The IBM z/OS Application Transparent Transport Layer Security (AT-TLS) facility uses SSL data encryption to secure z/OS TCP/IP applications. For more information on AT-TLS, refer to the IBM publication z/OS Communications Server: IP Configuration Guide, and see information on the AT-TLS Policy Agent information in the IBM publication z/OS Communications Server: IP Configuration Reference.
Securing ELS client/server communications between SMC and HSC/VTCS is described in the Oracle white paper Using AT-TLS with HSC/SMC Client/Server z/OS Solution: Implementation Example. This white paper is published on the Oracle Technical Network in the Tape Storage Products section. Refer to this publication for detailed configuration information.
To secure ELS with AT-TLS, Oracle recommends using any of these SSL cryptographic algorithms:
SHA-2 family (SHA-256, SHA-384, SHA-512)
AES >= 128-bit
RSA >= 2048-bit
Diffie-Hellman (DH) >= 2048-bit
ECC >= 256-bit
Any other SSL cryptographic algorithms provide weaker protection and should not be used with ELS.
Note:
The StorageTek Virtual Library Extension (VLE) appliance for VSM does not currently support AT-TLS communications. Do not secure ELS VLE communications with AT-TLS.