IBM Systems magazine, Mainframe - November/December 2019 - 39

Chris Meyer // IBM Senior Technical Staff Member

ASK
THE
EXPERT

Q: When should I use zERT
Discovery, zERT Aggregation or
the zERT Network Analyzer?

W

ith z/OS* Encryption Readiness Technology (zERT),
z/OS network security administrators have a powerful toolkit
for discovering, recording and analyzing the cryptographic protection
attributes of TCP/IP and Enterprise
%0&É ÈÉ$Ãc%%dÃ&$Ä®ÃÇÃ&Ä&Ã&É$ Ä&É%Ã
on their local z/OS systems. Unpro&ÉÇ&ÉÈÃ&$Ä®ÃÇÃ%ÃÄ%!Ã$É"!$&ÉÈN
zERT Discovery collects TLS/SSL,
IPsec and SSH protection attributes
of each TCP and EE connection and
writes them to SMF or real-time
monitoring applications over a Network Management Interface (NMI)
as SMF type 119 subtype 11 "zERT
Connection Detail" records. At least
one such record is generated for
each TCP and EE connection.
zERT Aggregation tracks repeated use of security sessions during
an SMF interval, noting each
session's protection attributes and

how many connections it protected during that interval. When the
interval ends, zERT Aggregation
writes one SMF type 119 subtype 12
"zERT Summary" record for each
session to SMF or real-time monitoring applications via its own NMI.
The zERT Network Analyzer is
a z/OSMF plugin that reads SMF
119-12 records from SMF dump
data sets and stores the data in a
Db2* for z/OS database, allowing
authorized users to build and execute their own queries against that
data. Query results are displayed in
the web browser or are written to a
Ç!ÄI%É"Ä$Ä&ÉÈI(Ä'ÉÃc#36dîÃÉNÃÃÃ
For many, the zERT Network
Analyzer provides all of the analytic capabilities you'll need. If
you don't use another product that
supports zERT data, and if you use
Db2 for z/OS, consider using the
network analyzer.

Several IBM and ISV products
for SMF processing and z/OS
network monitoring support zERT
data. Multiple products use one or
both zERT NMI services. If you use
any of these products, enable the
appropriate real-time NMI service
! Ã&ÉÃ4#0)0Ã"$!®ÃÉÃ.%4-/.)4/2Ã
statement.
IBM zSecure Audit V2.3 reads
zERT records in real time, but
does so through an SMF logstream
exit, so you must enable TCPIP
profile SMFCONFIG TYPE119
parameters for whichever records
you want it to handle. zSecure Audit can also feed zERT SMF 119-11
data to IBM QRadar.
Other products consume both
zERT record types from SMF. For
these, enable the appropriate
"Ä$ÄÉ&É$%Ã! Ã&ÉÃ4#0)0Ã"$!®ÃÉÃ
SMFCONFIG TYPE119 statement.
Also consider the audience for
each product you use. For example, you might have QRadar, but
can your z/OS network security administrators use it? Different users
may need to use different tools.
Finally, many clients write their
own tools to collect and process
SMF data. For them, SMF 119-12
records are a great starting point.
These records contain the critical cryptographic detail, usually
in far fewer records than SMF
119-11s. If you need to correlate
per-connection data with other
types of records, or if you need
some of the non-critical details that
only SMF 119-11 records contain,
then collect those records instead.
You can collect both types if you
have the need. Ensure you properly
estimate the amount of space you'll
need to store the records per your
SMF collection guidelines.
For more information on zERT,
see ibm.co/2Ne0t23.
Chris Meyer is an IBM senior
technical staff member.

IBMSYSTEMSMAG.COM NOVEMBER/DECEMBER 2019 | 39


https://www.ibm.com/developerworks/community/blogs/IBMCommserver/entry/Things_you_should_know_about_zERT1?lang=en http://www.IBMSYSTEMSMAG.COM

IBM Systems magazine, Mainframe - November/December 2019

Table of Contents for the Digital Edition of IBM Systems magazine, Mainframe - November/December 2019

