z/OS Encryption Readiness Technology (zERT) aggregation
z/OS® V2R3 Communications Server, introduced a new function called z/OS Encryption Readiness Technology (zERT). With zERT, the TCP/IP stack acts as a focal point in collecting and reporting the cryptographic security attributes of IPv4 and IPv6 application traffic that is protected using the TLS/SSL, SSH, and IPSec cryptographic network security protocols. The collected connection level data is written to SMF in SMF 119 subtype 11 records.
In certain environments, the volume of SMF 119 subtype 11 records can be large. z/OS V2R3 Communications Server, with APAR PI83362, provides the zERT aggregation function. The zERT aggregation function provides an alternative SMF view of the collected security session data. This alternate view is written in the form of new SMF 119 subtype 12 records that summarize the use of security sessions by many application connections over time and which are written at the end of each SMF interval. This alternate view condenses the volume of SMF record data while still providing all the critical security information.
No restrictions beyond those described for the zERT Discovery function that was initially provided with z/OS V2R3 Communications Server.
| Task/Procedure | Reference |
|---|---|
|
Plan for collection and storage of zERT summary SMF records and decide whether or not you want to discontinue collection of zERT connection detail records. |
|
|
Enable the zERT aggregation function. |
GLOBALCONFIG statement in z/OS Communications Server: IP Configuration Reference |
|
If you want zERT summary records to be available in the System Management Facility data sets or log streams, specify SMFCONFIG TYPE119 ZERTSUMMARY. |
|
|
If you want zERT summary records to be available to a real-time NMI application:
|
|
| Display zERT aggregation configuration settings | Netstat CONFIG/-f report in z/OS Communications Server: IP System Administrator's Commands |