IBM z/OS manual Intrusion Detection Services IDS, HiperSockets

z/OS supports Enterprise Identity Mapping (EIM). EIM

defi nes a user’s security context that is consistent through- out an enterprise, regardless of the User ID used and regardless of which platform the user is accessing. RACF commands are enhanced to allow a security administrator to defi ne EIM information for EIM applications to use. The EIM information consists of the LDAP host name where the EIM domain resides, the EIM domain name, and the bind distinguished name and password an application may use to establish a connection with the domain.

Intrusion Detection Services (IDS)

Introduced in z/OS 1.2 and enhanced in 1.5, IDS enables the detection of attacks on the TCP/IP stack and the appli- cation of defensive mechanisms on the z/OS server. The focus of IDS is self-protection. IDS can be used alone or in combination with an external network-based Intrusion Detection System. IDS is integrated into the z/OS Commu- nications Server stack.

•IPv6

•IPv6 (Internet Protocol version 6) is supported in z/OS and can dramatically increase network addressability in support of larger internal and multi-enterprise net- works. z/OS provides compatibility with existing network addressing and mixed-mode addressing with IPv4.

HiperSockets

•HiperSockets, introduced in z/OS 1.2, provides very high-speed, low latency TCP/IP data communica- tions across LPARs within the same zSeries server. HiperSockets acts like a TCP/IP network within the server.

•HiperSockets Accelerator provides an “accelerated routing path” which concentrates traffi c between OSA- Express external network connections and HiperSockets connected LPARs. This function can improve perfor- mance, simplify confi guration, and increase scalability while lowering cost by reducing the number of network- ing adapters and associated I/O cage slots required for large numbers of virtual servers.

Communications Services highlights:

•A single high-performance TCP/IP stack providing sup- port for both IPv4 and IPv6 applications

•High Performance Native Sockets (HPNS) for TCP/IP applications

•Support for the latest security protocols - SSL & TLS

•Multinode Persistent Sessions for SNA applications run- ning in a Parallel Sysplex environment

•Simple Network Time Protocol Support (SNTP) for client/ server synchronization

•New confi guration support for Enterprise Extender (EE) XCA major nodes allows activation and inactivation at the GROUP level. In addition, the EE XCA major node now supports confi guration updates when the major node is active. This provides fl exibility and can help improve availability by allowing updates to occur without necessarily affecting existing sessions.

•Alternate route selection for SNA and Enterprise Extender (EE): VTAM® allows alternate route selection for sessions using Enterprise Extender (EE) connec- tion networks when connectivity fails due to temporary conditions in the underlying IP network. This can help improve availability for sessions using EE connection networks.