IBM z/OS manual Ldap

Page 65

z/OS SSL support includes the ability for applications to create multiple SSL environments within a single process. An application can now modify environment attributes without terminating any SSL sessions already underway.

IPv6 Support: This support allows System SSL to be used in an IPv6 network confi guration. It also enables System SSL to support both IPv4 and IPv6 Internet pro- tocol addresses.

Performance is improved with CRL Caching: Today, SSL supports certifi cate revocation lists (CRLs) stored in an LDAP server. Each time a certifi cate needs to be validated, a request is made to the LDAP server to get the list of CRLs. CRL Caching enables applications to request that the retrieved list of CRLs be cached for a defi ned length of time.

Support for the AES Symmetric Cipher for SSL V3 and TLS Connections: System SSL supports the Advanced Encryption Standard (AES), which provides data encryp- tion using 128-bit or 256-bit keys for SSL V3.0 and TLS V1.0 connections.

Support for DSS (Digital Signature Standard) Certifi - cates: System SSL has been enhanced to support Digi- tal Signature Standard certifi cates defi ned by the FIPS (Federal Information Processing Standard) 186-1 Stan- dard.

System SSL of RSA Private Keys Stored in ICSF: With z/OS 1.4, support is introduced that is designed to allow a certifi cate’s private key to reside in ICSF thus lifting

a restriction where the private key had to reside in the RACF database.

Failover LDAP provides greater availability: You can now specify a list of Security Server-LDAP servers to be used for storing certifi cate revocation lists (CRLs). When certifi cate validation is being performed, this list will be used to determine which LDAP server to connect to for the CRL information.

Simplifi ed administration with the ability to export and import certifi cate chains using PKCS#7 format fi les.defi ned length of time.

LDAP

z/OS provides industry-standard Lightweight Directory Pro- tocol (LDAP) services supporting thousands of concurrent clients. Client access to information in multiple directories is supported with the LDAP protocol. The LDAP server supports thousands of concurrent clients, increasing the maximum number of concurrently connected clients by an order of magnitude.

Enhancements

Mandatory Authentication Methods (required by IETF RFC 2829) are supported in z/OS 1.4: The CRAM-MD5 and DIGEST-MD5 authentication methods have been added. The methods avoid fl owing the user’s password over the connection to the server. The LDAP Server, the C/C++ APIs, and the utilities are updated with this sup- port. Interoperability is improved for any applications that make use of these methods.

TLS: z/OS LDAP now provides support for TLS (Trans- port Layer Security) as defi ned in IETF RFC 2830 as an alternative to SSL support. It also provides support, via an LDAP extended operation, that allows applications to selectively activate TLS for certain LDAP operations at the application’s discretion.

