Configuration Assistant for z/OS Communications Server
Configuring a network can be complex. The process involves multiple tasks, the configuration syntax can be complicated and error-prone, and it is often difficult to assess how configuration changes impact the network.
The z/OSMF Configuration Assistant for z/OS® Communications Server task provides assistance in configuring TCP/IP networking policies and can help dramatically reduce the amount of time required to create network configuration files. For example, what once may have taken hours to set up TCP/IP filters, may now potentially take as little as 30 minutes.
With the Configuration Assistant task, for any number of z/OS images and TCP/IP stacks, you can create configuration files for the following:
- Application Transparent - Transport Layer Security
- IP Security
- Intrusion Detection Services
- Network Security Services
- Quality of Service
- Policy Based Routing
- Defense Manager Daemon
To simplify things even more, step by step tasks are provided, complete with setup for RACF® security, started procedures, and Policy Agent configuration. Health checks are provided to ensure the consistency and accuracy of policy definitions.
Enhancements by Release
For z/OSMF V1R12, the Configuration Assistant task:
- Supports the configuration of IKE version 2.
- Enforces RFC4301 compliance for IPSec filter rules.
- Supports the configuration of certificate trust chains and certificate revocation lists for IKE.
- Supports the configuration of new cryptographic algorithms for IPSec and IKE.
- Supports the configuration of FIPS 140 cryptographic mode for IPSec and IKE.
- Adds default AT-TLS rules, which are intended to simplify secure connections with AT-TLS.
For z/OSMF V1R13, the Configuration Assistant task:
- Allows you to retrieve TCP/IP profile information from active TCP/IP stacks, enabling it to import lists of IP addresses that are available for policy configuration.
- Allows you to configure z/OS V1R12 and V1R13 Communications Server.
- Allows a policy rule to be defined once and used for multiple stacks.
- Adds Intrusion Detection Services (IDS) support for IPv6 traffic.
- Provides an intuitive interface for creating IDS configurations.
For z/OSMF V2R1, the Configuration Assistant task:
- Provides a modern, intuitive interface that is consistent with other z/OSMF tasks.
- Requires less z/OS CPU usage.
- Adds AT-TLS support for the following RFCs:
- Renegotiation options (RFC 5746)
- Elliptic Curve Cryptography (RFC 4492 and RFC 5480)
- TLSv1.2 (RFC 5246)
- AES GCM Cipher Suites (RFC 5288)
- Suite B Profile (RFC 5430)
- ECC and AES GCM with SHA-256/384 (RFC 5289)
- Allows you to configure z/OS V1R12, V1R13, and V2R1 Communications Server.
- Adds Policy Based Routing (PBR) support for IPv6.