Control, Security, and Monitoring for z/OS FTP Clients and Servers FTP is free, fast, easy to use, and is available on all platforms. That makes FTP a powerful and appealing choice for pervasive use in any organization. But before FTP can provide an enterprise-class solution, significant risks have to be overcome in the areas of Automation & Control, Security, and Auditing and Monitoring The SDS FTP Manager (SFM) overcomes the significant risks of FTP by Automating FTP processes and providing robust control, Removing the security issues, Providing auditing and history records to assure compliance and Providing real-time proactive monitoring to help meet service-level agreements.

Automation--Script FTP in z/OS Batch Jobs with the SFM FTP Control Language

Typically, an outage in FTP operations must be discovered, and then manually handled--often by restarting the entire operation. The costs add up: There's the time lost while discovering the unusable file, the time to re-start FTP, the time to duplicate the transmission.

Now SFM provides a revolution in FTP automation. With SFM's FTP Control Language (FCL) you can conditionally execute FTP commands. Execution of one FTP command can depend on the success of the previous command, or on the server reply, or on the client condition code.

Batch jobs with FCL can conditionally retry a failed transfer, wait before passing to the next FTP command, act on some failures but ignore others, log messages to the system console, and notify the right people by e-mail when automated recovery is not possible.

FCL is simple to implement. It is fully compatible with existing FTP command syntax. Best of all, FCL is implemented at a global level with no risk to existing FTP jobs. You can count on FCL to deliver enhanced FTP with greater predictability, security and performance.

In addition, SFM can log every FTP transfer to the system console, or more likely, every failed transfer, providing means to further control and automation system wide.

Precise Security for FTP Servers and Clients on z/OS

The original FTP model does not include basic security safeguards. Its shortcomings include clear-text transmission of security information, little granularity in access rules, and no audit trail.

The Computer Emergency Response Team (CERT) has documented hundreds of security issues with the use of FTP, many of which represent catastrophic exposures.

SFM addresses FTP's security shortcomings by integrating fully with mainframe SAF security (RACF, ACF2, or TopSecret) and with SSL FTP.

SFM users can secure individual FTP commands. SFM can, for example, allow read access to a data set while preventing its off-site transfer, or allow transfer of sequential files but not JES files.

SFM lets you to treat commands to the z/OS FTP server as secure resources. You can selectively disallow any FTP server command, including individual functions of the powerful SITE command. You can allow FTP users to transfer the files they need, while preventing them from using FTP to snoop around.

Auditing & Monitoring, Complete FTP Traffic Records

Customers, regulators, and business partners hold you accountable for data loss or theft. A growing body of government regulations (Sarbanes-Oxley, Gramm-Leach-Bliley Act, HIPAA) mandate processes for adhering to standards and providing audit trails.

SFM provides a comprehensive end-to-end audit trail through detailed tracking and logging of all FTP transfers and sessions. SFM tells you who transferred what, when, where, how. Was the transfer authorized? Was it successful? SFM answers these questions and more.

SFM comes with standard inquires, such as reporting on the top 10 FTP users, jobs, file sizes, and transfer times, and listing problem sessions, failed transfers, suspect transfers, and failed attempts to log onto a server.

FTP auditors can review every aspect of transfer history, easily getting details for a given system, FTP session, file transfer, or user ID.

While most treat FTP transfers as isolated events, SFM logs entire sessions, so you can see each transfer in context: What lead up to a failed transfer? What other transfers were attempted in same FTP session? You will see your FTP activity in a whole new way.

Summary

FTP use has exploded in the past several years. Unfortunately, FTP might be the biggest threat to your z/OS data infrastructure.

The inherent shortcomings in FTP have costs, seen and unseen, in the areas of security, automation, and visibility.

SDS's new SFM software overcomes serious FTP obstacles by instantly providing:

• Appropriate levels of security across your organization;
• Thorough audit trail to assure compliance;
• Comprehensive workload monitoring and management to ensure that you can meet your business needs.