SSH Tectia for IBM z/OS

• Features & Benefits
• Usage Scenarios
• Supported Platforms

Secure Mainframe File Transfers

Many system administrators utilize periodic and ad-hoc file transfers based on plaintext FTP (File Transfer Protocol) for moving database backups, transaction logs, and other files that contain sensitive information. Eavesdropping of such transfers constitutes a serious threat to the integrity and confidentiality of data.

SSH Tectia Server for IBM z/OS counters this threat by providing a fully functional SFTP (Secure FTP) client and server solution based on the Secure Shell standard. Versatile command line SFTP and SCP (Secure Copy) tools of SSH Tectia Server for IBM z/OS allow scheduling of scripted file transfers by using OS-integrated and third-party scheduling systems. Both JCL (Job Control Language) and USS (Unix System Services) scripts can be used for easy automation of periodic file transfers.

ASCII-EBCDIC conversions and direct, one-step MVS streaming facilitate seamless, cross-platform secure file transfers between mainframe and non-mainframe systems. Built-in hardware acceleration support of SSH Tectia Server for IBM z/OS saves valuable mainframe CPU resources, making SSH Tectia a highly cost-effective solution for securing mainframe access in heterogeneous networks.

SSH Tectia Client for Windows provides an easy-to-use graphical user interface for interactive exchange of files with IBM z/OS mainframes. SSH Tectia hides the file system differences between IBM mainframe and Windows/Unix/Linux platforms; MVS datasets are listed as files and folders and Windows users can securely drag-and-drop files on IBM z/OS.

 

 

* Secure file transfer, secure TN3270 tunneling, and secure terminal with SSH Tectia Server for IBM z/OS

 

Secure TN3270 Application Connectivity

TN3270 terminal emulation is widely used on Windows workstations to provide enterprise end-users with a direct access to IBM mainframe applications. While many organizations have not implemented encryption controls for TN3270 application connections, sensitive data and user passwords are constantly exposed in the enterprise networks.

Transparent TN3270 tunneling requires that SSH Tectia Connector is installed on the Windows workstations. Next, the administrator specifies tunneling rules for the TN3270 application connection(s) that need to be secured. Alternatively, it is possible to require that all terminal connections initiated by a certain terminal emulator will be tunneled. SSH Tectia Manager enables centralized deployment and maintenance of secure application connectivity for all workstations with TN3270 access.

When the terminal client accesses a remote mainframe, SSH Tectia Connector captures the connection transparently and establishes a secure tunnel between the workstation and IBM z/OS system. All TN3270 application connection traffic is then transmitted over an encrypted Secure Shell tunnel, ensuring confidentiality of passwords and application data.

End users can continue to use their existing terminal emulator clients and there is no need to introduce a new authentication layer, as RACF passwords can be used for authentication. End-user transparency makes SSH Tectia a highly cost-effective solution for securing both interactive end-user connections and automated file transfers to and from IBM mainframes.

 

Secure Database Replication with Static Tunneling

SSH Tectia Server for IBM z/OS supports static tunneling (port-forwarding) of TCP-based application connections to ensure confidentiality, integrity, and authentication of transmitted data. When using static tunneling, the application client needs to be configured to connect to a specific TCP port in the local host (instead of the remote network server). SSH Tectia Server for IBM z/OS can then be configured to listen to that local TCP port and securely “forward” (tunnel) the application connection to the remote application server.

One common use case for static tunnels is securing protocols used for online database backup and replication between enterprise servers, as an alternative to periodic file transfers using SFTP. When the replication protocol connection is initiated in the client-side, SSH Tectia Server (with its built-in client-side functionality) automatically establishes the Secure Shell connection and starts tunneling the replication protocol according to the tunneling settings.