Abstract: A computer-implemented method and a computer program product for pending updates status queries in extended link services. A host application on a host device queries an update pending on a target device. The host device constructs a pending update query command for the target device, where the pending update query command includes a descriptor tag, a descriptor length, and a pending update vector. The host device sends the pending update query command to the target device. The host device receives from the target device a response to the pending update query command, where the response includes a link service request information descriptor and a pending update descriptor.

Abstract: An approach for improving endpoint security. The approach requests security capabilities from endpoints of communications. The approach can analyze the differences between the security capabilities of the endpoints. The approach can negotiate a security capability supported by the endpoints of the communication. The approach can determine if the negotiation succeeded. If the negotiation failed, then the approach can create a report describing capabilities of the endpoints and suggesting changes to improve the endpoint security. The approach can send the report to the appropriate interested personnel.

Abstract: Aspects of the invention include channel key loading of a host bus adapter (HBA) based on a secure key exchange (SKE) authentication response by a responder node of a computing environment. A non-limiting example computer-implemented method includes receiving an authentication response message at an initiator channel on an initiator node from a responder channel on a responder node to establish a secure communication, the receiving at a local key manager (LKM) executing on the initiator node. A state check can be performed based on a security association of the initiator node and the responder node. An identifier of a selected encryption algorithm can be extracted from the authentication response message. The initiator channel can request to communicate with the responder channel based at least in part on a successful state check and the selected encryption algorithm.

Abstract: An approach for extending encryption to input/output (I/O) on Peripheral Component Interconnect express (PCIe) links. The approach receives a proposal list of available encryption mechanisms. The approach selects an encryption mechanism from the proposal list, the encryption mechanism performs the encryption without encryption services from an associated Host Bus Adapter (HBA). The approach directs the I/O to the encryption mechanism.

Abstract: A packet of data is obtained at one device of a network. A path from the one device to a next device of the network is determined, as well as at least one toll value for the path from the one device to the next device. Based on the at least one toll value for the path from the one device to the next device, a routing toll is adjusted. The routing toll is stored in a frame used in routing the packet of data in the network.

Abstract: Aspects include receiving, at an input/output (I/O) processor, a transport control word (TCW) that includes an instruction to perform physical port mirroring. It is identified, by the I/O processor, a first port to be mirrored and a second port to perform the mirroring. The second port is a physical port on a host bus adapter (HBA). In response to outbound data being sent to the first port for transmission to a first target device and to the instruction specifying outbound port mirroring, the I/O processor sends a copy of the outbound data to a second target device via the second port. In response to receiving inbound data at the first port and to the instruction specifying inbound port mirroring, a copy of the inbound data is transmitted to the second target device via the second port.

Abstract: Aspects include obtaining data to be transformed. A selected transformation to be applied to the data is determined based on a storage block address list entry (SBALE) in a storage block address list (SBAL). The SBALE includes at least one field that is used in determining the selected transformation to be applied. The selected transformation is applied on the data to generate transformed data and the transformed data is placed in a location specified by the SBAL.

Abstract: Techniques for a virtualized fabric name server for a storage area network are described herein. An aspect includes operating a storage area network, the storage area network including a hybrid control plane. Another aspect includes managing, using a virtualized fabric name server and the hybrid control plane, the storage area network, wherein the virtualized fabric name server is disposed in a container that is hosted on an element of the storage area network.

Abstract: Techniques for a virtualized fabric management server for a storage area network are described herein. An aspect includes operating a storage area network, the storage area network including a hybrid control plane. Another aspect includes managing, using a virtualized fabric management server and the hybrid control plane, the storage area network, wherein the virtualized fabric management server is disposed in a container that is hosted on an element of the storage area network.

Abstract: Embodiments of the invention are directed to registering one or more endpoint devices to receive a notification and detecting a congestion event related to a storage area network. The storage area network includes the one or more endpoint devices. The notification is sent regarding the congestion event to the one or more endpoint devices that have been registered for the notification.

Abstract: Aspects of the invention include initializing a local key manager (LKM) on a node of a computing environment. The node includes a plurality of channels. The LKM is configured to provide a secure data transfer between the node and an other node of the computing environment. A connection is established, by the LKM, between the LKM and an external key manager (EKM) that stores a shared key for the node and the other node. In response to establishing the connection, the LKM registers security capabilities of the plurality of channels. The security capabilities are used by the LKM to provide the secure data transfer between the node and the other node.

