You can use one or both of the following methods for z/OS® Load Balancing Advisor security:
The Advisor can control which load balancers and which Agents are allowed to connect to it by maintaining an access control list. The access control list specifies the remote IP address of the connecting load balancers and the remote IP address and port of the Agents that are allowed to connect.
Specify the list of load balancers that are allowed to connect to the Advisor in the lb_id_list statement. Specify the list of Agents that are allowed to connect in the agent_id_list statement.
You can establish policies using the z/OS Policy Agent so that the Agents, ADNR, or both are required to use TLS/SSL through AT-TLS for connections to the Advisor, and load balancers are required to use TLS/SSL.
When you are using AT-TLS for all connections to the Advisor, the Advisor's lb_id_list and agent_id_list statements and the Agents' host_connection statements are optional. If you use these statements, the rules for access control list configuration statements still apply. AT-TLS is an alternative to using these statements, but you can still specify the statements. If you specify these statements and you are using AT-TLS, the statements are not required to match on the Advisor. For example, if an Agent connects using AT-TLS, the Advisor allows the connection to succeed even if the agent_id_list statement does not list that Agent.