IBM Support

When using IBM Configuration Assistant for z/OS Communications Server to configure IP Security, what kinds of reusable objects need to be defined?

Question & Answer


Question

When using IBM Configuration Assistant for z/OS Communications Server to configure IP Security, what kinds of reusable objects need to be defined?

Answer

Using the Configuration Assistant, there are four types of reusable objects:

Traffic descriptors that define the IP traffic type, such as TCP or UDP

Security levels that define the different ways to protect data, such as the encryption level

Requirement maps that map traffic descriptors to security levels

A single requirement map should contain a complete set of security requirements that will govern the level of security for multiple IP traffic types.

Address groups that define a set of addresses to be used in an IP filter rule

For each TCP/IP stack, you create a set of connectivity rules that indicate the data endpoints and indicate which requirement map will govern security between the data endpoints.

The Configuration Assistant comes with a number of IBM-supplied traffic descriptors, security levels, and requirement maps that are easily applied to an existing network topology, or the IBM-supplied definitions can be used as the basis for your own set of reusable objects.

[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SSSN3L","label":"z\/OS Communications Server"},"Platform":[{"code":"PF035","label":"z\/OS"}],"Component":"","Version":"","Line of Business":{"code":"LOB35","label":"Mainframe SW"}}]

Product Synonym

ZOSCS COMMSERVER

Document Information

Modified date:
21 July 2015

UID

dwa1203631