IBM z/OS User Manual

Page 70

background image


z/OS supports Enterprise Identity Mapping (EIM). EIM

defi nes a user’s security context that is consistent through-

out an enterprise, regardless of the User ID used and

regardless of which platform the user is accessing. RACF

commands are enhanced to allow a security administrator

to defi ne EIM information for EIM applications to use. The

EIM information consists of the LDAP host name where the

EIM domain resides, the EIM domain name, and the bind

distinguished name and password an application may use

to establish a connection with the domain.

Intrusion Detection Services (IDS)

Introduced in z/OS 1.2 and enhanced in 1.5, IDS enables

the detection of attacks on the TCP/IP stack and the appli-

cation of defensive mechanisms on the z/OS server. The

focus of IDS is self-protection. IDS can be used alone or

in combination with an external network-based Intrusion

Detection System. IDS is integrated into the z/OS Commu-

nications Server stack.

• IPv6

• IPv6 (Internet Protocol version 6) is supported in z/OS

and can dramatically increase network addressability

in support of larger internal and multi-enterprise net-

works. z/OS provides compatibility with existing network

addressing and mixed-mode addressing with IPv4.


• HiperSockets, introduced in z/OS 1.2, provides very

high-speed, low latency TCP/IP data communica-

tions across LPARs within the same zSeries server.

HiperSockets acts like a TCP/IP network within the


• HiperSockets Accelerator provides an “accelerated

routing path” which concentrates traffi c between OSA-

Express external network connections and HiperSockets

connected LPARs. This function can improve perfor-

mance, simplify confi guration, and increase scalability

while lowering cost by reducing the number of network-

ing adapters and associated I/O cage slots required for

large numbers of virtual servers.

Communications Services highlights:

• A single high-performance TCP/IP stack providing sup-

port for both IPv4 and IPv6 applications

• High Performance Native Sockets (HPNS) for TCP/IP


• Support for the latest security protocols - SSL & TLS

• Multinode Persistent Sessions for SNA applications run-

ning in a Parallel Sysplex environment

• Simple Network Time Protocol Support (SNTP) for client/

server synchronization

• New confi guration support for Enterprise Extender (EE)

XCA major nodes allows activation and inactivation at

the GROUP level. In addition, the EE XCA major node

now supports confi guration updates when the major

node is active. This provides fl exibility and can help

improve availability by allowing updates to occur without

necessarily affecting existing sessions.

• Alternate route selection for SNA and Enterprise

Extender (EE): VTAM


allows alternate route selection

for sessions using Enterprise Extender (EE) connec-

tion networks when connectivity fails due to temporary

conditions in the underlying IP network. This can help

improve availability for sessions using EE connection
