IBM z/OS Management Facility

 

Configuration Assistant for z/OS Communications Server

Configuring a network can be complex. The process involves multiple tasks, the configuration syntax can be complicated and error-prone, and it is often difficult to assess how configuration changes impact the network.

The z/OSMF Configuration Assistant for z/OS® Communications Server task provides assistance in configuring TCP/IP networking policies and can help dramatically reduce the amount of time required to create network configuration files. For example, what once may have taken hours to set up TCP/IP filters, may now potentially take as little as 30 minutes.

With the Configuration Assistant task, for any number of z/OS images and TCP/IP stacks, you can create configuration files for the following:

  • Application Transparent - Transport Layer Security
  • IP Security
  • Intrusion Detection Services
  • Network Security Services
  • Quality of Service
  • Policy Based Routing
  • Defense Manager Daemon

To simplify things even more, step by step tasks are provided, complete with setup for RACF® security, started procedures, and Policy Agent configuration. Health checks are provided to ensure the consistency and accuracy of policy definitions.

Screen capture of the IPSec page in the z/OSMF Configuration Assistant task.

Enhancements by Release

For z/OSMF V1R12, the Configuration Assistant task:

  • Supports the configuration of IKE version 2.
  • Enforces RFC4301 compliance for IPSec filter rules.
  • Supports the configuration of certificate trust chains and certificate revocation lists for IKE.
  • Supports the configuration of new cryptographic algorithms for IPSec and IKE.
  • Supports the configuration of FIPS 140 cryptographic mode for IPSec and IKE.
  • Adds default AT-TLS rules, which are intended to simplify secure connections with AT-TLS.

For z/OSMF V1R13, the Configuration Assistant task:

  • Allows you to retrieve TCP/IP profile information from active TCP/IP stacks, enabling it to import lists of IP addresses that are available for policy configuration.
  • Allows you to configure z/OS V1R12 and V1R13 Communications Server.
  • Allows a policy rule to be defined once and used for multiple stacks.
  • Adds Intrusion Detection Services (IDS) support for IPv6 traffic.
  • Provides an intuitive interface for creating IDS configurations.

For z/OSMF V2R1, the Configuration Assistant task:

  • Provides a modern, intuitive interface that is consistent with other z/OSMF tasks.
  • Requires less z/OS CPU usage.
  • Adds AT-TLS support for the following RFCs:
    • Renegotiation options (RFC 5746)
    • Elliptic Curve Cryptography (RFC 4492 and RFC 5480)
    • TLSv1.2 (RFC 5246)
    • AES GCM Cipher Suites (RFC 5288)
    • Suite B Profile (RFC 5430)
    • ECC and AES GCM with SHA-256/384 (RFC 5289)
  • Allows you to configure z/OS V1R12, V1R13, and V2R1 Communications Server.
  • Adds Policy Based Routing (PBR) support for IPv6.

Contact IBM

Browse z/OS