IBM z/OS manual Advanced System Automation, Security Services

Page 63

Advanced System Automation

The unique and rich functions of IBM Tivoli System Auto- mation for OS/390 (SA OS/390) Version 2.2 (separately orderable) can ease z/OS management, reduce costs, and increase application availability. SA OS/390 automates I/O, processor, and system operations, and includes “canned” automation for IMS, CICS, Tivoli OPC, and DB2. Its focus is on Parallel Sysplex automation, including multi- and single-system confi gurations, and on integration with end- to-end Tivoli enterprise solutions. With the new patented manager/agent design, it is now possible to automate applications distributed over a sysplex by virtually remov- ing system boundaries for automation.

System Services benefi ts can include:

Increased system availability

Improved productivity of system programmers

A more consistent approach for confi guring z/OS com- ponents or products

System setup and automation using best practices which can greatly improve availability

Security Services

z/OS Version 1 Release 6 base elements and components

Integrated Security Services include:

-Public Key Infrastructure Services

-DCE Security Server

-Open Cryptographic Enhanced Plug-ins

-Firewall Technologies

-LDAP Services

-Network Authentication Service

-Enterprise Identity Mapping

Cryptographic Services

-Integrated Cryptographic Service Facility (ICSF)

-System SSL

-Open Cryptographic Service Facility

z/OS Version 1 Release 6 optional priced features

Security server:

- RACF

z/OS Version 1 Release 6 optional no-charge features

z/OS Security Level 3 which includes:

-LDAP Security Level 3

-Network Authentication Service Level 3

-System SSL Security Level 3

-Open Cryptographic Services Facility Security Level 3

z/OS extends its robust mainframe security features to address the demands of on demand enterprises. Tech- nologies such as LDAP, Secure Sockets Layer (SSL), Kerberos V5, Public Key Infrastructure, and exploitation of zSeries cryptographic features are available in z/OS.

RACF

Resource Access Control Facility (RACF) provides the functions of authentication and access control for z/OS resources and data, including the ability to control access to DB2 objects using RACF profi les. Using an entity known as the RACF user ID, RACF can identify users requesting access to the system. The RACF user password (or valid substitute, such as a RACF PassTicket or a digital certifi - cate) authenticates the RACF user ID.

Once a user is authenticated, RACF and the resource managers control the interaction between that user and the objects it tries to gain access to. These objects include: commands, datasets, programs, tape volumes, terminals and objects that you defi ne. RACF supports fl ex- ibility in auditing access attempts and changes to security controls. To audit security-relevant events, you can use the RACF system management unload utility and a variety of reporting tools.

63

Page 62 Page 64
Image 63
Page 62 Page 64
Contents IBM zSeries 990 and z/OS Reference Guide Table of Contents What does an on demand company look like? ZSeries OverviewTools for Managing e-business To huge increases in user activityArchitecture Operating System Support ArchitectureTion IBM zSeriesBase Ratio Z990 Design and Technology MultiChip Module is the technology cornerstone for Z990 Family Models Z990 ModelsZ990 and IBM On/Off Capacity on Demand Model Upgrades Z990 and z900 Performance Comparison Z990 Cage Layout Z990 I/O SubSystemPhysical Channel IDs PCHIDs SubSystem Greater than 15 Logical Partitions LPUp to 1024 Escon Channels Z990 Channels and I/O ConnectivityLogical Channel SubSystem Lcss Spanning IC Channel SpanningIntegrated Cluster Bus-4 ICB-4 InterSystem Channel-3 ISC-3Integrated Cluster Bus-2 ICB-2 Integrated Cluster Bus-3 ICB-3Flexibility Three channel types supported Ficon Express Channel Card FeaturesFibre Channel Connectivity PerformanceNative Ficon Channels Shared infrastructureFicon Connectivity Ficon CTC functionFicon Support for Cascaded Directors FCP Channels Ficon Bridge ChannelFCP Full fabric connectivity Open Systems Adapter-Express Features OSA-ExpressOSA-Express Integrated Console Controller Z990 OSA-Express 1000BASE-T EthernetZ990 OSA-Express Gigabit Ethernet Queued Direct Input/Output QdioNON-QDIO operational mode Z990 OSA-Express Token-RingServer to User connections Lpar Support of OSA-Express IPv6 SupportPerformance enhancements for virtual servers LCSS0 LCSS1 HiperSocketsHiperSockets Network Concentrator Cryptography Plan Ahead and Concurrent Conditioning Z990 Capacity Upgrade on Demand CUoDAvailability ZSeries Security Certification CryptographyZ990 Server Capacity BackUp CBU Transparent Sparing Z990 Server Customer Initiated Upgrade CIUConcurrent Maintenance Advanced Availability FunctionsConcurrent Capacity Backup Downgrade CBU Undo Concurrent Memory UpgradeParallel Sysplex Cluster Technology Coupling Facility Configuration Alternatives System-Managed CF Structure Duplexing Parallel Sysplex Coupling Connectivity Options Z990 Theoretical Maximum Coupling Link SpeedIRD Scope Intelligent Resource DirectorLpar CPU Management Dynamic Channel Path ManagementChannel Subsystem Priority Queuing Page Geographically Dispersed Parallel Sysplex HyperSwap Geographically Dispersed Parallel Sysplex Gdps Enhancements Page Page Facilities Parallel SysplexComponents and assumptions No single point of failureZ990 Support for Linux Linux on zSeriesIBM Middleware Tivoli Access Manager for Operating Systems Version OSA-Express Ethernet for Linux Linux Distribution PartnersVM Version 4 and Version Integrated Facility for Linux IFLFibre Channel Protocol FCP channel Support for Linux HiperSocketsZSeries 990 Family Configuration Detail Cryptographic Support for LinuxLinux Support Processor Memory Cryptographic FeaturesOSA-Express Features Processor Unit AssignmentsGeneral Information Z990 Frame and I/O Configuration Content Planning for I/OSystem Cooling Air Flow Rate CFM Physical CharacteristicsZ990 Power/Heating/Cooling System Power Consumption kW Z990 DimensionsFiber-Optic Cabling and System Connectivity Coupling Facility CF Level of SupportFiber-optic jumper cabling package Integrated system services ZSeries Application Assist Processor OS.eOS Scalability Bit SupportAutomation Support Sense and Respond with Workload Manager System ServicesData Management with Dfsms WLM Improvements for WebSphereCICS/VSAM enabled for 24x7 availability System Management ServicesJES2 and JES3 Enhancements Console EnhancementsAdvanced System Automation Security ServicesMultilevel Security Racf enhancementsLdap Firewall PKI ServicesNetwork Authentication Service Application Enablement ServicesLanguage Environment Unicode JavaSysplex Distributor Communication ServicesRexx Functions Dynamic Virtual IP Address TakeoverHiperSockets Intrusion Detection Services IDSHighlights OS UnixUnix System Services benefits can include Distributed Computing ServicesZSeries File System zFS Internet Services Distributed File Services DFS Server Message BlockInfoprint Central Print ServicesPublications Integrated TestingSoftcopy Publications Support Library CenterMigration/Coexistence Installation ConsiderationsOS 1.4 and 1.5 are supported on the following IBM servers OS 1.6 is supported on the following IBM serversZSeries Bimodal Support for z/OS Migration, installation and customization EnhancementsOrder z/OS through the Internet WizardsVM Version 3 VM Version 4 Exploiting New Technology Systems Management Networking with z/VM Application EnablementPage VM Version 5 Engine-based Value Unit PricingEnhancements in z/VM V5.1 include Technology Exploitation Network Virtualization and SecuritySystems Management Improvements To learn more
Top Page Image Contents