Question & Answer
Question
What security is there for the 10GbE RoCE Express feature? How do I know that data traveling across the RDMA fabric is protected?
Answer
"SMC-R preserves almost all the existing network security, IP topology, and network administrative and operational models available in z/OS Communications Server.
For example, the data that travels across the RoCE fabric can be protected with encryption, data integrity controls, authentication, access controls and so on.
SAF controls, IP Filtering, Intrusion Detection Services (IDS), SSL/TLS and AT-TLS can be implemented to provide security.
Only IPsec traffic with its requirement for IP packets cannot be supported, since SMC-R does not use IP packets across the RoCE fabric.
Although the RoCE physical connection may include Ethernet switches, the SMC-R link is logically point-to-point, eliminating the need for a firewall inside the RoCE fabric.
See White Paper on security considerations: http://www-01.ibm.com/common/ssi/cgi-bin/ssialias?subtype=WH&infotype=SA&appname=STGE_ZS_SW_USEN&htmlfid=ZSW03255USEN&attachm#loaded " (Linda Harrison, SMC-R RoCE FAQ Document, http://www-03.ibm.com/support/techdocs/atsmastr.nsf/WebIndex/FQ131485)
Product Synonym
ZOSCS COMMSERVER
Was this topic helpful?
Document Information
Modified date:
28 April 2015
UID
dwa1188637