What security is there for the 10GbE RoCE Express feature? How do I know that data traveling across the RDMA fabric is protected?

Question & Answer

Question

Answer

"SMC-R preserves almost all the existing network security, IP topology, and network administrative and operational models available in z/OS Communications Server.

For example, the data that travels across the RoCE fabric can be protected with encryption, data integrity controls, authentication, access controls and so on.

SAF controls, IP Filtering, Intrusion Detection Services (IDS), SSL/TLS and AT-TLS can be implemented to provide security.

Only IPsec traffic with its requirement for IP packets cannot be supported, since SMC-R does not use IP packets across the RoCE fabric.

Although the RoCE physical connection may include Ethernet switches, the SMC-R link is logically point-to-point, eliminating the need for a firewall inside the RoCE fabric.

See White Paper on security considerations: http://www-01.ibm.com/common/ssi/cgi-bin/ssialias?subtype=WH&infotype=SA&appname=STGE_ZS_SW_USEN&htmlfid=ZSW03255USEN&attachm#loaded " (Linda Harrison, SMC-R RoCE FAQ Document, http://www-03.ibm.com/support/techdocs/atsmastr.nsf/WebIndex/FQ131485)

[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SSSN3L","label":"z\/OS Communications Server"},"Platform":[{"code":"PF035","label":"z\/OS"}],"Component":"","Version":"","Line of Business":{"code":"LOB35","label":"Mainframe SW"}}]

Product Synonym

ZOSCS COMMSERVER

Was this topic helpful?

Document Information

Modified date:
28 April 2015

UID

dwa1188637

Tips

What security is there for the 10GbE RoCE Express feature? How do I know that data traveling across the RDMA fabric is protected?

Question & Answer

Question

Answer

Product Synonym

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?