BMC AMI Connector for Illumio

Automatically micro-segment mainframe workloads and enforce enterprise traffic policies.

OVERVIEW

Lateral movement on the mainframe is difficult to spot and contain. BMC AMI Enterprise Connector for Illumio gives teams real-time visibility into traffic and enforces micro-segmentation—reducing risk without changing your mainframe architecture.

View datasheet

Gain real-time visibility

Get a clear, continuous view of mainframe TCP/IP communication across LPARs, complete with context around dependencies and potential risks. With visibility into traffic patterns, teams can monitor activity, detect unusual behavior, and make informed security decisions faster. 

  • Send mainframe metadata to Illumio PCE via REST API

    Automatically transmit real-time connection data—including IP addresses, ports, and protocols—from z/OS systems to Illumio’s Policy Compute Engine for centralized monitoring.

  • Integrate with Illumio’s application maps

    Feed mainframe traffic details into existing dependency maps to reveal how workloads interact across the enterprise and identify which connections introduce risk.

  • Deliver traffic insight across the enterprise

    Gain a clear picture of how mainframe systems communicate with distributed environments, helping teams analyze patterns, limit exposure, and support micro-segmentation efforts.

play

Apply automated network micro-segmentation

Define and enforce precise access controls across mainframe workloads—without relying on native firewall rules. By coordinating with Illumio’s broader segmentation strategies, you reduce unnecessary communication pathways and shrink the blast radius of lateral movement. 

  • Download Illumio ACLs and convert them to z/OS PAGENT files

    Automatically pull access control lists from Illumio and translate them into mainframe-compatible formats, so access policies can be enforced directly within z/OS.

  • Support full or selective enforcement through the PCE

    Choose to apply rules across all workloads or only specific segments, giving teams flexibility to roll out controls at their own pace.

  • Filter at the workload level without native firewall dependency

    Apply access rules to individual applications or services running on the mainframe—no need to configure or rely on built-in firewall features.

Contain threats quickly

Stop unauthorized traffic before it spreads across the mainframe. By controlling lateral communication in real time, you limit the ability of silent breaches to move undetected and strengthen enterprise-wide response efforts. 

  • Automatically reject connections not defined in policy

    Instantly block any traffic that isn’t explicitly allowed, helping to prevent attackers from gaining a foothold or moving between workloads.

  • Encrypt approved in-transit communication to meet compliance needs

    Protect sensitive data as it travels between systems by encrypting traffic that meets policy criteria—helping you stay aligned with internal and external security requirements.

  • Work in sync with BMC and enterprise security workflows

    Connect threat response on the mainframe to broader incident processes, making it easier for teams to detect, contain, and respond using familiar tools and protocols.

Use Cases

Apply Zero Trust Across Your Mainframe Network

Micro-Segmentation

Create granular policy zones within LPARs to limit communications by default.

Threat Containment

Block out-of-policy connections automatically to stop lateral attacks.

Risk-Based Visibility

Combine mainframe telemetry with Illumio mapping for improved situational awareness.

Compliance Enforcement

Ensure regulatory traffic encryption and access control without reconfiguring networks.

Learn how BMC supports you at every turn






Dive deeper

Explore related resources

Infographic

Top Causes of Mainframe Breaches and Their Alarming Frequency

Mainframes are under attack Businesses try to keep their mainframe breaches out of the headlines—but analyst research tells the real story.

Video

BMC AMI Enterprise Connector for Illumio

BMC AMI Enterprise Connector for Illumio integrates BMC AMI and Illumio to automate security policy management, provide real-time communication, and gain visibility into the entire network, minimizing...