Professional Documents
Culture Documents
31 W445ngsc415443
31 W445ngsc415443
Considerations
Slow line.
Data Compression Examples: The following examples
illustrate how some of the considerations for data com- Processor and storage resources are available. Other-
pression may influence the configuration of APPC data com- wise, a lower compression level (LZ10, LZ9, or RLE)
pression. Use these examples to identify the considerations may be used.
that are appropriate in your environment. Do not use the
values shown without considering their effect in your environ- Resulting Compression Levels: The compression level is
ment. negotiated and the minimum level is selected.
A to B LZ9
Example 1. Slow Line: System A and B are both config-
B to A RLE
ured to request compression.
┌───┐ 12ðð bps ┌───┐
│ A ├────────────┤ B │ Example 3. Slow Line, Yet Another Solution: System A
└───┘ └───┘ is configured to request compression if the line speed
Network Network
Attributes Attributes between A and B is 2400 bps or less. It is configured to
allow compression if the line speed between A and B is
DTACPR=\REQUEST DTACPR=\REQUEST greater than 2400 bps. System B is configured to allow com-
pression.
Mode Mode
┌───┐ 12ðð bps ┌───┐
DTACPR=\NETATR DTACPR=\NETATR │ A ├────────────┤ B │
INDTACPR=\LZ12 INDTACPR=\LZ1ð └───┘ └───┘
OUTDTACPR=\LZ12 OUTDTACPR=\LZ1ð Mode Mode
DTACPR=24ðð DTACPR=\ALLOW
INDTACPR=\LZ1ð INDTACPR=\LZ12
Considerations OUTDTACPR=\LZ1ð OUTDTACPR=\LZ9
Slow line.
Processor and storage resources are available. Other- Considerations
wise, a lower compression level (LZ10, LZ9, or RLE)
may be used. Slow line.
Processor and storage resources are available. Other-
Resulting Compression Levels: The compression level is wise, a lower compression level (LZ10, LZ9, or RLE)
negotiated and the minimum level is selected. may be used.
A to B LZ10 Resulting Compression Levels: The compression level is
B to A LZ10
negotiated and the minimum level is selected.
A to B LZ10
Example 2. Slow Line, Another Solution: System A is B to A LZ9
configured to request compression and System B is config-
ured to allow compression.
┌───┐ 12ðð bps ┌───┐ Example 4. Fast Line: System A and B are both config-
│ A ├────────────┤ B │ ured to allow compression.
└───┘ └───┘ ┌───┐ 16M bps ┌───┐
Mode Mode │ A ├────────────┤ B │
└───┘ └───┘
DTACPR=\REQUEST DTACPR=\ALLOW Mode Mode
INDTACPR=\LZ1ð INDTACPR=\LZ12
OUTDTACPR=\LZ9 OUTDTACPR=\RLE DTACPR=\ALLOW DTACPR=\ALLOW
DTACPR=\REQUEST DTACPR=\REQUEST
INDTACPR=\NONE INDTACPR=\LZ1ð Considerations
OUTDTACPR=\LZ1ð OUTDTACPR=\NONE 19200 bps line speed.
Processor and storage resources are available.
Considerations
Off-shift large file transfers from System B to System A.
Slow line.
Note: Additional modes may be needed to handle unique
More data is sent from System A to System B than from
compression needs.
System B to System A. The level of compression speci-
fied on the OUTDTACPR parameter on System A maps Resulting Compression Levels
to the level specified on the INDTACPR parameter on
System B. A to B (Mode 1) LZ9
B to A (Mode 1) LZ9
Processor and storage resources are available.
A to B (Mode 2) LZ9
B to A (Mode 2) LZ12
Resulting Compression Levels
A to B LZ10
B to A None
APPC Security Considerations The security level is a system value (QSECURITY) that can
be set with the Change System Values (CHGSYSVAL)
There are four aspects of security for an AS/400 system, a command or from the configuration menu as part of an initial
System/38, and a System/36 communicating with each other program load (IPL) of the system. The change takes place
using APPC and APPN: after the next IPL of the system.
