review the Calculate smart card quantity section for details.
Calculate smart card quantity
Dual Control for Crypto Module Administration | Number of MK Part Holders | CA Card *Always Required* | Separate Test and Production Crypto Module Environments | Make Backups of Smart Cards | Total Smart Cards Required |
---|---|---|---|---|---|
No - 1 (not recommended) | 0 - combine module administrator and MK part holder duties (not recommended) | 1 | No | No | 2 |
No - 1 (not recommended) | 1 (not recommended) | 1 | No | No | 3 |
Yes - 2 | 3 | 1 | No | No | 6 |
Yes - 2 | 2 | 1 | No | No | 5 |
Yes - 2 | 3 | 1 | No | Yes | 12 |
Yes - 2 | 2 | 1 | No | Yes | 10 |
Yes - 2 | 3 | 1 | Yes | No | 12 |
Yes - 2 | 2 | 1 | Yes | No | 10 |
Yes - 2 | 3 | 1 | Yes | Yes | 24 |
Yes - 2 | 2 | 1 | Yes | Yes | 20 |
Contact us
Contact the Crypto team if you need additional assistance.
Some publications for the 4769 are available on the IBM Docs 4769 Cryptographic Coprocessor Page. Others are available for download on the IBM 4769 download site, including instructions for installing the 4769 in your server and for loading the coprocessor firmware.