Overview of IMS Connect security

IMS Connect provides different security options depending on whether a client is accessing IMS DB or IMS TM.

Start of changeIMS DB clients can implement security by using the IMS Connect DB Security user exit routine (HWSAUTH0), a security product such as RACF®, or both. For IMS DB clients, IMS Connect also provides support for RACF PassTickets. For Secure Sockets Layer (SSL) support, IMS DB clients can use IBM® z/OS® Communications Server Application Transparent Transport Layer Security feature (AT-TLS). IMS Connect does not provide SSL support for IMS DB clients.End of change

IMS TM clients can implement security using any combination of the IMS Connect user message exit routines, a user security exit routine, and a security product such as RACF. For IMS TM clients, IMS Connect provides direct support for SSL and support for RACF PassTickets.

For IMS-to-IMS TCP/IP connections, IMS Connect provides optional connection security by using RACF PassTickets.

In an IMS Connect configuration, security can be implemented by using various combinations of the following components:
  • On the client side:
    • The client application
    • The server of the client application
  • IMS Connect
  • A security product, such as RACF
  • For IMS TM connections:
    • The IMS Connect user message exit routines
    • OTMA, including the OTMA Resume Tpipe Security user exit (OTMARTUX)
  • For IMS DB connections, the IMS Connect DB Security user exit routine
  • IMS
  • An IMS exit routine
  • An IMS application program
When you configure IMS Connect, you can enter your security specifications in the following places:
  • HWSCFGxx configuration member
  • The RACF FACILITY class