"SMC-R preserves almost all the existing network security, IP topology, and network administrative and operational models available in z/OS Communications Server.

For example, the data that travels across the RoCE fabric can be protected with encryption, data integrity controls, authentication, access controls and so on.

SAF controls, IP Filtering, Intrusion Detection Services (IDS), SSL/TLS and AT-TLS can be implemented to provide security.

Only IPsec traffic with its requirement for IP packets cannot be supported, since SMC-R does not use IP packets across the RoCE fabric.

Although the RoCE physical connection may include Ethernet switches, the SMC-R link is logically point-to-point, eliminating the need for a firewall inside the RoCE fabric.

See White Paper on security considerations: http://www-01.ibm.com/common/ssi/cgi-bin/ssialias?subtype=WH&infotype=SA&appname=STGE_ZS_SW_USEN&htmlfid=ZSW03255USEN&attachm#loaded " (Linda Harrison, SMC-R RoCE FAQ Document, http://www-03.ibm.com/support/techdocs/atsmastr.nsf/WebIndex/FQ131485)