John, you forgot to say X-Posted! I answered on the TCP list but I suspect the main dialog will end up being here. Here X-Posted is what I wrote on the TCP list.
The whole point of AT-TLS is that it all just happens automagically (the z/OS end only). I'm not an expert on AT-TLS but to a great extent TLS is TLS. (I have also totally forgotten what was and was not in V1R12.) They are going to have to pretty much drive the thing. They are going to have to set up Orion to be a TLS server. Possibly they have already done that for other clients? They will need to give you a CA certificate (either from a well-known CA such as DigiCert, or a home-grown CA, which may well be adequate) that you will then install in a keyring in RACF. They need to tell you their requirements. Your higher-ups may have a problem in that the encryption that V1R12 supports is probably "inadequate" by current standards. (Whether that is a real problem or not is a different discussion, assuming it is not the NSA or the KGB that has an interest in your ABENDs. But it may be a problem for the pointy-heads.) Hmmm. Did anyone think to mention that staying on V1R12 might be a security exposure? (Just zinging you. Sorry.) Charles -----Original Message----- From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of John McKown Sent: Monday, July 20, 2020 9:28 AM To: [email protected] Subject: Encrypting z/OS SNMP traps to Windows SNMP server This is a new requirement from the higher ups in our new owning company. We are still on z/OS 1.12, so I don't have any new fancy stuff. We use CA-OPS/MVS to trap "abend" messages from the CA-7 Browse log. We send these messages to an Solar Winds "Orion" SNMP server so that it can interface with CA Service Desk to automatically open Service Desk tickets. This is all on internal (Data Center) LAN. But it is "server to server" by the standards of our new masters and so it MUST be encrypted or we must stop doing it. I have been trying to read up on AT/TLS, but it is totally over my head. I don't really know anything about IP encryption. Or Windows people are also ignorant of IP encryption on z/OS (of course). -- People in sleeping bags are the soft tacos of the bear world. Maranatha! <>< John McKown ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
