Overview of Advanced Message Security interception on message channels

On z/OS®, Advanced Message Security (AMS) interception enhances the existing offering by adding an additional option of security policy protection (SPLPROT) to sender, server, receiver, and requester channels.

Currently, using the example of a clearing house communicating with a bank, both sides of the system need to support AMS, as shown in Figure 1.

Diagram showing that currently, both sides of the system require AMS enabled. — Figure 1. Current usage of AMS

A key benefit of the additional option is, that if your enterprise has AMS configured, and not all of your business partners support AMS, you can remove protection from outbound messages and protect inbound messages on channels to and from those business partners that do not support AMS.

Using the example of a clearing house and banks, this scenario is shown in Figure 2, where there is a message flow between the clearing house, banks, and business partners where some institutions have AMS, and others do not.

Diagram showing message flow between business partners, where one partner has AMS and the other does not — Figure 2. Some partners support AMS and some do not

Typically the channels are TLS enabled.

However, there might be a case where some banks and business partners do not support AMS, and there is a requirement to be able to exchange messages between all banks and business partners. This scenario is shown in Figure 3

Diagram showing the situation where business partners communicate with one another and not all of these partners have AMS. — Figure 3. Message flow between business partners