|
|
Secure SLL and TLS connections to the mainframe with the Viaserv TCP/IP Secure Tunnel Processor.
|
 |
The Viaserv TCP/IP Secure Tunnel Processor supports use of SSL/TLS protocols to secure inbound and outbound TCP/IP connections by VSE and z/OS applications that were developed using unsecured socket APIs. This function is new in ViaSQL for VSE and z/OS Version 4.5.5. It will be referred to as the Secure Tunnel Processor for the remainder of this document.
The Secure Tunnel Processor was developed primarily to enable secured connections between ViaSQL components running on the LAN and the VSE or z/OS host. While there are some features of the Secure Tunnel Processor that are specific to ViaSQL processing, it can also be configured to support non-ViaSQL connections.
The Secure Tunnel Processor operates as a TCP/IP pass-through service. Source connections are accepted on a listener port and then paired with a new target connection to the desired host and port. SSL/TLS protocols can be configured for use on the source connections only, on target connections only, on both connections, or neither. Target connections are further configured to support either static connections or dynamic connections.
If static connections are configured, the remote host and port information for the target connection are defined by the Secure Tunnel Processor configuration and all source connections processed by that Secure Tunnel Processor instance will be directed to the specified remote host and port.
If dynamic connections are configured, the client application must provide the target connection's remote host and port in the first data sent through the source connection. The client application is thus able to dynamically specify a different remote host and port be used for the each target connection.
The Secure Tunnel Processor is written primarily in C. On VSE, it runs in a dedicated partition - on z/OS, it runs in a dedicated address space. Configuration parameters that control Secure Tunnel Processor operation may be provided in PARM values on the EXEC JCL statement or via input statements read through SYSIPT on VSE or SYSIN on z/OS.
|
|
