IBM z/OS V1R12 Communications Server TCP/IP Implementation: Volume 4 Security and Policy-Based Networking

An IBM Redbooks publication

Published 18 July 2011, updated 27 July 2011

cover image

ISBN-10: 073843566X
ISBN-13: 9780738435664
IBM Form #: SG24-7899-00
(954 pages)

More options

Rate and comment

Authors: Mike Ebbers, Rama Ayyar, Octavio L. Ferreira, Gazi Karakus, Yukihiko Miyamoto, Joel Porterie, Andi Wijaya


For more than 40 years, IBM® mainframes have supported an extraordinary portion of the world’s computing work, providing centralized corporate databases and mission-critical enterprise-wide applications. The IBM System z® provides world class and state-of-the-art support for the TCP/IP Internet protocol suite.

TCP/IP is a large and evolving collection of communication protocols managed by the Internet Engineering Task Force (IETF), an open, volunteer, organization. Because of its openness, the TCP/IP protocol suite has become the foundation for the set of technologies that form the basis of the Internet. The convergence of IBM mainframe capabilities with Internet technology, connectivity, and standards (particularly TCP/IP) is dramatically changing the face of information technology and driving requirements for ever more secure, scalable, and highly available mainframe TCP/IP implementations.

The IBM z/OS® Communications Server TCP/IP Implementation series provides understandable, step-by-step guidance about how to enable the most commonly used and important functions of z/OS Communications Server TCP/IP. This IBM Redbooks® publication explains how to set up security for the z/OS networking environment. Network security requirements have become more stringent and complex. Because many transactions come from unknown users and untrusted networks, careful attention must be given to host and user authentication, data privacy, data origin authentication, and data integrity. We also include helpful tutorial information in the appendixes of this book because security technologies can be quite complex,

For more specific information about z/OS Communications Server base functions, standard applications, and high availability, refer to the other volumes in the series.

Table of contents

Part 1. SAF-based security
Chapter 1. RACF demystified
Chapter 2. Protecting network resources
Part 2. Managing security
Chapter 3. Certificate management in z/OS
Part 3. Policy-based networking
Chapter 4. Policy agent
Chapter 5. Central Policy Server
Chapter 6. Quality of Service
Chapter 7. IP filtering
Chapter 8. IP Security
Chapter 9. Network Security Services for IPSec clients
Chapter 10. Network Security Services for WebSphere DataPower appliances
Chapter 11. Network Address Translation traversal support
Chapter 12. Application Transparent Transport Layer Security
Chapter 13. Intrusion detection services
Chapter 14. IP defensive filtering
Chapter 15. Policy-based routing
Part 4. Application-based security
Chapter 16. Telnet security
Chapter 17. Secure File Transfer Protocol
Appendix A. Basic cryptography
Appendix B. Telnet security advanced settings
Appendix C. Configuring IPSec between z/OS and Windows
Appendix D. zIIP Assisted IPSec
Appendix E. AES-256 and trusted TCP connections
Appendix F. z/OS Communications Server IPSec RFC currency
Appendix G. Our implementation environment

Follow IBM Redbooks

Follow IBM Redbooks