Migrating to zOS R8 Part 1 - Messmer The Brain House
Migrating to zOS R8 Part 1 - Messmer The Brain House
Migrating to zOS R8 Part 1 - Messmer The Brain House
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Communications Server<br />
Security Level 3<br />
Cryp<strong>to</strong>graphic Services<br />
DCE Base Services<br />
z/OS V1<strong>R8</strong><br />
z/OS V1<strong>R8</strong><br />
OS/390 V2R9<br />
<strong>Migrating</strong> <strong>to</strong> z/OS <strong>R8</strong> <strong>Part</strong> 1 of 3: Get Ready<br />
Communications Server consists of two components: IP Services and SNA<br />
Services.<br />
A related optional feature is Communications Server Security Level 3.<br />
For encryption, IP Services uses the firewall CDMF DES 40-bit, SNMPv3<br />
DES 56-bit, IP Sec DES 56-bit, and AES algorithms. IP Services also uses<br />
the System SSL component of Cryp<strong>to</strong>graphic Services for encryption<br />
services. SNA Services uses the limited DES algorithm for encryption.<br />
AnyNet (R) function was removed from Communications Server (SNA<br />
Services) in V1<strong>R8</strong> of z/OS and z/OS.e. AnyNet has not been enhanced in<br />
many years and has been supplanted by Enterprise Extender, which has<br />
superior function and performance.<br />
Type: optional feature, exclusive, unpriced, cannot be dynamically enabled.<br />
This feature works in conjunction with the Communications Server base<br />
element <strong>to</strong> provide stronger encryption (greater than 64 bits) than that<br />
available without this feature. This feature uses the TDES algorithm for<br />
encryption. <strong>The</strong> actual level of encryption that takes place with this feature<br />
installed can be configured <strong>to</strong> be something less than the maximum level<br />
enabled by this feature.<br />
This feature is worldwide exportable subject <strong>to</strong> U.S. export regulations.<br />
Type: base element, exclusive.<br />
Cryp<strong>to</strong>graphy is the transformation of data <strong>to</strong> conceal its meaning. In z/OS<br />
and z/OS.e, the base element Cryp<strong>to</strong>graphic Services provides the following<br />
base cryp<strong>to</strong>graphic functions: data secrecy, data integrity, personal<br />
identification, digital signatures, and the management of cryp<strong>to</strong>graphic keys.<br />
Keys as long as 56 bits are supported by this base element. (Keys longer<br />
than 56 bits are supported by the optional feature z/OS Security Level 3.)<br />
Cryp<strong>to</strong>graphic Services consists of the following components:<br />
w Integrated Cryp<strong>to</strong>graphic Service Facility (ICSF). <strong>The</strong> level of V1<strong>R8</strong><br />
ICSF is FMID HCR7731, which is the same level as in the Web<br />
deliverable Enhancements <strong>to</strong> Cryp<strong>to</strong>graphic Support for z/OS and<br />
z/OS.e V1R6/R7.<br />
w Open Cryp<strong>to</strong>graphic Services Facility (OCSF), which was last<br />
changed in OS/390 V2R10.<br />
w PKI Services, which was last changed in z/OS V1<strong>R8</strong> and z/OS.e<br />
V1<strong>R8</strong>. Before V1R5, this component was in the optional feature<br />
Security Server, although it was licensed with the base operating<br />
system and could be used without ordering or enabling Security<br />
Server.<br />
w System Secure Sockets Layer (SSL), which was last changed in<br />
z/OS V1<strong>R8</strong> and z/OS.e V1<strong>R8</strong>.<br />
For encryption:<br />
w OCSF uses the RC2/RC4/RC5 40-56 bit and DES 56-bit algorithms.<br />
w PKI Services uses the RACF (R) component of optional feature<br />
Security Server, and the ICSF, OCSF, and System SSL components<br />
of base element Cryp<strong>to</strong>graphic Services. For digital signatures, PKI<br />
Services uses the RSA, DSA, and DES 56-bit algorithms.<br />
w System SSL uses the RC2/RC4, DES through 56-bit,<br />
Diffie-Hellman, RSA, and DSA algorithms.<br />
Type: base element, exclusive.<br />
DCE Base Services provides services for developing and running<br />
client/server applications, including remote procedure call, direc<strong>to</strong>ry,<br />
SHARE (c) Copyright IBM Corporation, 2006 August 15, 2006<br />
Session 2870 Page 53 of 70 Baltimore, MD