VitalSigns for FTP: z/OS Mainframe SFTP, FTP to Mainframe
Precise, Low-Overhead Security for Mainframe FTP Servers and Clients
The original mainframe FTP and FTP to mainframe model does not include basic security safeguards. Its shortcomings include clear-text transmission of security information, little granularity in access rules, and no audit trail.
The US Computer Emergency Readiness Team (US-CERT) has documented hundreds of security issues with the use of FTP and FTP to mainframe, many of which represent catastrophic exposures.
VitalSigns for FTP addresses FTP's security shortcomings by fully integrating mainframe FTP with mainframe SAF security (RACF, ACF2, or Top Secret), and by making it easy to change standard z/OS FTP traffic into encrypted z/OS SFTP traffic. more...
VFTP users can secure individual FTP commands. VFTP can, for example, allow read-access to a data set while preventing its off-site transfer, or allow transfer of sequential files but not JES files.
VFTP lets you to treat commands to the z/OS FTP server as secure resources. You can selectively disallow any mainframe FTP server command, including individual functions of the powerful SITE command. You can allow FTP users to transfer the files they need, while preventing them from using FTP to snoop around.
VFTP readily collaborates with third-party mechanisms to encrypt traffic to and from a z/OS FTP client and transmit it through more secure protocols, TSL or SFTP for example.
As far as users are concerned, those kinds of security measures are automatic and transparent. There is no need to modify the JCL in batch jobs that invoke a z/OS FTP client.
Monitoring & Auditing, Complete Mainframe FTP Traffic Records
For FTP to mainframe and FTP from mainframe, Customers, regulators, and business partners hold you accountable for slow performance, delayed data, lost or stolen files. A growing body of government regulations (Sarbanes-Oxley, Gramm-Leach-Bliley Act, HIPAA, PCI DSS) mandate processes for adhering to standards and providing audit trails.
VitalSigns for FTP provides immediate, real-time notification when z/OS FTP jobs fail, and a comprehensive end-to-end audit trail. VFTP's detailed tracking and logging of all mainframe FTP transfers and file-transfer sessions tells you who transferred what, when, where, how. Was the transfer authorized? Was it successful? VFTP answers these questions and more. more...
VFTP comes with standard inquires, such as reporting on the top 10 FTP users, jobs, file sizes, and transfer times, and listing problem sessions, failed transfers, suspect transfers, and failed attempts to log onto a server.
FTP auditors can review every aspect of transfer history, easily getting details for a given system, FTP session, file transfer, or user ID.
While most treat FTP transfers as isolated events, VFTP logs entire sessions, so you can see each transfer in context: What lead up to a failed transfer? What other transfers were attempted in same FTP session? You will see your FTP activity in a whole new way.
Automation: Control z/OS FTP Clients On-Line; Script FTP commands in z/OS Batch Jobs
Typically, upgrading standard z/OS FTP to a more secure z/OS SFTP configuration requires revising the batch jobs that rely on the FTP client. That means editing, testing, and dealing with production red tape.
Typically, an outage in FTP operations must be discovered, and then manually handled—often by restarting the entire operation. The costs add up: There's the time lost while discovering the unusable file, the time to re-start FTP, the time to duplicate the transmission.
Now VFTP provides a revolution in FTP automation. more...
VitalSigns for FTP can dynamically control configuration of the z/OS FTP client. It can recognize batch jobs by name, job step, and user ID, then reconfigure the FTP client to use a specific route—clear text, SSL/TSL encryption, or mainframe SFTP.
VFTP's controls for such work are simple, intuitive web-browser displays. You can change FTP client configuration and direct alerts to e-mail addresses dynamically and easily. There is no need to whatsoever to revise JCL and test new batch jobs.
With VFTP's FTP Control Language (FCL) you can conditionally execute FTP commands. Execution of one FTP command can depend on the success of the previous command, or on the server reply, or on the client condition code.
Batch jobs with FCL can conditionally retry a failed transfer, wait before passing to the next FTP command, act on some failures but ignore others, log messages to the system console, and notify the right people by e-mail when automated recovery is not possible.
FCL is simple to implement. It is fully compatible with existing FTP command syntax. Best of all, FCL is implemented at a global level with no risk to existing FTP jobs. You can count on FCL to deliver enhanced FTP with greater predictability, security and performance.
In addition, VFTP can log every FTP transfer to the system console, or more likely, every failed transfer, providing means to further control and automation system wide.
FTP use has exploded in the past several years. Unfortunately, FTP might be the biggest threat to your z/OS data infrastructure.
The inherent shortcomings in FTP have costs, seen and unseen, in the areas of security, automation, and visibility.
SDS's new VitalSigns for FTP software overcomes serious FTP obstacles for mainframe FTP and FTP to mainframe by instantly providing:
- Appropriate security all across your organization, for both clients and servers.
- Comprehensive workload monitoring and management to ensure that you can meet your business needs.
- Easy-to-use and fully robust controls over the configuration and behavior of z/OS FTP clients.
- Thorough audit trails to assure compliance and monitor security.