Internet Protocol Security Architecture for DDM and DRDA

 

Internet Protocol Security Architecture (IPSec) is a security protocol in the network layer that provides cryptographic security services. These services support confidential delivery of data over the Internet or intranets.

On the i5/OS^® operating system, IPSec, a component of the virtual private networking (VPN) support, allows all data between two IP addresses or port combinations to be encrypted, regardless of application (such as DRDA^® or DDM). You can configure the addresses and ports that are used for IPSec. IBM^® suggests using port 447 for IPSec for either DRDA access or DDM access.

Use of any valid password along with IPSec does not in general satisfy the requirement imposed by specifying PWDRQD(*ENCRYPTED) on the Change DDM TCP/IP Attributes (CHGDDMTCPA) command at the system, because the application (DRDA or DDM) is not able to determine if IPSec is being used. Therefore, you should avoid using PWDRQD(*ENCRYPTED) with IPSec.

 

Parent topic:

Elements of security in a TCP/IP network

 

Related concepts

Secure Sockets Layer for DDM and DRDA
Virtual Private Networking (VPN)
Considerations for certain passwords being sent as clear text

 

Related reference

Change DDM TCP/IP Attributes (CHGDDMTCPA) command