IBM z/OS Server User Manual


 
63
Advanced System Automation
The unique and rich functions of IBM Tivoli System Auto-
mation for OS/390 (SA OS/390) Version 2.2 (separately
orderable) can ease z/OS management, reduce costs, and
increase application availability. SA OS/390 automates I/O,
processor, and system operations, and includes “canned”
automation for IMS, CICS, Tivoli OPC, and DB2. Its focus
is on Parallel Sysplex automation, including multi- and
single-system confi gurations, and on integration with end-
to-end Tivoli enterprise solutions. With the new patented
manager/agent design, it is now possible to automate
applications distributed over a sysplex by virtually remov-
ing system boundaries for automation.
System Services benefi ts can include:
Increased system availability
Improved productivity of system programmers
A more consistent approach for confi guring z/OS com-
ponents or products
System setup and automation using best practices
which can greatly improve availability
Security Services
z/OS Version 1 Release 6 base elements and components
Integrated Security Services
include:
- Public Key Infrastructure Services
- DCE Security Server
- Open Cryptographic Enhanced Plug-ins
- Firewall Technologies
- LDAP Services
- Network Authentication Service
- Enterprise Identity Mapping
Cryptographic Services
- Integrated Cryptographic Service Facility (ICSF)
- System SSL
- Open Cryptographic Service Facility
z/OS Version 1 Release 6 optional priced features
Security server:
- RACF
z/OS Version 1 Release 6 optional no-charge features
z/OS Security Level 3 which includes:
- LDAP Security Level 3
- Network Authentication Service Level 3
- System SSL Security Level 3
- Open Cryptographic Services Facility Security Level 3
z/OS extends its robust mainframe security features to
address the demands of on demand enterprises. Tech-
nologies such as LDAP, Secure Sockets Layer (SSL),
Kerberos V5, Public Key Infrastructure, and exploitation of
zSeries cryptographic features are available in z/OS.
RACF
Resource Access Control Facility (RACF) provides the
functions of authentication and access control for z/OS
resources and data, including the ability to control access
to DB2 objects using RACF profi les. Using an entity known
as the RACF user ID, RACF can identify users requesting
access to the system. The RACF user password (or valid
substitute, such as a RACF PassTicket or a digital certifi -
cate) authenticates the RACF user ID.
Once a user is authenticated, RACF and the resource
managers control the interaction between that user
and the objects it tries to gain access to. These objects
include: commands, datasets, programs, tape volumes,
terminals and objects that you defi ne. RACF supports fl ex-
ibility in auditing access attempts and changes to security
controls. To audit security-relevant events, you can use the
RACF system management unload utility and a variety of
reporting tools.