 |
Vanguard Administrator™: Offers the Widest Range of Administration &
Reporting
Vanguard
Administrator™ offers the widest range of administration, data
mining, and reporting tools available today to simplify and enhance
security management functions on systems running IBM's Security
Server (RACF).
How It Works
As Vanguard's flagship product, Administrator is the software
pioneer in offering significantly higher levels of security
administration over the native capabilities of the IBM Security
Server (RACF) Subsystem. Vanguard continues to enhance
Administrator's functional leadership by offering improved
performance, ease-of-use, expanded functionality, and full
integration as a vital component of the comprehensive Vanguard
Security Solution.
Vanguard Administrator easily handles increased management workloads
and complex system administration for either centralized or
decentralized Security Server environments - in either interactive
or batch processing modes. Security automation features
provide easy-to-use password administration, decentralized
administration support, task-oriented, context-sensitive
administration, authority analysis, background security assessment,
DB2 authority reporting and data services. Now, beginning with
the latest release, Administrator supplies complete management
capability for the digital certificate information controlled by the
z/OS Security Server (RACF).
Save Time & Money
Even the most routine administrative tasks can consume valuable
staff time. Vanguard Administrator's powerful automation
features drastically reduce routine administration time and cost,
allowing the security professional to handle greater workloads or
tackle more complex issues.
Vanguard Administrator lets system administrators quickly and easily
execute complex, time-consuming tasks like:
|
■ |
Create a new, fully defined
User ID based on the attributes of a pre-existing user or
profile (CLONE) |
|
■ |
Remove a user, group, or
security rule while ensuring the integrity of the Security
Server's database (DELETE) |
|
■ |
Replace all instances of a
given user or group within all security rules (OWNER) |
|
■ |
Change the notification
recipient when a Security Server violation occurs (NOTIFY) |
|
■ |
Remove all traces of obsolete
security rules to improve database integrity, eliminate
possible security exposures, and improve operating system
performance (OBSOLETE) |
|
■ |
Replace all occurrences of a
user profile system-wide after it has been updated, such as
when the user changes User ID, department, or job function
(REPLACE) |
|
■ |
Move a user to a different
department by removing current authorities and replacing
them with new ones in a single step (TRANSFER) |
Vanguard Administrator provides
quicker access to relevant data, easily administers passwords
across systems, offers decentralized support, generates complete
Security Server (RACF) commands, analyzes resource access, and
provides extensive reporting and audit capabilities. No
other software package comes close.
Minimizing Risk
For any business that depends on its IT backbone, the risk of
breaches in system integrity remains a constant threat. Vanguard
knows that to minimize risk, security professionals should
continuously monitor and administer security servers. Vanguard
Administrator makes it easier than before.
Vanguard Administrator improves the quality and effectiveness of
your security environment by performing security risk
assessments in the background while you are doing regular
administrative tasks. For example, if you request an Online
Access Analysis for a group and a data set, Administrator goes
further and does a complete security assessment on the access
lists for the data set profiles analyzed and tells you in the
Access Analysis Report if it found a potential problem.
Bringing Together Administration and Reporting
Vanguard's integrated software approach brings together security
administration, monitoring capabilities, and update functions.
For example, one of Vanguard's proprietary
Enabler™ technologies
called SmartLink™ seamlessly links Vanguard's powerful Advisor™
reporting and notification software package with Administrator.
Now you can review actual system log (SMF) events involving both
users and resources you are working on.
Another Enabler is
Find-it-Fix-it-Fast™ that automatically
populates the correct Vanguard Advisor™ data panel with the
information you were working on in Administrator. Once all
of the updates are made SmartLink brings you right back to
Administrator where you left off.
eDistribution for Fast Online Reports
Only Vanguard Administrator can deliver online reports with
lightning speed through your email system. Using
eDistribution™,
another one of Vanguard's
Enabler™ technologies, you can prepare
specific distribution lists in Administrator to post critical
reports to specific individuals or groups as soon as they are
generated.
Go "Live" or Extract Security Data
Need to work immediately with users, groups and resources you
just added to your Security Server (RACF) database? Vanguard
Administrator gives you the option to easily switch between the
"live" Security Server database or a fully customizable Extract
File for all reports and commands. Security Server (RACF) data
can contain huge amounts of information not relevant to your
specific search. Administrator lets you define exact selection
criteria in order to extract and view on the Security Server
(RACF) data you need to see.
Full Control of Commands and Profiles
How effective is your security administration without the
ability to readily change the Security Server (RACF) options (SETROPTS)
settings when necessary? Administrator is the only
security administration tool that allows users with proper
authority to review and manage all SETROPTS settings in the
Security Server (RACF) database.
Administrator also provides a powerful profile editor called the
Vanguard RACF Command (VRC) facility. VRC presents
information on pop-up data panels that permit replacing
displayed field information. Newly entered values are
automatically formatted into the appropriate Security Server
commands for immediate execution or scheduled batch processing.
