Available for all platforms where EE is available, ZEN EE SECURITY provides a range
of security options and additional functionality that add value to the base IBM
EE offering, whether in the datacenter or at the branch level (2216, Cisco SNASw,
etc.). ZEN EE SECURITY applies the industry standard security facilities of digital
certificates and Secure Sockets Layer (SSL) to the SNA payload, ensuring that data
is fully encrypted and authenticated.
SSL Encryption and Authentication for EE
EE does not support SSL – it uses UDP rather than the TCP protocol required by SSL.
This means that end-to-end, session-level security is not possible with EE alone.
In addition, without the ZEN EE SECURITY SSL feature especially sensitive e-commerce
transactions such as online banking or the replacement of a 3745/SNI inter/intra-company
connection may be vulnerable. For businesses requiring maximum protection for their
legacy applications, the ZEN EE SECURITY SSL feature provides complete data integrity.
Because it enables full SSL encryption and authentication via digital certificates,
the ZEN EE SECURITY SSL feature is a necessity for businesses that:
- want to exchange information securely via EE;
- want to replace secure connections based on IBM’s withdrawn 3745/SNI technology;
- want to secure EE at the branch level.
ZES removes restrictions associated with UDP and EE
Multiple IP Stack Support for EE
Primarily for network traffic isolation (security) reasons, some z/OS sites deploy
multiple IP stacks in a single LPAR. IBM’s Communications Server allows VTAM to
communicate with multiple IP stacks concurrently but unfortunately EE can only use
one IP stack per LPAR at a time. This restriction imposes limitations on a company’s
preferred network topography.
ZEN EE SECURITY provides a very simple and low-cost solution to the EE ‘Multiple
Stack’ restriction. The ZEN EE SECURITY Multi-Stack feature allows ZEN EE SECURITY
to route EE traffic between IP stacks. This feature requires very little configuration
and can be deployed quickly. No changes to existing IP stack configurations are
necessary so existing security standards are not compromised.
The ZEN EE SECURITY Multi-Stack feature also allows session partners to be authenticated
via the optional ZEN EE SECURITY Digitial Certificate feature.
ZEN EE SECURITY Features
- Eliminates potential conflicts with firewalls: no UDP packets traverse the network
- Only encrypted packets leave the mainframe
- Minimizes the use of system resources
- Enables industry-standard SSL/TLS encryption
- Supports IBM's AT-TLS network security feature
- Supports industry-standard authentication via digital certificates
- Enables EE usage in multiple-IP-stack/single LPAR environment
- Secures your network over a variety of network and OS configurations
- Supports all EE supported platforms (Windows, AIX, Linux etc)