IBM Z Hardware and Operating Systems Ideas Portal
This is the public portal for all IBM Z Hardware and Operating System related offerings. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).
Shape the future of IBM!
We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:
Search existing ideas
Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,
Post your ideas
Post an idea.
Get feedback from the IBM team and other customers to refine your idea.
Follow the idea through the IBM Ideas process.
Specific links you will want to bookmark for future use
Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.
IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.
ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.
Second the support for up to date encryption. (AT-TLS?)
"preferably at AES128" doesn't seem to be up to date, I would prefer HMAC-SHA2 encryption.
Approaching this from a different direction, I would like to suggest another possibility.
Could you perhaps eliminate SNMP and replace it with NMIs. That would eliminate any SNMPv1 traffic (and SNMPv3 for that matter). It would also help my sanity as SNMPv3 is a bear to understand and configure.
Thankyou.
Due to processing by IBM, this request was reassigned to have the following updated attributes:
Brand - Servers and Systems Software
Product family - z Systems Software
Product - z/OS Communications Server
For recording keeping, the previous attributes were:
Brand - WebSphere
Product family - Enterprise Networking
Product - z/OS Communications Server
In the most recent update from IBM there is a request for more information ( we would like more information on your need or concern for encrypting this traffic ). Here is my response.
What I'm trying to do here, with this request, is to eliminate as much SNMPv1 as possible. I still need SNMPv1 configured in snmpd.conf for the subagents. If I could get rid of it entirely then I could prevent any access whatsoever via SNMPv1 (I'm currently using Target_Address to constrain access).
Another option to consider, would be to eliminate SNMP entirely and just use Network Management APIs to obtain the information currently provided by SNMP.
Thankyou.
In the most recent update from IBM there is a request for more information ( we would like more information on your need or concern for encrypting this traffic ). Here is my response.
What I'm trying to do here, with this request, is to eliminate as much SNMPv1 as possible. I still need SNMPv1 configured in snmpd.conf for the subagents. If I could get rid of it entirely then I could prevent any access whatsoever via SNMPv1 (I'm currently using Target_Address to constrain access).
Another option to consider, would be to eliminate SNMP entirely and just use Network Management APIs to obtain the information currently provided by SNMP.
Thankyou.
The network traffic between the agent and subagent should all be local, meaning it never leaves the TCP/IP stack. Since this traffic will not be placed onto the network we would like more information on your need or concern for encrypting this traffic. The traffic would only be accessible via packet trace or data trace on the TCP/IP stack where the agent and subagents are running. Typically the packet trace and data trace are restricted to administrative roles and do not present an exposure to unencrypted data.