A security exit is provided as one of the facilities of INMC (Inter-Network Management Connection). This provides security for the connections between domains.
The security exit is coded as an assembler language exit routine. An exit must exist in each of the domains that are being linked. The exits are installed with the following components:
This allows each end of an INMC link to determine independently whether a link should be activated, without having to depend on cooperation from the remote domain in order to enforce the decision.
These components are described in more detail in the following sections.
The INMC primary exit decides whether a newly opened INMC link to a remote domain should be made available for general traffic. The secondary exit is not involved in this decision.
In order to pass control to the exit to make this decision the following calls are made by INMC to the exit:
For every piece of data sent by the primary exit, there is always a response from the secondary exit. This response can be one of the following:
If any protocol errors occur, a hang or stalemate condition might occur between the primary and secondary exits. Care, therefore, must be taken when designing the flow of information between the exit pairs and the rules defined for the various parameter lists passed to the exits must be adhered to.
The function of the secondary exit is to act solely as a respondent to any messages received from the primary exit in the remote domain. The secondary exit has no power to recommend activation or closure of the link.
Calls made to the secondary exit are as follows:
This call allows the secondary exit to end cleanly and tidy up any allocated resources.