Skip to main content

Software  >  Networking  >  Communications Server  >  
 

z/OS Communications Server

Mainframe network security for on demand transactions

  What's New
What's new in z/OS V1R5 Communications Server?

Highlights of new functions in z/OS V1R5 Communications Server. For more information, read What’s new in z/OS Communications Server? [PDF, (1.94MB) ]

  • IPv6 Ready Logo certified: z/OS V1R5 has been certified with the IPv6 Ready Logo for IPv6 capabilities and interoperability
    • This certification is the result of IPv6 testcases defined by the IPv6 Forum. The certification documents that z/OS V1R5 supports the required IPv6 standards and that it can interoperate with other IPv6 platforms that have also been certified
    • The z/OS IPv6 implementation that started in z/OS V1R4 is extended in V1R5 in the areas of additional standard applications being IPv6 enabled. These include TN3270 server, Enterprise Extender, Sendmail, and more. IPv6 support also includes dynamic routing support through RIP for IPv6, IPv6 point-to-point link support, IPv6 network management through SNMP IPv6 functions, etc

  • Real-time Systems Management: Enabling real-time systems management for improved performance management and problem determination
    • A new network management interface is available in V1R5. This interface enables network management products, such as Tivoli's NetView for z/OS to access network management data in real time through a set of highly efficient programming interfaces. The new network management interfaces enable management of both TCP/IP and Enterprise Extender resources
    • NetView for z/OS has already shipped real-time IP packet trace collection and analysis functions that are based on these new interfaces. Other Tivoli products will follow shortly with even more exploitation of the new interfaces

  • Improved availability and scalability: Improved availability and scalability of IP-based workload in a z/OS Sysplex
    • TCP/IP on z/OS has supported the highly availably and scalable z/OS Sysplex environment since OS/390 V2R8. In this release, the support is extended to provide more flexible IP workload balancing capabilities. These include a client-based affinity with a server instance and a round-robin distribution algorithm in addition to the existing WLM-based distribution logic
    • To improve availability of IP-based services in a Sysplex that is being started, new policies govern how services are to be started. If a backup LPAR for a service is started before the primary LPAR, these policies control whether the backup should wait for the primary LPAR or function as primary

  • Protecting z/OS from network attacks:
    • Malicious users exist both in an intranet and on the Internet. Communications Server on z/OS provides a range of technologies that can be used to protect the z/OS system itself from a variety of attacks by network users, and to protect data while in the network
    • z/OS Communications Server comes with integrated Intrusion Detection Services (IDS) that are controlled via policies and will detect events such as port or interface scans, malformed packet attacks, flooding of TCP connections or UDP packets, etc. Attack types that are meant to harm are rejected, while handling of other events that may or may not be legitimate are controlled through policies. All attack types can be logged, MVS console messages generated for automation, etc
    • V1R5 adds an interface flood detection algorithm that analyses individual suspicious flood attack types that individually might not qualify as intrusion events, but when aggregated, such as an interface level, may be an indication of an attack

  • Secure file transfer: V1R5 enables you to transfer files securely with FTP (File Transfer Protocol) through filtering and Network Address Translation (NAT) firewalls
    • The FTP protocol has been enhanced with support for Secure Sockets Layer (SSL) and Transport Layer Security (TLS). FTP on z/OS has supported SSL/TLS FTP connections since z/OS V1R2. SSL/TLS enables encryption of the dialog between the FTP client and the server and of the files that are transferred between the two
    • The FTP protocol used to be very sensitive to NAT firewalls. That sensitivity was worsened with SSL/TLS support. Firewalls in the path between an FTP client and an FTP server would break connections between the two if they used SSL/TLS. Recent enhancements to the FTP protocol itself and the way FTP is implemented on z/OS now allow secure and reliable FTP connections crossing any number of filtering and NAT firewalls in the path between the client and the server. This enables you to use FTP to transfer confidential data over insecure networks

  • SNA integration over IP: Integration of SNA over IP networks using Enterprise Extender (EE) made easier
    • EE is very successful with our major SNA customers who use it to transport SNA over IP intranets and to replace SNA subarea network interconnection (SNI) to business partners. Consolidating to a single network infrastructure, based on IP, provides significant cost savings
    • EE in z/OS V1R5 now supports NAT firewall traversal. This allows you to benefit from the configuration simplification offered by global connection network across IP network segments that are separated by NAT firewalls

  • Leveraging VLAN technology: Efficient use of OSA Express adapter resources through support of VLAN technology
    • Multiple LPARs can now share the same OSA adapter port, but each be members of different virtual LANs. This allows more efficient use of the OSA Express adapter resources and ensures separation of network traffic. Separation is used for security purposes

 
PDF's

Get Adobe® Reader®