Hi, my name is Elizabeth Noel, and I’m here to talk to you about AT-TLs or application transparent TLS. System SSL provides a series of C and C++ API’s that allow programmers to protect their application data using the TLS or otherwise known as SSL protocol. However, if you’d like to take advantage of the TLS protocol with little or no coding changes to your applications AT-TLS provides you with a mechanism of doing so. AT-TLS is a component of the TCP/IP stack which uses System SSL to apply TLS protection to specific application traffic based on policies that you have configured. These policies can specify things like local or remote address, port numbers, connection direction or even something like time of day, so say for example we set up a policy that says I want to protect all incoming traffic on local address 22.214.171.124 on port 25000 The AT-TLS policy is also going to define TLS parameters such as protocol version, cipher suites, and the location of the key ring being used in the connection and so forth. Eventually these parameters are going to be used to call the system SSL API’s. As traffic comes in on the TCP/IP stack the stack compares the details of that traffic to the AT-TLS policy that you’ve defined. So say you have a connection coming in from remote address 126.96.36.199. on port 43564 to local address 188.8.131.52 on port 25000. Because the stack is found a match based on this policy It’s going to apply the TLS parameters that you have defined to call System SSL API’s under the covers. This means that once you have your policy configured for AT-TLS you don’t have to worry about the specifics of the implementation of TLS. But keep in mind that while you don’t have to code the API’s into your application directly you still have to look at your AT-TLS policy to ensure that it’s configured to the appropriate security levels. I hope this has given you a high level understanding of AT-TLS and how it interacts with System SSL. I encourage you to look into AT-TLS in greater detail because it provides a lot of additional functionality that I haven’t gone into in this video. Thank you for watching. Enterprise Knights of IBM Z – providing educational insights to the security and integrity of our platform.