Vanguard's unique profile editor provides normal Security Server
authority checking and logging.
With VRC you can quickly and easily perform complex profile
updates on a single, scrollable profile display. Then
review and modify the generated Security Server (RACF) commands
before they are executed.
The VRC facility always accesses and updates the live Security
Server (RACF) database. VRC processes all profile types and
options (I.E. User Profiles, Group Profiles, Data Set Profiles,
General Resource Profiles, Selected SETROPTS options).
You can even create specific VRC environments to limit viewing
data elements contained in Security Server (RACF) profiles for
specific user groups or individuals.
The Ultimate Security Safety Net
How effective is your security administration without the
ability to readily change the Security Server (RACF) options (SETROPTS)
settings when necessary? Administrator is the only
security administration tool that allows users with proper
authority to review and manage all SETROPTS settings in the
Security Server (RACF) database. If the security
administrator or manager accidentally deletes authorities or
security rules that are not otherwise documented, it becomes
impossible to rebuild those rules. In some extreme cases,
such accidents have shut down entire systems causing significant
inconvenience and financial loss to the company. With
Vanguard Administrator in place, such a scenario would never
happen.
Administrator's powerful REBUILD command maintains a continuous
Security Server (RACF) command log and can automatically
recreate the complete command sequence used to define your
security environment. REBUILD may be executed in a live
security environment or in an archived back-up environment. Just
this single function can justify your investment in Vanguard
Administrator.
Decentralized Environments
Vanguard Administrator utilizes Vanguard patented technology,
allowing you to decentralize portions of your security
administration and reporting workload. This sophisticated and
patented technology limits user control and data displays to the
end user to whom you have decentralized administration related
duties.
Administrator lets you assign password administration to outside
departments (such as an IT Help Desk) that would not otherwise
have Security Server authority. This allows part of the routine
maintenance to be passed on to others, freeing IT security
personnel to focus on other more critical tasks. Administrator
permits Help Desk personnel to change passwords, revoke a user
ID, and resume a user ID. Such capabilities would only apply to
users or groups for whom the Help Desk administrator has direct
responsibility or authority - all controlled by Administrator.
Various reporting and analysis needs can also be decentralized.
This lets an administrator create and analyze their own reports
without requiring the assistance of specialized IT security
personnel. Administrator allows access to information and
reports only for those profiles for which the administrator has
assigned authority. With Administrator, a decentralized group
administrator can create the following:
|
■ |
Batch Access Analysis -
reports on the actual access capability of any user or group
within the requester's authority |
|
■ |
Access List Anomaly Analysis -
reports on redundant or duplicated accesses |
|
■ |
Scope of Authority Analysis -
identifies the profiles a given user may alter. This also
may be used to identity all users that have the ability to
alter certain resources |
|
■ |
Group Tree Report - provides a
representation of the actual security domains for your
environment |
|
■ |
Cross Reference Report -
reports on all occurrences of users or groups in the
Security Server database |
|
■ |
Batch and Online Reports -
displays reports on users, groups, data sets and general
resources |
Schedule Commands for Unattended Operation
All Vanguard Administrator commands may be scheduled for
unattended operation at off-peak hours. A user may also use Task
Oriented Commands or commands from on-line reports to trigger
events in response to changes found by Administrator.
DFSMS File Handling
For more uniform file handling, Vanguard Administrator provides
full support for the Data Facility Storage Management Subsystem
(DFSMS), AKA System Managed Storage (SMS).
User Data Editor
The User Data Editor allows the security administrator to edit
and browse the User Data area of security profiles. Both
formatted and unformatted edit and browse capabilities are
available.
Ensuring a Secure DB2 Environment
The DB2 subsystem can maintain its own security rules
independent from the Security Server. Vanguard
Administrator automatically extracts DB2 security information,
combines it with Security Server rules, and makes it accessible
to all of Administrator's powerful data mining and reporting
capabilities. This gives the security administrator a
complete view of enterprise-wide security without the need for
formal DBA training.
DB2 Authority Reporting combines Security Server (RACF)
information with DB2 access rules to comply with your company's
security policies. DB2 Table Build provides the fastest
tool to create and DB2 tables from files produced by the
Security Server extract function.
Managing Digital Certificate Information
Now the digital information controlled by the Security Server
(RACF) can be fully managed using Administrator. These
capabilities, introduced in latest release, enable users to
create new digital certificates, delete them, prepare requests
for certificates to be signed by certificate authorities, import
new signed certificates, renew existing certificates and can
also add and delete certificates from digital certificate rings.
These management functions can be used along with
Administrator's selective digital certificate reporting
capabilities for maximized efficiency and ease-of-use.
back to top
Offers the Widest Range of Administration & Reporting. |
|
