70
z/OS supports Enterprise Identity Mapping (EIM). EIM
defi nes a user’s security context that is consistent through-
out an enterprise, regardless of the User ID used and
regardless of which platform the user is accessing. RACF
commands are enhanced to allow a security administrator
to defi ne EIM information for EIM applications to use. The
EIM information consists of the LDAP host name where the
EIM domain resides, the EIM domain name, and the bind
distinguished name and password an application may use
to establish a connection with the domain.
Intrusion Detection Services (IDS)
Introduced in z/OS 1.2 and enhanced in 1.5, IDS enables
the detection of attacks on the TCP/IP stack and the appli-
cation of defensive mechanisms on the z/OS server. The
focus of IDS is self-protection. IDS can be used alone or
in combination with an external network-based Intrusion
Detection System. IDS is integrated into the z/OS Commu-
nications Server stack.
• IPv6
• IPv6 (Internet Protocol version 6) is supported in z/OS
and can dramatically increase network addressability
in support of larger internal and multi-enterprise net-
works. z/OS provides compatibility with existing network
addressing and mixed-mode addressing with IPv4.
HiperSockets
• HiperSockets, introduced in z/OS 1.2, provides very
high-speed, low latency TCP/IP data communica-
tions across LPARs within the same zSeries server.
HiperSockets acts like a TCP/IP network within the
server.
• HiperSockets Accelerator provides an “accelerated
routing path” which concentrates traffi c between OSA-
Express external network connections and HiperSockets
connected LPARs. This function can improve perfor-
mance, simplify confi guration, and increase scalability
while lowering cost by reducing the number of network-
ing adapters and associated I/O cage slots required for
large numbers of virtual servers.
Communications Services highlights:
• A single high-performance TCP/IP stack providing sup-
port for both IPv4 and IPv6 applications
• High Performance Native Sockets (HPNS) for TCP/IP
applications
• Support for the latest security protocols - SSL & TLS
• Multinode Persistent Sessions for SNA applications run-
ning in a Parallel Sysplex environment
• Simple Network Time Protocol Support (SNTP) for client/
server synchronization
• New confi guration support for Enterprise Extender (EE)
XCA major nodes allows activation and inactivation at
the GROUP level. In addition, the EE XCA major node
now supports confi guration updates when the major
node is active. This provides fl exibility and can help
improve availability by allowing updates to occur without
necessarily affecting existing sessions.
• Alternate route selection for SNA and Enterprise
Extender (EE): VTAM
®
allows alternate route selection
for sessions using Enterprise Extender (EE) connec-
tion networks when connectivity fails due to temporary
conditions in the underlying IP network. This can help
improve availability for sessions using EE connection
networks.