IBM z/OS User Manual

63

Advanced System Automation

The unique and rich functions of IBM Tivoli System Auto-

mation for OS/390 (SA OS/390) Version 2.2 (separately

orderable) can ease z/OS management, reduce costs, and

increase application availability. SA OS/390 automates I/O,

processor, and system operations, and includes “canned”

automation for IMS, CICS, Tivoli OPC, and DB2. Its focus

is on Parallel Sysplex automation, including multi- and

single-system confi gurations, and on integration with end-

to-end Tivoli enterprise solutions. With the new patented

manager/agent design, it is now possible to automate

applications distributed over a sysplex by virtually remov-

ing system boundaries for automation.

System Services benefi ts can include:

• Increased system availability

• Improved productivity of system programmers

• A more consistent approach for confi guring z/OS com-

ponents or products

• System setup and automation using best practices

which can greatly improve availability

Security Services

z/OS Version 1 Release 6 base elements and components

Integrated Security Services include:

- Public Key Infrastructure Services

- DCE Security Server

- Open Cryptographic Enhanced Plug-ins

- Firewall Technologies

- LDAP Services

- Network Authentication Service

- Enterprise Identity Mapping

Cryptographic Services

- Integrated Cryptographic Service Facility (ICSF)

- System SSL

- Open Cryptographic Service Facility

z/OS Version 1 Release 6 optional priced features

Security server:

- RACF

z/OS Version 1 Release 6 optional no-charge features

z/OS Security Level 3 which includes:

- LDAP Security Level 3

- Network Authentication Service Level 3

- System SSL Security Level 3

- Open Cryptographic Services Facility Security Level 3

z/OS extends its robust mainframe security features to

address the demands of on demand enterprises. Tech-

nologies such as LDAP, Secure Sockets Layer (SSL),

Kerberos V5, Public Key Infrastructure, and exploitation of

zSeries cryptographic features are available in z/OS.

RACF

Resource Access Control Facility (RACF) provides the

functions of authentication and access control for z/OS

resources and data, including the ability to control access

to DB2 objects using RACF profi les. Using an entity known

as the RACF user ID, RACF can identify users requesting

access to the system. The RACF user password (or valid

substitute, such as a RACF PassTicket or a digital certifi -

cate) authenticates the RACF user ID.

Once a user is authenticated, RACF and the resource

managers control the interaction between that user

and the objects it tries to gain access to. These objects

include: commands, datasets, programs, tape volumes,

terminals and objects that you defi ne. RACF supports fl ex-

ibility in auditing access attempts and changes to security

controls. To audit security-relevant events, you can use the

RACF system management unload utility and a variety of

reporting tools.