Abstract: Aspects include obtaining data to be transformed. A selected transformation to be applied to the data is determined based on a storage block address list entry (SBALE) in a storage block address list (SBAL). The SBALE includes at least one field that is used in determining the selected transformation to be applied. The selected transformation is applied on the data to generate transformed data and the transformed data is placed in a location specified by the SBAL.

Abstract: Embodiments include performing a host-initiated link reset in a storage area network (SAN). Aspects include identifying, by a host in communication with the SAN, each link in the SAN, wherein each link is defined by a pair of ports. Aspects also include obtaining, by the host, a buffer credit balance for each port in the SAN and obtaining, by the host, a buffer credit for each port in the SAN and causing a reset of a link associated with the port by transmitting a link reset record from the host to a control device of the link based on a determination that the buffer credit of a port in the SAN is below a threshold value.

Abstract: Aspects include includes receiving, at an input/output (I/O) processor, a transport control word (TCW) that includes an instruction to perform virtual port mirroring. The I/O processor identifies a first port to be mirrored and a virtual port to perform the mirroring. The virtual port is a first memory location in a memory. In response to outbound data being sent to the first port for transmission to a first target device and to the instruction specifying outbound port mirroring, the I/O processor stores a copy of the outbound data in the first memory location. In response to inbound data being received at the first port and to the instruction specifying inbound port mirroring, a copy of the inbound data is stored at the first memory location.

Abstract: Aspects include receiving, at an input/output (I/O) processor, a transport control word (TCW) that includes an instruction to perform physical port mirroring. It is identified, by the I/O processor, a first port to be mirrored and a second port to perform the mirroring. The second port is a physical port on a host bus adapter (HBA). In response to outbound data being sent to the first port for transmission to a first target device and to the instruction specifying outbound port mirroring, the I/O processor sends a copy of the outbound data to a second target device via the second port. In response to receiving inbound data at the first port and to the instruction specifying inbound port mirroring, a copy of the inbound data is transmitted to the second target device via the second port.

Abstract: Aspects include selecting a channel group from a plurality of channel groups for an I/O operation. Each channel group in the plurality of channel groups is associated with a priority level and includes one or more channels. The selecting is based on a priority level assigned to the I/O operation and the priority level associated with the selected channel group. The I/O operation is driven on a selected channel in the selected channel group. A response time for the I/O operation is recorded and an average I/O response time for the selected channel is calculated. It is determined whether the plurality of channel groups should be reformed based at least in part on the calculated average response time for the selected channel. The plurality of channel groups are reformed in response to determining that the plurality of channel groups should be reformed.

Abstract: An approach for improving endpoint security. The approach requests security capabilities from endpoints of communications. The approach can analyze the differences between the security capabilities of the endpoints. The approach can negotiate a security capability supported by the endpoints of the communication. The approach can determine if the negotiation succeeded. If the negotiation failed, then the approach can create a report describing capabilities of the endpoints and suggesting changes to improve the endpoint security. The approach can send the report to the appropriate interested personnel.

Abstract: Aspects of the invention include receiving a request from an initiator channel on an initiator node to initiate a secure communication with a responder channel on a responder node. The receiving is at a local key manager (LKM) executing on the initiator node. A security association is created at the LKM between the initiator node and the responder node. An identifier of a shared key assigned for communication between the initiator node and the responder node is obtained, and a message requesting initialization of the secure communication between the initiator channel and the responder channel is built. The message includes the identifier of the shared key. The message is sent to the initiator channel.

Abstract: Techniques for a virtualized fabric login server for a storage area network are described herein. An aspect includes operating a storage area network, the storage area network including a hybrid control plane. Another aspect includes managing, using a virtualized fabric login server and the hybrid control plane, the storage area network, wherein the virtualized fabric login server is disposed in a container that is hosted on an element of the storage area network.

Abstract: Aspects of the invention include detecting that a rekey timer has expired. The rekey timer is one of a shared key rekey timer for a current shared key between the first node and a second node, and a session key rekey timer for a session key used in a secure communication between a channel on the first node and a channel on the second node. The session key was created based on the current shared key and is used for encrypting data in the secure communication. Based on the rekey timer being the shared key rekey timer, a new shared key is obtained and stored as the current shared key. Based on the rekey timer being the session key rekey timer, a new session key that is based at least in part on the current shared key is obtained and used in the secure communication.