BNA Access Control Features

BNA uses network services and distributed systems services to enable the interconnection of multiple hosts to form a network.

BNA Network Services

Within the BNA Network Services, node access control exists on three levels:

  • The link layer level

  • The router level

  • The port level

BNA Node Access Control Levels describes each type of node access control.

Table 33. BNA Node Access Control Levels

The level . . .

Provides the . . .

Link Layer

Connection between nodes and the physical links to neighboring nodes. The link layer level is the lowest level in the network.

Router

Logical connection from each node to other nodes in the network, regardless of whether the physical connection between two nodes is direct or is made through other nodes.

At the router level, control of access to a node by the other nodes is provided with BIAS (Integrated Adaptive-Routing System) and hop counts.

BIAS enables you to assign a resistance factor to the links and nodes in a network with the NW LINKRESISTANCE and NW NODERESISTANCEFACTOR Operations Interface commands.

In BNA, a hop is a direct connection between two nodes of a data network. A hop count is the number of links over a network path.

With the NW MAXHOPCOUNT Operations Interface command, you can designate a maximum hop count for each node in a network.

Port

Reliable transfer of messages from a sender to a receiver. It is the end of the communication path between communicating processes.

Message security at the port level is provided by port file attributes. File attributes that are supported by port files and that are used to control access are APPLICATIONGROUP, SECURITYTYPE, and YOURUSERCODE.


General Considerations

For a node to become part of a BNA network when validation is in effect, one or more of the other nodes must grant it access to at least the first two node access levels (link layer level and router level).

At the link layer level and at the port level, access is granted only after the target node receives a designated password from the node requesting access.

Validation

  • Of neighbor nodes can be required at the link layer level.

  • Of all nodes in the network can be required at the router level.

  • At the router and port levels is based on a host name/node-address pair.

When validation is required, only designated host name/node-address pairs are permitted access to the next level.

Checking

  • Starts at the lowest level, and if checking fails at any level, access to the next higher level is denied.

  • Is based on node passwords that are sent when a node is established as a member of the network and, optionally, on the host name/node-address pair that identifies a node.

BNA Distributed Systems Services

At the distributed systems services level, BNA provides users and programs with the features, such as file transfer, needed to operate in a distributed processing environment.

This level also provides security checking for those features.

Prev  Up  Next
BNA Network Security Features  Home  Identification in a BNA Network