Physical security surrounding the systems, modems,
For more information on security levels, see the Security -
communication lines and display stations that can be
Reference manual.
configured in the line description and used in the route
selection process
Location security that verifies the identity of other Physical Security
systems in the network
You are responsible for the physical security of your system
User ID security that verifies the identity and rights of when you specify *NONE for the location password
users to issue commands on their local system and (LOCPWD) parameter during APPC configuration. In this
remote systems case, the AS/400 system does not validate the identity of a
Resource security that controls user access to partic- remote system when a session is being established.
ular resources, such as confidential databases However, you can still use application level security if the
remote system supports it, for example, if the remote system
Only security for communications or multiple systems man- is an AS/400 system with security level 20 or above.
agement is discussed in this section. Security needs to be
consistent across all the systems in a network if intersystem
Session Level Security
access is to be controlled and yet not unnecessarily
restricted. Session level security or security on the BIND is achieved
by specifying a password on the LOCPWD parameter during
Location, user ID, and resource security are only possible if
configuration. The AS/400 system uses the password to vali-
the system security level is set at an appropriate level. The
date the identity of the remote system when a session is
AS/400 security levels are explained in more detail in
being established. The password must match the password
“AS/400 Security Levels.”
specified on the remote system or the connection is not
IBM-supplied application programs and user-written applica- allowed. Not all systems support session level security. For
tion programs have different security implementations that example, Series/1 RPS version 7.1 and CICS/VS release 1.6
must be understood. An important issue is what user ID is do not. If the remote system does not support session level
Table 3-5 (Page 1 of 2). Establishing a Session between an AS/400 System and a System/38, System/36, or another AS/400 system.
Remote System/Security Local AS/400 Security Level1
10 >10 (*NONE Specified) >10 (PASSWORD Specified)
AS/400 System
Security = 10 Security not Security accepted3 Fails
accepted
Security >10 (*NONE2) Security not Security accepted Fails
accepted
Security >10 (PASSWORD2) Fails Fails Security accepted if passwords
match
System/38
*NONE Security not Security accepted Fails
accepted
PASSWORD Fails Fails Security accepted if passwords
match
System/36
No password Security not Security accepted4 Fails
accepted
*NULL Security not Security accepted Fails
accepted
PASSWORD Fails Fails Security accepted if passwords
match
Table 3-6. Establishing a Session between a System/36 or System/38 and Another System/36 or System/38
Remote System/ System/381 Location Password System/361 Location Password
Password
*NONE PASSWORD No Password *NULL PASSWORD
System/38
*NONE Security accepted Fails Security not Security accepted Fails
2 accepted
PASSWORD Fails Security accepted Fails Fails Security accepted
if passwords match if passwords
match
System/36
No password Security not Fails Security not Security not Fails
accepted accepted accepted
*NULL Security accepted Fails Security not Security accepted Fails
accepted
PASSWORD Fails Security accepted Fails Fails Security accepted
if passwords match if passwords
match
1 The information under each password location indicates the effect of each password location on session establishment
(BIND).
2 Security accepted indicates that the incoming conversation-level security parameters (user ID and password, or user ID and
already verified indicator without a password) are allowed.
If any of the previous sense codes are received as part of a You should check to verify proper support of the BIND
failure to establish a session, the failure is probably related to request by the non-OS/400 system that received the request.
incorrect support (by the remote non-OS/400 system) of:
Note: The previous sense code explanations are taken from
Password protection the SNA Formatspublication.
Two-phase commit
Full-duplex Examples of Failures - by System
*NONE *NO
All programs that do not send security information are
rejected. This includes IBM-supplied and user written The remote system is not a secure location.
programs.
Security validation that is done by the remote
system is not accepted. SECURITY(SAME) conver-