This section gives an overview of ELS software suite and explains the general principles of application security.
ELS provides tape automation support for Oracle StorageTek mainframe tape environments for the following platforms:
IBM z/OS platform. ELS supports a TCP/IP client/server tape automation architecture allowing the SMC client software running on one z/OS LPAR to communicate with the HSC/VTCS server software running on a different z/OS LPAR.
The Fujitsu MSP/EX platform. SMC must execute on every host where tape processing occurs. The ELS server component (HSC/VTCS) may execute on the same MSP/EX host as the SMC, or may execute on a separate, remote host. When SMC and HSC/VTCS reside on different MSP/EX hosts, TCP/IP is used to send requests from the client host to the server host. To receive HTTP requests from a remote SMC client, the HTTP component must be activated on the SMC executing on the server host.
ELS client/server communication is used to issue control path requests, primarily mount/dismount requests, for virtual and physical tape volumes. Information contained in these control path requests consists of TapePlex configuration and policy information, virtual/physical tape transport unit addresses and virtual/physical tape volume serial numbers. Most important, ELS client/server communication never contains any customer data, which always travels over IBM FICON/ESCON data path interfaces connecting host LPARs to Oracle StorageTek tape transports or VSM virtual tape devices.
The information in this Security Guide applies to all ELS releases. As discussed in Part 3 of this guide, it is possible to secure ELS client/server control path communications when such protection is desirable or is required. Additionally, this document discusses security aspects of various ELS installation and post-installation activities.
The following principles are fundamental to using any product securely.
One of the principles of good security practice is to keep all software versions and patches up to date. The latest ELS cumulative maintenance bundle, along with individual PTFs and HOLDDATA, are all available on My Oracle Support (MOS). Cumulative maintenance bundles are updated monthly to include all PTFs from the latest ELS monthly regression test cycle. All the PTFs in a cumulative bundle have been tested together as a complete package. HIPER PTF Email notification is available by subscribing to MOS Hot Topics Alert documents for the ELS products. Customers are encouraged to stay on current maintenance levels, keep HOLDDATA up-to-date and subscribe to Hot Topics Alerts for HIPER notifications.
For performance and security, route ELS control path communications over an isolated network behind a firewall. Using a firewall provides assurance that access to ELS systems is limited to a known network, which can be monitored and restricted if necessary. Using a dedicated network for ELS client/server communications eliminates network contention with other applications and improves tape system performance.
Oracle continually improves its software and documentation. Check for revisions to this Security Guide and all other ELS product documentation on a regular basis. All of the ELS documentation referenced in this document is available on the Oracle Technical Network in the Tape Storage Products section.