 |
Vanguard ez/Integrator™: Bringing Mainframe Security For Your
Applications
Vanguard ez/Integrator™
makes it easy to interface software applications running on other
platforms to use the proven authentication, centralized
authorization checking, and auditing services of a mainframe's
trusted security database (RACF). Vanguard ez/Integrator is an
easy-to-use, powerful Applications Programming Interface (API) that
is part of the Vanguard family line of security software solutions.
Your software solution can now easily link to the Mainframe with
Vanguard applications programming interface (API) without having to
create a whole new security infrastructure.
In addition, ez/Integrator can be used to help you create a
customized security solution for your applications. ez/Integrator
also makes it easy to "embed" specific Vanguard security
technologies into your company's software application for e-business
environments and other unique solutions. You can now record or store
important information from software running on other platforms,
like event messages, to the Mainframe's System Management Facility
(SMF).
The Three AAA's of Security
|
1. |
Authentication - ez/Integrator provides the
capability to authenticate user Ids and passwords from many
distributed platforms and applications against the most
secure password repository in your enterprise, the zSeries
Security Server (RACF). |
|
2. |
Authorization - ez/Integrator allows an
application to use the zSeries Security Server (RACF) to
perform authorization checking. |
|
3. |
Auditing - ez/Integrator provides
customizable, Mainframe-strength centralized auditing
facilities. |
Integrate New Applications with Mainframe Security
Companies that develop or purchase applications to run on
multiple platforms typically need to build a security
infrastructure to accommodate the new applications. In the
case of a newly developed application, this requires many hours
designing and creating User ID and password authentication
processes, access authentication schemes and an auditing
facility. With the power of Vanguard ez/Integrator, all
these needed functions are provided as easy-to-use program calls
to the trusted Mainframe. For purchased applications, ez/Integrator can be easily interfaced to provide these
capabilities. In either case, companies save time, money
and effort by utilizing the existing security infrastructure of
Security Server (RACF).
Platform Independence
A common problem with moving an application from one platform to
another is the difference in security system environments.
Applications usually do not automatically inherit or utilize the
security environment of the platform to which the application is
moved. This often requires a significant and costly
modification to the application, and in many cases, the change
is not even possible. Vanguard ez/Integrator eliminates
platform dependencies by providing a centralized, uniform and
robust security infrastructure. When applications using
ez/Integrator are ported to another platform, the security
remains the same. No modifications are required.
Centralized Auditing
Most organizations have many different systems that generate
audit and logging reviews. This requires companies to
often build or purchase multiple reporting tools. The user
has to learn how to utilize each of these tools to generate the
reports they need to monitor and track activity. With
ez/Integrator, all of this information can be written to the
Mainframe, providing a central repository from which all
reporting and analysis can be done. The company can now
save money by eliminating the redundancy of purchasing and
implementing multiple reporting products, training users, and
backing up of the audit databases.
Single Point of Control
Since all authentication and authorization requests from your
distributed applications can now be routed to the Security
Server (RACF) on the Mainframe, security administration can be
performed from a single point. A company can save money by
reducing the complexity of security administration through
multiple platforms.
By maintaining security definitions in the Security Server
(RACF), Vanguard ez/Integrator can be used to check a user's
access to corporate resources across different systems from a
single point. For example, a company maintaining a web
site or intranet on Windows may wish to limit access to certain
pages only to predetermined users. Through ez/Integrator,
user credentials can be verified, and the Security Server will
determine if the user is authorized to see specific pages.
Portability
A product or application is often tied to the operating system
and its support of a programming language. The product or
application requires the features of that system to operate
properly. ez/Integrator currently supports multiple systems such
as Windows, UNIX, AS/400, et al. Products or applications
using ez/Integrator can easily move to another platform, in most
cases only requiring recompilation.
Concept of Inheritance
Vanguard Security Solution products work together hand-in-hand.
Vanguard calls this the "Concept of Inheritance". For
example, when Vanguard ez/Integrator is used to authenticate
user IDs and passwords, perform authorization checking or create
audit records, all of this activity is logged to the System
Management Facility (SMF) log file in real time. This
means that the information is automatically made available to
Vanguard Advisor™ for security event detection, notification,
analysis, and electronic report distribution.
Making Security Easier
According to Doug Behrends, Information Security Specialist "the
initial application of ez/Integrator was for one of our systems
that was a browser based interface to a legacy IMS system.
Prior to ez/Integrator, the user would have to periodically
login to the system using a 3270 session to maintain their
password.
For service bureaus with thousands of RACF users defined, this
is becoming more and more of a problem as customers need for
3270 sessions decreases. With ez/Integrator, customers
have access to a wide variety of Mainframe and open systems
based applications using a single user ID and password. We
also had a problem with application IDs that did legacy data
access 'on behalf' of an end consumer. These IDs had
previously been defined with non-expiring passwords that would
have to be manually changed on a periodic basis. With ez/Integrator, we have now been able to implement a routine that
changes the password for that account on a daily basis.
This has improved our security profile by not requiring an
individual to know this password, as well as simplifying the
password maintenance process.
In addition, we have always had a customer based security
interface where they can manage their own employees RACF access.
With ez/Integrator, we can now extend that management model out
to the Open systems platforms as well. We have made a
strategic commitment to implementing this single point of
authentication and management for all future application
developments. This will also include use of the resource
access checking functionality".
How It Works
ez/Integrator creates and manages a secured communications link
between a variety of platforms and the existing Mainframe
security infrastructure, enabling RACF to serve as a common
security directory. This means that enterprise-wide
applications can reference existing RACF controls and audit
facilities.
A product or application is often tied to the operating system
and its support of a programming language. The product or
application requires the features of that system to operate
properly. ez/Integrator currently supports multiple systems such
as Windows, UNIX, AS/400. Products or applications using
ez/Integrator can easily move to another platform, in most cases
only requiring recompilation.
By centralizing security around existing and proven security
services on the Mainframe, ez/Integrator eliminates the
redundant administration activities often associated with
developing distributed applications.
back to top
Bringing Mainframe Security For Your Applications. |
|
