Recent changes in regulatory standards have generated wide interest in macro- and micro-segmentation approaches for z/OS network traffic.   While any network segmentation strategy must be compatible with the enterprise network within which IBM Z and z/OS exist, it is important to understand the various physical, virtual, and logical mechanisms IBM Z and z/OS offer for segmenting network traffic.  This newly published presentation introduces the various z/OS segmentation mechanisms and their applicability for macro- or micro-segmentation.    While not covered in the presentation, we've seen at least one vendor product that uses some of these mechanisms to provide a z/OS network segmentation solution.

Note that since each enterprise’s network layout is unique, there is no one-size-fits-all solution to z/OS network segmentation.  As such, this information is not offered as “best practices” guidance.  Rather, it is an inventory of the relevant mechanisms provided by the z/OS platform.  This inventory can serve as a good starting point for your investigation, planning, and eventual design for segmenting your z/OS network traffic in a way that is compatible with your overall enterprise network segmentation scheme.