Sysplex eBusiness Security z/OS V1R7 Update

An IBM Redbooks publication

Published 27 September 2006

cover image

ISBN-10: 0738494801
ISBN-13: 9780738494807
IBM Form #: SG24-7150-00
(326 pages)

More options

Rate and comment

Authors: Chris Rayns, Patrick Kappeler, Giancarlo Rodolfi, Kristen Donceel, Jean-Marc Darees, Matt Nuttall, Ian Hollamby


This IBM Redbooks publication provides an overview of the z/OS Security setups for Parallel Sysplex installations that are considering serving users locally or over non-secure TCP/IP networks. It provides insight into what can be done to minimize the risks in such contexts by addressing the following operating environments:

- Parallel Sysplex (as a stand-alone system) security.
- One member of the Sysplex is exposed to a non-secure network.
- All members of the Sysplex can be reached from the non-secure network.

We use a simple Sysplex configuration running at z/OS 1.7, with the capability of testing workload distribution among the Sysplex members. The basic Security features of z/OS are tested in this environment: SSL/TLS with session ID sharing, Kerberos Key Distribution Center, Communications Server Intrusion Detection Services, and IPSec VPNs with Sysplex Wide Security Association. Other areas of investigation are the potential consequences of resource sharing with members being connected to non-secure networks and what protections are available in terms of z/OS mechanisms and Sysplex configuration best practices.

Table of contents

Part 1. Basic Parallel Sysplex security
Chapter 1. Introduction
Chapter 2. Protection of the Sysplex-specific resources
Chapter 3. UNIX System Services Security
Chapter 4. Sysplex Workload Management and Security
Part 2. One Sysplex member with network connectivity
Chapter 5. Protecting the network connection
Chapter 6. Security at the network level
Part 3. All Sysplex members with network connectivity
Chapter 7. All Sysplex members with network connectivity
Chapter 8. Miscellaneous network-related considerations
Appendix A. RACF protection of MVS commands
Appendix B. TCP/IP configuration information
Appendix C. IP filtering implementation and management example
Appendix D. IP filtering and Sysplex Distributor
Appendix E. AT-TLS implementation
Appendix F. Sysplex session-ID caching setup example
Appendix G. VPN setup

Others who read this publication also read

Follow IBM Redbooks

Follow IBM Redbooks