[z/OS]

Advanced Message Security interception on message channels

On z/OS®, Advanced Message Security (AMS) interception provides an additional option of security policy protection (SPLPROT) to sender, server, receiver, and requester channels, allowing you to support AMS and to communicate with business partners who do not support AMS.

Taking the example of a clearing house communicating with a bank, Figure 1 shows that, without AMS interception, both sides of the system need to support AMS.
Figure 1. Usage of AMS without AMS interception
Diagram showing that without AMS interception both sides of the system require to be AMS enabled.

A key benefit of the AMS interception option is, that if your enterprise has AMS configured, and not all of your business partners support AMS, you can remove protection from outbound messages and protect inbound messages on channels to and from those business partners that do not support AMS.

Using the example of a clearing house and banks, this scenario is shown in Figure 2, where there is a message flow between the clearing house, banks, and business partners where some institutions have AMS, and others do not.
Figure 2. Some partners support AMS and some do not
Diagram showing message flow between business partners, where one partner has AMS and the other does not

Typically the channels are TLS enabled.

However, there might be a case where some banks and business partners do not support AMS, and there is a requirement to be able to exchange messages between all banks and business partners. This scenario is shown in Figure 3
Figure 3. Message flow between business partners
Diagram showing the situation where business partners communicate with one another and not all of these partners have AMS.