What's New in This Release
In this release of Sterling Connect:Direct® for z/OS®, and its related software, several features have been added to enhance functionality, some features have been updated, and some have been removed. The following sections describe these changes in more detail.
New features added to this release
- IBM® High Speed Add-on for Connect:Direct now provides support for z/OS. This functionality uses a new network transport, FASP(TM) (Fast and Secure Protocol), to transfer files over high bandwidth and high latency network connections by working in conjunction with IBM Sterling Secure Proxy 3.4.3 or greater. Please see PTF UI36302 for additional information. To support this new highest tier of performance, a Connect:Direct High Speed Add-on license must be purchased and new parameters must be set in Connect:Direct z/OS.
- Support for zFBA (fixed block architecture) has been added to exploit the zDDB feature of the DS8000 series control unit. See Using zFBA for File Transfer in the in the System Administration Guide for more information.
- A new SESSION.HIGHWATER.SMF parameter has been added to enhance monitoring and recording of Session Highwater mark by generating SMF data. This is a feature of Product ID 5655-X09 to better record and manage simultaneous sessions. For more information see Global Initialization Parameters
- Support for Extended Addressing Volume (EAV) has been added. See Sterling Connect:Direct for z/OS EAV support for more information.
- zEDC hardware compression has been added to exploit the Enterprise Data Compression Express accelerator feature, of the EC12 and BC12 hardware. See Using zEDC withSterling Connect:Direct in the System Administration Guide for more information.
- Support for RACF Password Phrases up to 64 characters in length has been added. See the Security Planning section in the Configuration Guide for more information.
- Introduces the DEFAULT.PERMISS initialization parameter. You can use this parameter to define default file permissions for HFS/zFS UNIX files. For more information, see Global Initialization Parameters in IBM Sterling Connect:Direct for z/OS Administration Guide.
Existing features updated in this release
- Enhanced support for zIIP exploitation has been added to provide more user control over what Sterling Connect:Direct for z/OS workloads are eligible for the zIIP processor. See Global Initialization Parameters and the Process Copy Statements for more information.
- A new version of zlib for Extended Compression has been added that provides an increased performance benefit over previous versions.
- Enhanced tracing has been added to provide additional data on version and release information. This allows IBM Support to better service the product.
- The SMF ID is now written to statistics (CT, RT, PT, and ZT records).
- Support for TLS1.1 and TLS 1.2 protocols has been added to Sterling Connect:Direct Secure Plus, and support for Security policies SP800131-a and Suite B Profiles, in addition to enhanced administration tools and an improved user experience.
Features removed from this release
The Station-to-Station (STS) protocol is a cryptographic key agreement scheme based on classic Diffie- Hellman that provides mutual key and entity authentication. IBM is ending support for the STS (Station-to-Station) protocol in the Connect:Direct family of products beginning with version 5.2 for z/OS and Distributed Platforms. This corresponds to Connect:Direct Windows 4.7, Connect:Direct Unix 4.2, and Connect:Direct i5/OS 3.8.
Why is STS being removed?
As computing power increases many security standards are moving towards stronger encryption. STS does not support the strongest encryption algorithms. The closed nature of the standard prevents the addition of stronger encryption, and puts IBM at risk if any vulnerabilities are found in the future. In a risk situation, IBM would be unable to take corrective action and still support STS.
What are the alternatives?
The Connect:Direct family currently supports several alternatives to STS. In addition, Connect:Direct 5.2 (this release) brings new support for TLS 1.1, TLS1.2, FIPS suite B, and several other major encryption and security features.
If you require the STS protocol, you must remain on the most recent release according to the following table. End of support has not been determined for these versions and customers will be given with a minimum one year notice.
Operating System Last Version with STS Support z/OS 5.1.1 Windows 4.6.1 UNIX 4.1 i5/OS 3.7