Any plan for APPC security must begin with the APPC applications that you have installed or plan to install. The applications themselves, and the sensitivity of the data and resources that they use, will dictate the level of security that you need. If the TPs do not involve sensitive data, or if they communicate between two equally trusted systems, you might not need to use any of the APPC security mechanisms. If, however, a TP on MVS uses sensitive data or functions, or processes requests from partner TPs at remote workstations, you might want to activate some or all of the security mechanisms to protect the application.

The APPC applications themselves can provide a basis for security by passing security information on the allocate request that starts the conversation. The system where the inbound TP is located can verify the inbound security information (a combination of user ID, password, and security profile name), can permit or deny the conversation request accordingly and, in the case of MVS, can schedule the inbound TP to run in a security environment based on the inbound security information.