Sunday, 24 October 2010

Mainframe security

RACF (Resource Access Control Facility) from IBM has been around for so long that I guess we take it for granted. It is one of the “big three” External Security Manager (ESM) products for mainframes. The other two are ACF2 (Access Control Facility 2) and Top Secret, both of which are owned by CA. But, as they like to say on impartial radio and TV programmes, other security products are available!

For example, Alexandria, Virginia-based Type80 ( provides SMA_RT, which functions as a security monitor program product that looks for patterns of abuse and sends real-time alerts. It supports systems environments across multiple CPUs and over geographically diverse locations.

Las Vegas, Nevada-based Vanguard Integrity Professionals ( provides solutions for identity and access management, audit and compliance, security administration, and intrusion detection. For security management there’s Vanguard Administrator, Vanguard Advisor, and Vanguard SecurityCenter. For audit and compliance they provide Vanguard Analyzer, Vanguard incompliance, Vanguard Enforcer, and Vanguard Policy Manager. For access management there’s Vanguard Authenticator, Vanguard ez/SignOn, Vanguard ez/Token, Vanguard Tokenless Authentication, Vanguard ez/Integrator, and Vanguard PasswordReset. And for intrusion detection there’s Vanguard Enforcer (again).

Naples, Florida-based Advanced Software Products Group (ASPG) ( provides a number of data security products including: MegaCryption, its file level encryption tool; ReACT, which automates the password reset and synchronization process; ERQ (Easy RACF Query), its automated ISPF RACF administrative and reporting utility; CryptoMon its ICSF analyser; and Secure/FTP, which provides a full audit trail of all FTP commands that were executed or attempted and offers online monitoring of all active FTP sessions.

While mentioning encryption, IBM has its Integrated Cryptographic Service Facility (ICSF) and a Cryptographic Coprocessor. And, of course, in terms of security, there’s also IBM’s Tivoli zSecure Suite.

Hackensack, NJ-based Bsafe Solutions ( offers: Bsafe/Enterprise Security for MVS TCP/IP for network security; Bsafe/Security for CICS-MVS, providing extended security for DB2, IMS, and VSAM; and Bsafe/Enterprise Security for CICS, providing control of mainframe security from a PC.

Torrance, CA-based Data21 ( has ZIP/390, which enables zSeries batch jobs to send and receive PGP (Pretty Good Privacy) files.

Aliso Viejo, CA-based Quest Software ( has a number of security products that came with its acquisition of PassGo Technologies. Its mainframe security tools include: GoPlex, a full screen interface allowing users to control and view users logged on to any of the PassGo’s MultSess, NC-Access, or NCI/XF products; NC-Pass Network Security Managers, which protect information by directing the user to permitted applications only using their user ID and password; Defender ME uses tokens that provide security – there’s Defender ME VSSE for VTAM Session Security, Defender ME Secure for active network security, and Defender ME Authenticator for almost everything; NC-Syncom provides password synchronization spanning multiple systems, servers, networks, and applications; and NC-Access, a session manager. In addition, for VTAM networks, Quest provides: MultSess, a session manager; and NCI/XF, a programming tool for tailoring, customizing, and extending functionality for 3270 terminals and developing single point of entry VTAM network systems.

There’s definitely other mainframe software products out there, and it’s interesting to see just what is available.

1 comment:

Jim Lampi said...

SDS deals in OSA Monitoring, Enterprise Extender Security, CICS Software & VTAM Software, IBM Mainframe & z/OS Software Networks. For over a quarter-century we have built a reputation for superior, affordable products and reliable technical support.