Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
Local IPSec NMI z/OS Communications Server: IP Programmer's Guide and Reference SC27-3659-02 |
|
The z/OS® Communications Server IKE daemon provides the IPSec network management interface (NMI). The IPSec NMI is an AF_UNIX socket interface through which network management applications can manage IP filtering and IPSec on local TCP⁄IP stacks. Use this interface for network management applications that expect to maintain agents on each individual z/OS system or use it in any environments where z/OS network security services (NSS) is not enabled. If your applications use a centralized management and monitoring approach, you should consider using the NSS management interface that is described in Network security services (NSS) network management NMI. This interface enables applications to obtain the following types
of data regarding the local TCP⁄IP stacks
and the IKE daemon:
Tip: If you are processing IPSec SMF records, there are
some structures that were designed to be analogous to IPSec NMI structures.
If you have code to process these structures, you might not need
to write new parsing code. The section names are indicated in the
individual SMF records and are described in detail in Type 119 SMF records.
The terms phase 1 and phase 2 refer to different types of security
associations (SAs) that the z/OS IKE daemon can negotiate with its peers. Although the specific
terminology for these types of security associations differs between
the IKE version 1 and IKE version 2 protocols, the terms phase 1 and
phase 2 refers to both versions. IKE terminology includes the following
definitions:
|
Copyright IBM Corporation 1990, 2014
|