Planning a high-security environment with ETO

ETO enhances the security of your IMS system. You can customize the ETO security features for your installation needs.

For example, you can customize exit routines that apply to both static terminals and ETO dynamic terminals.

The ETO security features allow you to control each of the following:
  • The physical connection of terminals to IMS.
  • User signon to IMS.
  • Output to users or nodes.
  • Message queuing to users. You can customize message queuing two ways:
    • Automatically allocate an LTERM to a user that you identify at signon
    • Use the Destination Creation exit routine (DFSINSX0)
  • Command and transaction security, by using RACF® (or an equivalent SAF-compliant security product).

Static versus dynamic terminals

You define static terminals during system definition to associate an LTERM with a particular physical terminal. Any user at a terminal can receive output messages that are queued for that terminal, regardless of whether signon is required for that terminal.

The major benefit of ETO is that dynamic LTERMs (output message queues) are managed separately from the terminals and are assigned to a user name. The user can obtain output only after signing on. This dynamic LTERM-to-user association is maintained until the user signs off, and it remains after signoff if IMS does not delete the user structure.