Network Considerations

WebSphere for z/OS supports access to resources by clients and servers in a distributed network.

In a distributed network:

Authorize servers to the base operating system services in z/OS. These services include CA Top Secret security, database management, and transaction management.
For the servers, distinguish between:
- Control regions. These run authorized system code, so they are trusted.
- Server regions. These run application code and are given access to resources, carefully consider the authorizations you give server regions.
Distinguish between the level of authority given to run‑time servers compared to your own application servers. For example, the System Management server needs the authority to start other servers, while your own application servers do not need this authority.
Authorize clients (users) to servers and objects within servers. The characteristics of each client requires special consideration:
- Is the client on the local system or is it remote? The security of the network becomes a consideration for remote clients.
- Will you allow unidentified (unauthenticated) clients to access the system? Some resources on your system can be intended for public access, while others must be protected. In order to access protected resources, clients must establish their identities and have authorization to use those resources.
- What kind of objects will the client access? Enterprise beans and CORBA objects have differing authorization mechanisms.