Question & Answer
Question
When using IBM Configuration Assistant for z/OS Communications Server to configure IP Security, what kinds of reusable objects need to be defined?
Answer
Using the Configuration Assistant, there are four types of reusable objects:
•Traffic descriptors that define the IP traffic type, such as TCP or UDP
•Security levels that define the different ways to protect data, such as the encryption level
•Requirement maps that map traffic descriptors to security levels
A single requirement map should contain a complete set of security requirements that will govern the level of security for multiple IP traffic types.
•Address groups that define a set of addresses to be used in an IP filter rule
For each TCP/IP stack, you create a set of connectivity rules that indicate the data endpoints and indicate which requirement map will govern security between the data endpoints.
The Configuration Assistant comes with a number of IBM-supplied traffic descriptors, security levels, and requirement maps that are easily applied to an existing network topology, or the IBM-supplied definitions can be used as the basis for your own set of reusable objects.
Product Synonym
ZOSCS COMMSERVER
Was this topic helpful?
Document Information
Modified date:
21 July 2015
UID
dwa1203631