Configuring security on a monitoring server on z/OS

How security verification is controlled depends upon the operating system on which the hub is installed. A hub monitoring server running on z/OS® validates user IDs and passwords using either the product-provided security feature, Network Access Method (NAM), or one of several system authorization facility (SAF) products.

The monitoring server supports secure password encryption through the Integrated Cryptographic Service Facility (ICSF). The ICSF provides a robust encryption and decryption scheme for stored passwords and is the preferred method of password encryption. (If you do not use ICSF, the monitoring server uses a less secure encryption method.) ICSF uses symmetric secret keys for encrypting and decrypting data. For instructions on setting the password encryption key on a z/OS monitor server with the PARMGEN method, see the comments in the KCIJVSEC (if system variables are enabled) or KCIJPSEC (if system variables are not enabled) member of the rhilev.rte.WKANSAMU library.

In addition to validating user IDs and passwords, a z/OS monitoring server can be configured to redirect Take Action commands to IBM Z® NetView for authorization and execution. IBM Z NetView uses the Tivoli Enterprise Portal user ID to check command authorization. If the user ID is authorized, the command is issued and the response is logged in the IBM Z NetView log.

The topics in this section provide instructions for the following security configuration tasks. For information on setting up security on a hub on a distributed system, see IBM Tivoli Monitoring: Installation and Setup Guide. Some monitoring agents might require additional security configuration; see the configuration documentation for the monitoring agent.