Securely Isolating and Segmenting Traffic across Shared OSA Ports
Project and Program:
Enterprise Data Center,
Security and Compliance
Tags:
Proceedings,
SHARE in Anaheim 2011,
2011
Implementing security on the mainframe is a "hot topic." But people are confused about the topic of security, because it encompasses much more than encryption or providing access control lists. It can also apply to separating traffic that must be secured from traffic that is available to anyone. And this is where the idea of isolating portions of the network from other parts of the network comes into play. However, if you are sharing OSA ports among multiple system images -- one of the strengths of the System z -- how can you isolate (or segment) one type of traffic from another over that shared port? A famous set of Security Mandates (Payment Card Industry mandates - "PCI") even touts the benefits of network segmentation as follows:
"Adequate network segmentation, which isolates systems that store, process, or transmit cardholder data from those that do not, may reduce the scope of the cardholder data environment."
This session explains shared OSA ports in terms of Virtual LANs, port isolation, routing capabilities to show how you can make a single port securely carry traffic that must be kept private while transporting other traffic that is public.
Presenter(s): Gwen Dente, IBM Corporation
Back to Proceedings File Library