If you are satisfied with the security of your existing configuration, you can continue to use community-based security with no migration. If you would like to take advantage of USM or VACM, or if you have some SNMP managers that use SNMPv3, you will need to migrate your configuration. Note that USM can be used only when both the SNMP agent and the manager requesting the data support USM, as the z/OS® Communications Server SNMP agent and the snmp command do. VACM can be used even for community-based requests, but doing so requires migration of existing community name and trap destination definitions in PW.SRC and SNMPTRAP.DEST to SNMPD.CONF.
Even if your managers continue to be community-based, there are important advantages to migrating your PW.SRC information to SNMPD.CONF format:
The following tables list the advantages and disadvantages of using each type of security.
SNMPv1/SNMPv2c advantages | SNMPv3 disadvantages |
---|---|
Widely implemented on many platforms. | Not yet implemented on many platforms. |
Easy to configure. | More robust configuration options. |
SNMPv1/SNMPv2c disadvantages | SNMPv3 advantages |
---|---|
Legacy standards-based administrative model. | New standards-based administrative model. |
SNMPv1 and SNMPv2c allow particular IP addresses to access all data or no data. | SNMPv3 allows a particular user to access particular data. |
Not very robust (password sent in PDU). | Robust (data integrity and data origin authentication). |
Any user that can read data can also change the data (for objects defined as read-write). | The ability to change data can be limited to specific users. |
No data confidentiality. | Encryption available. |
Configuration changes require restarting of SNMP agent. | Configuration changes for USM and VACM can be made dynamically, either locally or remotely. |
For more information about security, see Creating user keys.