Table of Contents
Editor's Desk: Keeping up to date
Currents: University introduces a new program to develop mainframe skills
Currents: On the web
Currents: Shattering the glass ceiling: Female pioneers in tech history
Partner POV: Secure IBM Z application access with multifactor authentication, endpoint management and more
Cover Story: Next-Gen Security and Resiliency for Hybrid Multicloud: The IBM z15 provides the cloud you want with the privacy you need
Feature 1: Move on up: The IBM Client Advocacy and Systems Assurance team and the RevitaliZ program help keep clients up to date with the latest IBM Z technology
Feature 2: A Closer Look at the 2018 Master the Mainframe Winners: Past winners talk about their experiences with the contest
TECH Showcase: Why pervasive encryption on IBM Z is the gold standard in data protection
Techbits: How has quantum computing evolved?
Techbits: Ask the expert: zERT Discovery, zERT Aggregation and zERT Network Analyzer
Beyond the Box: Mark Nelson maintains tradition as director of the IBM Mid-Hudson Valley Club Chorus
Reference Point - Global Events, Education, Resources for Power Systems
2019 Mainframe Solutions Edition Product Index
IBM Systems magazine, Mainframe - November/December 2019 - Intro
IBM Systems magazine, Mainframe - November/December 2019 - Cover1
IBM Systems magazine, Mainframe - November/December 2019 - Cover2
IBM Systems magazine, Mainframe - November/December 2019 - 1
IBM Systems magazine, Mainframe - November/December 2019 - 2
IBM Systems magazine, Mainframe - November/December 2019 - 3
IBM Systems magazine, Mainframe - November/December 2019 - 4
IBM Systems magazine, Mainframe - November/December 2019 - 5
IBM Systems magazine, Mainframe - November/December 2019 - Editor's Desk: Keeping up to date
IBM Systems magazine, Mainframe - November/December 2019 - 7
IBM Systems magazine, Mainframe - November/December 2019 - Currents: University introduces a new program to develop mainframe skills
IBM Systems magazine, Mainframe - November/December 2019 - CT1
IBM Systems magazine, Mainframe - November/December 2019 - CT2
IBM Systems magazine, Mainframe - November/December 2019 - Currents: On the web
IBM Systems magazine, Mainframe - November/December 2019 - Currents: Shattering the glass ceiling: Female pioneers in tech history
IBM Systems magazine, Mainframe - November/December 2019 - 11
IBM Systems magazine, Mainframe - November/December 2019 - Partner POV: Secure IBM Z application access with multifactor authentication, endpoint management and more
IBM Systems magazine, Mainframe - November/December 2019 - 13
IBM Systems magazine, Mainframe - November/December 2019 - 14
IBM Systems magazine, Mainframe - November/December 2019 - 15
IBM Systems magazine, Mainframe - November/December 2019 - Cover Story: Next-Gen Security and Resiliency for Hybrid Multicloud: The IBM z15 provides the cloud you want with the privacy you need
IBM Systems magazine, Mainframe - November/December 2019 - 17
IBM Systems magazine, Mainframe - November/December 2019 - 18
IBM Systems magazine, Mainframe - November/December 2019 - 19
IBM Systems magazine, Mainframe - November/December 2019 - 20
IBM Systems magazine, Mainframe - November/December 2019 - 21
IBM Systems magazine, Mainframe - November/December 2019 - Feature 1: Move on up: The IBM Client Advocacy and Systems Assurance team and the RevitaliZ program help keep clients up to date with the latest IBM Z technology
IBM Systems magazine, Mainframe - November/December 2019 - 23
IBM Systems magazine, Mainframe - November/December 2019 - 24
IBM Systems magazine, Mainframe - November/December 2019 - 25
IBM Systems magazine, Mainframe - November/December 2019 - 26
IBM Systems magazine, Mainframe - November/December 2019 - 27
IBM Systems magazine, Mainframe - November/December 2019 - Feature 2: A Closer Look at the 2018 Master the Mainframe Winners: Past winners talk about their experiences with the contest
IBM Systems magazine, Mainframe - November/December 2019 - 29
IBM Systems magazine, Mainframe - November/December 2019 - 30
IBM Systems magazine, Mainframe - November/December 2019 - 31
IBM Systems magazine, Mainframe - November/December 2019 - 32
IBM Systems magazine, Mainframe - November/December 2019 - TECH Showcase: Why pervasive encryption on IBM Z is the gold standard in data protection
IBM Systems magazine, Mainframe - November/December 2019 - 34
IBM Systems magazine, Mainframe - November/December 2019 - 35
IBM Systems magazine, Mainframe - November/December 2019 - 36
IBM Systems magazine, Mainframe - November/December 2019 - Techbits: How has quantum computing evolved?
IBM Systems magazine, Mainframe - November/December 2019 - 38
IBM Systems magazine, Mainframe - November/December 2019 - Techbits: Ask the expert: zERT Discovery, zERT Aggregation and zERT Network Analyzer
IBM Systems magazine, Mainframe - November/December 2019 - Beyond the Box: Mark Nelson maintains tradition as director of the IBM Mid-Hudson Valley Club Chorus
IBM Systems magazine, Mainframe - November/December 2019 - Cover3
IBM Systems magazine, Mainframe - November/December 2019 - Cover4
IBM Systems magazine, Mainframe - November/December 2019 - Reference Point - Global Events, Education, Resources for Power Systems
IBM Systems magazine, Mainframe - November/December 2019 - 2019 Mainframe Solutions Edition Product Index
IBM Systems magazine, Mainframe - November/December 2019 - SE2
IBM Systems magazine, Mainframe - November/December 2019 - SE3
http://www.ibmsystemsmagmainframedigital.com/mspcomm/ibmsystemsmag/ibmsystems_mainframe_20201112
http://www.ibmsystemsmagmainframedigital.com/mspcomm/ibmsystemsmag/ibmsystems_mainframe_20200910
http://www.ibmsystemsmagmainframedigital.com/mspcomm/ibmsystemsmag/ibmsystems_mainframe_20200708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20200506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20200304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20200102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/2020mfse
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20191112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20190910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20190708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20190506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20190304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/relevantz_20190102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/2019mfse
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20190102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20181112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20180910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20180708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20180506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20180304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20180102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/2018mfse
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20171112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20170910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20170910_v2
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20170708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20170506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20170304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_sesupp
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20170102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_linuxsupp
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20161112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/MainframeSecurity
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20160910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20160708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20160506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20160304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20160102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20151112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20150910_se
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20150910
http://www.ibmsystemsmagmainframedigital.com/MFSkills
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20150708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20150506_supp
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20150506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20150304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20150102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20141112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20140910_v2
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20140910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20140708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_gt_201405
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/BigData
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20140506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20140304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20140102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20131112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20130910_v2
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20130910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20130708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20130506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20130304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20130102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20121112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/buyersguide2013
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20120910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20120708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20120506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20120304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20120102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/ibmsystems_mainframe_2012bg
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20111112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20110910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20110708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20110506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20110304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20110102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20101112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20100910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20100910_bg
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20100708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20100506
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20100304
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20100102
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20091112
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20090910
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20090708
http://www.ibmsystemsmagmainframedigital.com/nxtbooks/ibmsystemsmag/mainframe_20090506
https://www.nxtbook.com/nxtbooks/ibmsystemsmag/mainframe_20090304
https://www.nxtbookmedia.com