IBM z/OS manual Racf enhancements, Multilevel Security

Page 64

With one command, a security administrator can update remote RACF databases without logging on to remote sys- tems. Throughout the enterprise, RACF commands can be sent automatically to synchronize multiple databases. In addition, RACF can automatically propagate RACF data- base updates made by applications. With RACF, users can keep passwords synchronized for specifi c user IDs. When you change one password, RACF can change passwords for your user ID on different systems and for several user IDs on the same system. Also, passwords can be changed automatically for the same user ID on different systems. This way, several RACF databases can be kept synchro- nized with the same password information.

RACF enhancements:

Digital Certifi cates can be automatically authenticated without administrator action.

Administrative enhancements enable defi nition of pro- fi les granting partial authority. Handling of new pass- words and removal of class authority are simplifi ed.

On demand applications require a way to associate more users under a RACF Group defi nition, so RACF allows the creation of a new kind of Group that can con- tain an unlimited number of users.

RACF now allows you to perform RACF installation class updates without an IPL, which can help improve avail- ability

RACF facilitates enterprise password sychronization through RACF password enveloping and notifi cation of password changes using z/OS LDAP

Improved user accountability through RACF’s enforce- ment of unique z/OS UNIX UIDs and GIDs

Improved access control fl exibility and granularity for z/OS UNIX fi les with access control lists

Multilevel security support

Multilevel Security

z/OS 1.5 is the fi rst and only IBM operating system to pro- vide Multilevel Security. This technology can help improve the way government agencies and other organizations share critical classifi ed information. Combined with IBM’s DB2 UDB for z/OS Version 8, z/OS provides multilevel security on the zSeries mainframe to help meet the strin- gent security requirements of government agencies and

nancial institutions, and can help open up new hosting opportunities. Multilevel security technology allows IT administrators to give users access to information based on their need to know, or clearance level. It is designed to prevent individuals from accessing unauthorized informa- tion and to prevent individuals from declassifying informa- tion.

With multilevel security support in IBM’s z/OS 1.5 and DB2 V8, customers can enable a single repository of data to be managed at the row level and accessed by individuals based on their need to know.

SSL

Secure Socket Layer (SSL) is a public key cryptography- based extension to TCP/IP networking which helps to ensure private communications between parties on the Internet. z/OS provides fast and highly secure SSL sup- port, with increased performance when coupled with zSeries server cryptographic capabilities.

64

Image 64
Contents IBM zSeries 990 and z/OS Reference Guide Table of Contents ZSeries Overview What does an on demand company look like?To huge increases in user activity Tools for Managing e-businessArchitecture Architecture Operating System SupportIBM zSeries TionBase Ratio Z990 Design and Technology MultiChip Module is the technology cornerstone for Z990 Models Z990 Family ModelsZ990 and IBM On/Off Capacity on Demand Model Upgrades Z990 and z900 Performance Comparison Z990 I/O SubSystem Z990 Cage LayoutGreater than 15 Logical Partitions LP Physical Channel IDs PCHIDs SubSystemZ990 Channels and I/O Connectivity Logical Channel SubSystem Lcss SpanningIC Channel Spanning Up to 1024 Escon ChannelsInterSystem Channel-3 ISC-3 Integrated Cluster Bus-2 ICB-2Integrated Cluster Bus-3 ICB-3 Integrated Cluster Bus-4 ICB-4Ficon Express Channel Card Features Fibre Channel ConnectivityPerformance Flexibility Three channel types supportedShared infrastructure Native Ficon ChannelsFicon CTC function Ficon ConnectivityFicon Support for Cascaded Directors Ficon Bridge Channel FCP ChannelsOpen Systems Adapter-Express Features OSA-Express FCP Full fabric connectivityZ990 OSA-Express 1000BASE-T Ethernet OSA-Express Integrated Console ControllerQueued Direct Input/Output Qdio Z990 OSA-Express Gigabit EthernetZ990 OSA-Express Token-Ring NON-QDIO operational modeServer to User connections IPv6 Support Lpar Support of OSA-ExpressPerformance enhancements for virtual servers HiperSockets LCSS0 LCSS1HiperSockets Network Concentrator Cryptography Z990 Capacity Upgrade on Demand CUoD AvailabilityZSeries Security Certification Cryptography Plan Ahead and Concurrent ConditioningZ990 Server Capacity BackUp CBU Z990 Server Customer Initiated Upgrade CIU Concurrent MaintenanceAdvanced Availability Functions Transparent SparingConcurrent Memory Upgrade Concurrent Capacity Backup Downgrade CBU UndoParallel Sysplex Cluster Technology Coupling Facility Configuration Alternatives System-Managed CF Structure Duplexing Parallel Sysplex Coupling Connectivity Z990 Theoretical Maximum Coupling Link Speed OptionsIntelligent Resource Director IRD ScopeDynamic Channel Path Management Lpar CPU ManagementChannel Subsystem Priority Queuing Page Geographically Dispersed Parallel Sysplex HyperSwap Geographically Dispersed Parallel Sysplex Gdps Enhancements Page Page Parallel Sysplex FacilitiesNo single point of failure Components and assumptionsLinux on zSeries Z990 Support for LinuxIBM Middleware Tivoli Access Manager for Operating Systems Version Linux Distribution Partners VM Version 4 and VersionIntegrated Facility for Linux IFL OSA-Express Ethernet for LinuxHiperSockets Fibre Channel Protocol FCP channel Support for LinuxCryptographic Support for Linux ZSeries 990 Family Configuration DetailLinux Support Cryptographic Features OSA-Express FeaturesProcessor Unit Assignments Processor MemoryZ990 Frame and I/O Configuration Content Planning for I/O General InformationPhysical Characteristics Z990 Power/Heating/Cooling System Power Consumption kWZ990 Dimensions System Cooling Air Flow Rate CFMCoupling Facility CF Level of Support Fiber-Optic Cabling and System ConnectivityFiber-optic jumper cabling package Integrated system services OS.e ZSeries Application Assist ProcessorBit Support OS ScalabilityAutomation Support System Services Sense and Respond with Workload ManagerWLM Improvements for WebSphere Data Management with DfsmsSystem Management Services CICS/VSAM enabled for 24x7 availabilityJES2 and JES3 Console Enhancements EnhancementsSecurity Services Advanced System AutomationRacf enhancements Multilevel SecurityLdap PKI Services FirewallApplication Enablement Services Network Authentication ServiceLanguage Environment Java UnicodeCommunication Services Rexx FunctionsDynamic Virtual IP Address Takeover Sysplex DistributorIntrusion Detection Services IDS HiperSocketsOS Unix HighlightsDistributed Computing Services Unix System Services benefits can includeZSeries File System zFS Distributed File Services DFS Server Message Block Internet ServicesPrint Services Infoprint CentralIntegrated Testing Softcopy Publications SupportLibrary Center PublicationsInstallation Considerations OS 1.4 and 1.5 are supported on the following IBM serversOS 1.6 is supported on the following IBM servers Migration/CoexistenceMigration, installation and customization Enhancements ZSeries Bimodal Support for z/OSWizards Order z/OS through the InternetVM Version 3 VM Version 4 Exploiting New Technology Systems Management Application Enablement Networking with z/VMPage Engine-based Value Unit Pricing VM Version 5Enhancements in z/VM V5.1 include Network Virtualization and Security Technology ExploitationSystems Management Improvements To learn more