65

Page 64 Page 66
Image 65
Page 64 Page 66
Contents IBM zSeries 990 and z/OS Reference Guide Table of Contents What does an on demand company look like? ZSeries OverviewTools for Managing e-business To huge increases in user activityArchitecture Operating System Support ArchitectureTion IBM zSeriesBase Ratio Z990 Design and Technology MultiChip Module is the technology cornerstone for Z990 and IBM On/Off Capacity on Demand Z990 Family ModelsZ990 Models Model Upgrades Z990 and z900 Performance Comparison Z990 Cage Layout Z990 I/O SubSystemPhysical Channel IDs PCHIDs SubSystem Greater than 15 Logical Partitions LPLogical Channel SubSystem Lcss Spanning Z990 Channels and I/O ConnectivityIC Channel Spanning Up to 1024 Escon ChannelsIntegrated Cluster Bus-2 ICB-2 InterSystem Channel-3 ISC-3Integrated Cluster Bus-3 ICB-3 Integrated Cluster Bus-4 ICB-4Fibre Channel Connectivity Ficon Express Channel Card FeaturesPerformance Flexibility Three channel types supportedNative Ficon Channels Shared infrastructureFicon Support for Cascaded Directors Ficon ConnectivityFicon CTC function FCP Channels Ficon Bridge ChannelFCP Full fabric connectivity Open Systems Adapter-Express Features OSA-ExpressOSA-Express Integrated Console Controller Z990 OSA-Express 1000BASE-T EthernetZ990 OSA-Express Gigabit Ethernet Queued Direct Input/Output QdioServer to User connections NON-QDIO operational modeZ990 OSA-Express Token-Ring Performance enhancements for virtual servers Lpar Support of OSA-ExpressIPv6 Support LCSS0 LCSS1 HiperSocketsHiperSockets Network Concentrator Cryptography Availability Z990 Capacity Upgrade on Demand CUoDZSeries Security Certification Cryptography Plan Ahead and Concurrent ConditioningZ990 Server Capacity BackUp CBU Concurrent Maintenance Z990 Server Customer Initiated Upgrade CIUAdvanced Availability Functions Transparent SparingParallel Sysplex Cluster Technology Concurrent Capacity Backup Downgrade CBU UndoConcurrent Memory Upgrade Coupling Facility Configuration Alternatives System-Managed CF Structure Duplexing Parallel Sysplex Coupling Connectivity Options Z990 Theoretical Maximum Coupling Link SpeedIRD Scope Intelligent Resource DirectorChannel Subsystem Priority Queuing Lpar CPU ManagementDynamic Channel Path Management Page Geographically Dispersed Parallel Sysplex HyperSwap Geographically Dispersed Parallel Sysplex Gdps Enhancements Page Page Facilities Parallel SysplexComponents and assumptions No single point of failureIBM Middleware Z990 Support for LinuxLinux on zSeries Tivoli Access Manager for Operating Systems Version VM Version 4 and Version Linux Distribution PartnersIntegrated Facility for Linux IFL OSA-Express Ethernet for LinuxFibre Channel Protocol FCP channel Support for Linux HiperSocketsLinux Support ZSeries 990 Family Configuration DetailCryptographic Support for Linux OSA-Express Features Cryptographic FeaturesProcessor Unit Assignments Processor MemoryGeneral Information Z990 Frame and I/O Configuration Content Planning for I/OZ990 Power/Heating/Cooling System Power Consumption kW Physical CharacteristicsZ990 Dimensions System Cooling Air Flow Rate CFMFiber-Optic Cabling and System Connectivity Coupling Facility CF Level of SupportFiber-optic jumper cabling package Integrated system services ZSeries Application Assist Processor OS.eAutomation Support OS ScalabilityBit Support Sense and Respond with Workload Manager System ServicesData Management with Dfsms WLM Improvements for WebSphereJES2 and JES3 CICS/VSAM enabled for 24x7 availabilitySystem Management Services Enhancements Console EnhancementsAdvanced System Automation Security ServicesMultilevel Security Racf enhancementsLdap Firewall PKI ServicesLanguage Environment Network Authentication ServiceApplication Enablement Services Unicode JavaRexx Functions Communication ServicesDynamic Virtual IP Address Takeover Sysplex DistributorHiperSockets Intrusion Detection Services IDSHighlights OS UnixZSeries File System zFS Unix System Services benefits can includeDistributed Computing Services Internet Services Distributed File Services DFS Server Message BlockInfoprint Central Print ServicesSoftcopy Publications Support Integrated TestingLibrary Center PublicationsOS 1.4 and 1.5 are supported on the following IBM servers Installation ConsiderationsOS 1.6 is supported on the following IBM servers Migration/CoexistenceZSeries Bimodal Support for z/OS Migration, installation and customization EnhancementsOrder z/OS through the Internet WizardsVM Version 3 VM Version 4 Exploiting New Technology Systems Management Networking with z/VM Application EnablementPage Enhancements in z/VM V5.1 include VM Version 5Engine-based Value Unit Pricing Technology Exploitation Network Virtualization and SecuritySystems Management Improvements To learn more
Top Page Image Contents