DRDA Level 3 introduced support for TCP/IP connections. DB2 hosts that support DRDA Level 3 or later can use either the SNA LU 6.2 or TCP/IP network transport protocols, as described in Host and Network Connections.
DRDA Level 3 also provided for enhanced security with support for DRDA authentication security mechanisms. DRDA Level 3 allows encryption flows to both TCP/IP and APPC hosts. When StarPipes is supporting encrypted security, it passes the encrypted flows to the DB2 host unchanged.
For clients and hosts that support DRDA Level 3 or later, an encrypted user ID and password can be sent in the security check (SECCHK) command to the security manager rather than in the SNA conversation.
To support encrypted DRDA flows to an SNA network, the DB2 host must be configured to accept SNA conversation requests with SECURITY(NONE). To help avoid security exposures you may want to:
configure dedicated LUs to support conversations with this minimal level of security. With Session-Level Security configured between the local and remote LUs, each LU-LU partner uses a unique key to authenticate each other.
Restrict the applications that are allowed to attach to a Local LU that is configured to allow flows to pass with SECURITY(NONE). For example, you might restrict use of the Local LU to STARPIPES.
The procedures for implementing security differ depending on the version of DB2 that you are using and the operating system and network protocol being used. Refer to the IBM documentation for your DB2 system for details about implementing security. For example, if you are running DB2 for z/OS v8, the DB2 UDB for z/OS V8 Administration Guide (SC18-7413-04), may be particularly useful.