IBM z/OS manual Intrusion Detection Services IDS, HiperSockets

Page 70

z/OS supports Enterprise Identity Mapping (EIM). EIM

defi nes a user’s security context that is consistent through- out an enterprise, regardless of the User ID used and regardless of which platform the user is accessing. RACF commands are enhanced to allow a security administrator to defi ne EIM information for EIM applications to use. The EIM information consists of the LDAP host name where the EIM domain resides, the EIM domain name, and the bind distinguished name and password an application may use to establish a connection with the domain.

Intrusion Detection Services (IDS)

Introduced in z/OS 1.2 and enhanced in 1.5, IDS enables the detection of attacks on the TCP/IP stack and the appli- cation of defensive mechanisms on the z/OS server. The focus of IDS is self-protection. IDS can be used alone or in combination with an external network-based Intrusion Detection System. IDS is integrated into the z/OS Commu- nications Server stack.

IPv6

IPv6 (Internet Protocol version 6) is supported in z/OS and can dramatically increase network addressability in support of larger internal and multi-enterprise net- works. z/OS provides compatibility with existing network addressing and mixed-mode addressing with IPv4.

HiperSockets

HiperSockets, introduced in z/OS 1.2, provides very high-speed, low latency TCP/IP data communica- tions across LPARs within the same zSeries server. HiperSockets acts like a TCP/IP network within the server.

HiperSockets Accelerator provides an “accelerated routing path” which concentrates traffi c between OSA- Express external network connections and HiperSockets connected LPARs. This function can improve perfor- mance, simplify confi guration, and increase scalability while lowering cost by reducing the number of network- ing adapters and associated I/O cage slots required for large numbers of virtual servers.

Communications Services highlights:

A single high-performance TCP/IP stack providing sup- port for both IPv4 and IPv6 applications

High Performance Native Sockets (HPNS) for TCP/IP applications

Support for the latest security protocols - SSL & TLS

Multinode Persistent Sessions for SNA applications run- ning in a Parallel Sysplex environment

Simple Network Time Protocol Support (SNTP) for client/ server synchronization

New confi guration support for Enterprise Extender (EE) XCA major nodes allows activation and inactivation at the GROUP level. In addition, the EE XCA major node now supports confi guration updates when the major node is active. This provides fl exibility and can help improve availability by allowing updates to occur without necessarily affecting existing sessions.

Alternate route selection for SNA and Enterprise Extender (EE): VTAM® allows alternate route selection for sessions using Enterprise Extender (EE) connec- tion networks when connectivity fails due to temporary conditions in the underlying IP network. This can help improve availability for sessions using EE connection networks.

70

Image 70
Contents IBM zSeries 990 and z/OS Reference Guide Table of Contents ZSeries Overview What does an on demand company look like?To huge increases in user activity Tools for Managing e-businessArchitecture Architecture Operating System SupportIBM zSeries TionBase Ratio Z990 Design and Technology MultiChip Module is the technology cornerstone for Z990 Models Z990 Family ModelsZ990 and IBM On/Off Capacity on Demand Model Upgrades Z990 and z900 Performance Comparison Z990 I/O SubSystem Z990 Cage LayoutGreater than 15 Logical Partitions LP Physical Channel IDs PCHIDs SubSystemIC Channel Spanning Z990 Channels and I/O ConnectivityLogical Channel SubSystem Lcss Spanning Up to 1024 Escon ChannelsIntegrated Cluster Bus-3 ICB-3 InterSystem Channel-3 ISC-3Integrated Cluster Bus-2 ICB-2 Integrated Cluster Bus-4 ICB-4Performance Ficon Express Channel Card FeaturesFibre Channel Connectivity Flexibility Three channel types supportedShared infrastructure Native Ficon ChannelsFicon CTC function Ficon ConnectivityFicon Support for Cascaded Directors Ficon Bridge Channel FCP ChannelsOpen Systems Adapter-Express Features OSA-Express FCP Full fabric connectivityZ990 OSA-Express 1000BASE-T Ethernet OSA-Express Integrated Console ControllerQueued Direct Input/Output Qdio Z990 OSA-Express Gigabit EthernetZ990 OSA-Express Token-Ring NON-QDIO operational modeServer to User connections IPv6 Support Lpar Support of OSA-ExpressPerformance enhancements for virtual servers HiperSockets LCSS0 LCSS1HiperSockets Network Concentrator Cryptography ZSeries Security Certification Cryptography Z990 Capacity Upgrade on Demand CUoDAvailability Plan Ahead and Concurrent ConditioningZ990 Server Capacity BackUp CBU Advanced Availability Functions Z990 Server Customer Initiated Upgrade CIUConcurrent Maintenance Transparent SparingConcurrent Memory Upgrade Concurrent Capacity Backup Downgrade CBU UndoParallel Sysplex Cluster Technology Coupling Facility Configuration Alternatives System-Managed CF Structure Duplexing Parallel Sysplex Coupling Connectivity Z990 Theoretical Maximum Coupling Link Speed OptionsIntelligent Resource Director IRD ScopeDynamic Channel Path Management Lpar CPU ManagementChannel Subsystem Priority Queuing Page Geographically Dispersed Parallel Sysplex HyperSwap Geographically Dispersed Parallel Sysplex Gdps Enhancements Page Page Parallel Sysplex FacilitiesNo single point of failure Components and assumptionsLinux on zSeries Z990 Support for LinuxIBM Middleware Tivoli Access Manager for Operating Systems Version Integrated Facility for Linux IFL Linux Distribution PartnersVM Version 4 and Version OSA-Express Ethernet for LinuxHiperSockets Fibre Channel Protocol FCP channel Support for LinuxCryptographic Support for Linux ZSeries 990 Family Configuration DetailLinux Support Processor Unit Assignments Cryptographic FeaturesOSA-Express Features Processor MemoryZ990 Frame and I/O Configuration Content Planning for I/O General InformationZ990 Dimensions Physical CharacteristicsZ990 Power/Heating/Cooling System Power Consumption kW System Cooling Air Flow Rate CFMCoupling Facility CF Level of Support Fiber-Optic Cabling and System ConnectivityFiber-optic jumper cabling package Integrated system services OS.e ZSeries Application Assist ProcessorBit Support OS ScalabilityAutomation Support System Services Sense and Respond with Workload ManagerWLM Improvements for WebSphere Data Management with DfsmsSystem Management Services CICS/VSAM enabled for 24x7 availabilityJES2 and JES3 Console Enhancements EnhancementsSecurity Services Advanced System AutomationRacf enhancements Multilevel SecurityLdap PKI Services FirewallApplication Enablement Services Network Authentication ServiceLanguage Environment Java UnicodeDynamic Virtual IP Address Takeover Communication ServicesRexx Functions Sysplex DistributorIntrusion Detection Services IDS HiperSocketsOS Unix HighlightsDistributed Computing Services Unix System Services benefits can includeZSeries File System zFS Distributed File Services DFS Server Message Block Internet ServicesPrint Services Infoprint CentralLibrary Center Integrated TestingSoftcopy Publications Support PublicationsOS 1.6 is supported on the following IBM servers Installation ConsiderationsOS 1.4 and 1.5 are supported on the following IBM servers Migration/CoexistenceMigration, installation and customization Enhancements ZSeries Bimodal Support for z/OSWizards Order z/OS through the InternetVM Version 3 VM Version 4 Exploiting New Technology Systems Management Application Enablement Networking with z/VMPage Engine-based Value Unit Pricing VM Version 5Enhancements in z/VM V5.1 include Network Virtualization and Security Technology ExploitationSystems Management Improvements To learn more