Abstract: Secure communications are provided over a network in a distributed workload environment having target hosts which are accessed through a distribution processor by a common network address. Secure communications are provided by routing both inbound and outbound communications with target hosts which are associated with a secure network communication through the distribution processor. Both inbound and outbound secure network communications are processed at the distribution processor so as to provide network security processing of communications from the target host and network security processing of communications to the target host.

Abstract: Methods, systems and computer program products provide for recovering from the failure of a primary distribution processor which provides secure communications over a network in a distributed workload environment having target hosts which are accessed through the primary distribution processor by a common network address. Information sufficient to restart communications through the primary distribution processor utilizing network security is provided to a backup distribution processor. Failure of the primary distribution processor is detected and the communications utilizing network security restarted at the backup distribution processor utilizing the provided information. Both inbound and outbound communications with target hosts utilizing the common network address and which are associated with a secure network communication are then routed through the backup distribution processor.

Abstract: Methods, systems and computer program products provide Internet Protocol Security (IPSec) to a plurality of target hosts in a cluster of data processing systems which communicate with a network through a routing communication protocol stack utilizing a dynamically routable Virtual Internet Protocol Address (DVIPA) for communications from the plurality of target hosts by negotiating security associations (SAs) associated with the DVIPA utilizing an Internet Key Exchange (IKE) component associated with the routing communication protocol stack and distributing information about the negotiated SAs to the target hosts so as to allow the target hosts to perform IPSec processing of communications to the network utilizing the negotiated SAs. Communications to the network are IPSec processed utilizing the distributed information at communication protocol stacks at respective ones of the plurality of target hosts.

Abstract: The present invention provides a method, system, and computer program product which enables changing user credentials that are used to access legacy host applications and/or systems which provide legacy host data during a secure host access session which is authenticated using a digital certificate and is protected by a host-based security system, such as RACF (Resource Access Control Facility, a product offered by the IBM Corporation), where these changed credentials are used to authenticate a user after previously-provided credentials have been used for authentication earlier in the same session. The changed credentials may belong to the same user, where that user happens to have a different user ID and/or password for different legacy host applications and wishes to change from accessing one legacy host application to accessing another. Or, the changed credentials may be used to enable a different user to interact with the same legacy host application used by the previously-authenticated user.

Abstract: Methods, systems and computer program products provide for transferring network security based communications from a first distribution processor, which provides secure communications over a network in a distributed workload environment having target hosts which are accessed through the first distribution processor by a common network address, to a second distribution processor. Information sufficient to restart the transferred network security based communications at the second distribution processor is provided. Takeover of the common address by the second distribution processor is detected and existing network security based communications to the first distribution processor are terminated. The transferred communications are restarted at the second distribution processor utilizing the provided information. Both inbound and outbound network security based communications with target hosts utilizing the common network address are routed through the second distribution processor.

Abstract: The present invention provides a method, system, and computer program product for enabling a user to provide a single system sign-on for accessing one or more legacy host applications and/or one or more systems which provide legacy host data (such as legacy database systems) during a secure host access session which is authenticated using a digital certificate and is protected by a host-based security system, such as RACF (Resource Access Control Facility, a product offered by the IBM Corporation), where the same set of credentials must be provided more than once during the secure session. The subsequent provision of the credentials may be transparent to the user, and does not require change to existing legacy applications or systems.