Available for all platforms where EE is available, ZEN EE SECURITY provides a range of security options and additional functionality that add value to the base IBM EE offering, whether in the datacenter or at the branch level (2216, Cisco SNASw, etc.). ZEN EE SECURITY applies the industry standard security facilities of digital certificates and Secure Sockets Layer (SSL) to the SNA payload, ensuring that data is fully encrypted and authenticated.

SSL Encryption and Authentication for EE

EE does not support SSL – it uses UDP rather than the TCP protocol required by SSL. This means that end-to-end, session-level security is not possible with EE alone. In addition, without the ZEN EE SECURITY SSL feature especially sensitive e-commerce transactions such as online banking or the replacement of a 3745/SNI inter/intra-company connection may be vulnerable. For businesses requiring maximum protection for their legacy applications, the ZEN EE SECURITY SSL feature provides complete data integrity.

Because it enables full SSL encryption and authentication via digital certificates, the ZEN EE SECURITY SSL feature is a necessity for businesses that:

  • want to exchange information securely via EE;
  • want to replace secure connections based on IBM’s withdrawn 3745/SNI technology;
  • want to secure EE at the branch level.


ZES removes restrictions associated with UDP and EE

Multiple IP Stack Support for EE

Primarily for network traffic isolation (security) reasons, some z/OS sites deploy multiple IP stacks in a single LPAR. IBM’s Communications Server allows VTAM to communicate with multiple IP stacks concurrently but unfortunately EE can only use one IP stack per LPAR at a time. This restriction imposes limitations on a company’s preferred network topography.

ZEN EE SECURITY provides a very simple and low-cost solution to the EE ‘Multiple Stack’ restriction. The ZEN EE SECURITY Multi-Stack feature allows ZEN EE SECURITY to route EE traffic between IP stacks. This feature requires very little configuration and can be deployed quickly. No changes to existing IP stack configurations are necessary so existing security standards are not compromised.

The ZEN EE SECURITY Multi-Stack feature also allows session partners to be authenticated via the optional ZEN EE SECURITY Digitial Certificate feature.


  • Eliminates potential conflicts with firewalls: no UDP packets traverse the network
  • Only encrypted packets leave the mainframe
  • Minimizes the use of system resources
  • Enables industry-standard SSL/TLS encryption
  • Supports IBM's AT-TLS network security feature
  • Supports industry-standard authentication via digital certificates
  • Enables EE usage in multiple-IP-stack/single LPAR environment
  • Secures your network over a variety of network and OS configurations
  • Supports all EE supported platforms (Windows, AIX, Linux etc)