LU Security: Protecting APPC/MVS Logical Units

Before APPC applications can communicate, you must define logical units (LUs) to VTAM®. You define the LUs to VTAM by coding VTAM APPL statements, as described in Planning Sessions. The LUs represent nodes, or points of entry into the network; each transaction program is associated with an LU.

As the point of entry for APPC communications into your system, an LU might require special protection. There are several steps you can take to protect APPC/MVS LUs from unauthorized access:
  • Specifying security keywords on VTAM APPL statements

    You can include security information on the VERIFY and SECACPT keywords of the APPL statement to make VTAM verify LU-to-LU session requests and accept default levels of conversation security between LUs

  • Allowing LU-to-LU security verification with APPCLU profiles

    For each LU on MVS, you can specify the partner LUs with which it can hold sessions, through a session key that VTAM verifies. And for each pair of LUs, you can specify the levels of security that you will allow on conversations that cross their sessions.

  • Controlling the use of VTAM ACBs

    You can ensure that an LU is defined to VTAM from the APPC address space only, using RACF® VTAMAPPL profiles.

Parent topic: Setting up Network Security