Re: FTPS v. SFTP, there are pros and cons to almost everything in IT. One more "pro" with FTPS is that many customers have implemented FTP already in various operationally complex ways -- scripts, exits, monitors, whatever, whatever. Flipping on the TLS/SSL "switch" changes little if anything that way, and we all know that avoiding breakage is a good instinct to have.
I'm also told that security geeks tend to prefer FTPS if they have a choice, at least when "discussing" such things in the back halls of security conferences. And FTPS has the option to encrypt the control channel but leave the transport channel unencrypted to ease the crypto burden for those who are (overly?) sensitive to such things. I don't know whether IBM will even offer that option, but for servicing an operating system that makes sense in the abstract. You definitely want to make sure what you're getting is authentic and verified as coming from IBM and from no one else, you want your own access credentials kept confidential, and you want payloads tested for authenticity, integrity, and fidelity. But you probably don't particularly care if someone else also sees that multi-site distributed code en route. That said, if you don't like FTPS, it isn't the only option. IBM also offers a path called Download Director for z/OS servicing. And of course SFTP is fully supported on z/OS for other purposes. -------------------------------------------------------------------------------------------------------- Timothy Sipples Consulting Enterprise IT Architect (Based in Singapore) E-Mail: sipp...@sg.ibm.com ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
