search cancel

ENH: TLS SUPPORT for SYSLOGD and RVS CONNECTIONS (encryption support in SYSLOG)

book

Article ID: 133094

calendar_today

Updated On:

Products

VM:Operator

Issue/Introduction


 ENHANCEMENT:  ADD TLS SUPPORT FOR SYSLOGD AND RVS CONNECTIONS

Environment

Release : 3.1

Component : CA VM:Operator

Cause

Currently, SYSLOGD data transmission is "clear text" over unsecured socket  connections; RVS data transmission is DES3 encrypted over unsecured socket connections. 


Resolution

CA/Broadcom provided an enhancement that provides support in  VM:Operator to encrypt data and secure TCP socket connections for RVS and SYSLOGD functions using TLS via z/VM TCP/IP System Services. These TCP socket connections are secured by specifying the new TLSLABEL option on the RVS or SYSLOGD configuration record. 

This enhancement is available in VM:Operator PTF SO08021.

Additional Information

Also, VM:Operator PTF SO08479 is a change to the implementation of the TLS support (PTF SO08021) for RVS connections. The original implementation assumed that all defined RVS nodes would use the same TLSLABEL specification (certificate). This was determined to be a potential limitation in the original implementation. Whether you need this additional support or not, you should apply this PTF because it changes the way (where) the TLSLABEL option is specified for each RVS node. The TLSLABEL option has been moved from the RVS VMOPER CONFIG file record to the NODE record in the RVSNODES file.

 Additionally, this PTF addresses some potential RVS hangs during RVS  initialization.