Sysplex eBusiness Security z/OS V1R7 Update

An IBM Redbooks publication

Note: This is publication is now archived. For reference only.

thumbnail 

Published on 27 September 2006

  1. .PDF (3.2 MB)


Share this page:   

ISBN-10: 0738494801
ISBN-13: 9780738494807
IBM Form #: SG24-7150-00


Authors: Chris Rayns, Patrick Kappeler, Giancarlo Rodolfi, Kristen Donceel, Jean-Marc Darees, Matt Nuttall and Ian Hollamby

    menu icon

    Abstract

    This IBM Redbooks publication provides an overview of the z/OS Security setups for Parallel Sysplex installations that are considering serving users locally or over non-secure TCP/IP networks. It provides insight into what can be done to minimize the risks in such contexts by addressing the following operating environments:

    - Parallel Sysplex (as a stand-alone system) security.

    - One member of the Sysplex is exposed to a non-secure network.

    - All members of the Sysplex can be reached from the non-secure network.

    We use a simple Sysplex configuration running at z/OS 1.7, with the capability of testing workload distribution among the Sysplex members. The basic Security features of z/OS are tested in this environment: SSL/TLS with session ID sharing, Kerberos Key Distribution Center, Communications Server Intrusion Detection Services, and IPSec VPNs with Sysplex Wide Security Association. Other areas of investigation are the potential consequences of resource sharing with members being connected to non-secure networks and what protections are available in terms of z/OS mechanisms and Sysplex configuration best practices.

    Table of Contents

    Part 1. Basic Parallel Sysplex security

    Chapter 1. Introduction

    Chapter 2. Protection of the Sysplex-specific resources

    Chapter 3. UNIX System Services Security

    Chapter 4. Sysplex Workload Management and Security

    Part 2. One Sysplex member with network connectivity

    Chapter 5. Protecting the network connection

    Chapter 6. Security at the network level

    Part 3. All Sysplex members with network connectivity

    Chapter 7. All Sysplex members with network connectivity

    Chapter 8. Miscellaneous network-related considerations

    Appendix A. RACF protection of MVS commands

    Appendix B. TCP/IP configuration information

    Appendix C. IP filtering implementation and management example

    Appendix D. IP filtering and Sysplex Distributor

    Appendix E. AT-TLS implementation

    Appendix F. Sysplex session-ID caching setup example

    Appendix G. VPN setup

     

    Others who read this also read