|100-second glimpse of zERT: http://ibm.biz/zerttotherescue
Our last few blog entries have described the new z/OS Encryption Readiness Technology (zERT) features of z/OS Communications Server V2R3. In this edition, let’s recap a few of the points and cover a few important considerations to keep in mind as you plan your zERT deployment.
1. zERT can generate very large volumes of zERT Connection Detail (SMF 119 subtype 11) records, depending on the number of connections supported by your z/OS system.
2. zERT monitors TCP and Enterprise Extender traffic. All other IP protocols are unmonitored.
7. TCP traffic protected by cryptographic protocol providers that are not enabled for zERT (OpenSSL, other SSH implementations, etc.) will only be reported through stream observation, which has the following limitations:
8. There are a small number of System SSL applications that cannot be monitored and are therefore reported as being unprotected. These are applications that:
9. In certain mixed-release sysplex environments, some IPSec-related attributes will not be available for reporting.
zERT provides the raw data for unprecedented insight to the cryptographic protection of your z/OS network traffic. So the next time you are asked “which traffic is protected” or “how is our traffic protected,” look to zERT to provide the answers!