Implementing RACF Security for CICS/ESA and CICS/TS

This course teaches you how to implement security for your CICS systems using RACF as the external security manager. The lecture material will first explain the implementation tasks for a single-region CICS system and then extend the scope to MRO- or ISC-connected multiregion CICS systems. In the classroom you will learn both the CICS and RACF definitions necessary to establish effective security controls for CICS. You will learn how to:

  • Protect CICS system resources so that CICS itself has access but other users, such as TSO users or batch jobs, are denied access.

  • Define CICS terminal users to RACF and restrict the CICS regions to which these users will be allowed to sign on.

  • Control access to individual CICS transactions.

  • Control access to CICS application resources accessed by these transactions.

  • Control execution of CICS system programmer interface (SPI) commands used within transactions.

  • Control access to installation-defined resources used to support application-specific security requirements.

  • Control access to CICS transactions and resources when two or more CICS address spaces are connected to enable use of the CICS transaction routing and function-shipping mechanisms.

You will learn about the wide variety of mechanisms that can be used to initiate transactions within CICS and the techniques for imposing security controls on each of these mechanisms. These mechanisms include the connections to CICS using Advanced Program-to-Program Communication (APPC) either from CICS client or server products on other platforms or from other products that support APPC. You will also explore the security interface between CICS, RACF, and DB2 and learn how RACF can be used to secure CICSplex System Manager, one of the elements provided with CICS Transaction Server for z/OS.

You will have many opportunities to apply what you have learned in the classroom with hands-on lab exercises in which you actually set up the definitions in both CICS and RACF. The hands-on lab begins with exercises where you will familiarize yourself with the CICS and RACF lab environment. In the lab exercises you start with a CICS address space that has no security. First, you will protect your CICS region resources. In subsequent lab exercises, you will set up user sign-on security, protect transactions, and set up resource-level security and SPI command security. In the last lab exercise, you establish security between a terminal-owning region (TOR) and an MRO-connected application-owning region (AOR).

SKU: 208. Category: z/OS

Description

At Sixe Engineering we have been providing official IBM training around the world for over 12 years. Get the best training from our specialists in Europe. We have important discounts and offers for two or more students.

Course details

IBM course code: ES84G Category: z/OS / RACF
Delivery: Online & on-site** Course length in days: 4.5

Target audience

This course is for security personnel and CICS support personnel responsible for designing, implementing, or administering RACF security for CICS Transaction Server systems.

Desired Prerequisites:

You should be familiar either with:

  • RACF (perhaps as a security administrator) or with CICS (perhaps as a member of your CICS technical support staff).

It is not assumed or necessary that you already be familiar with both RACF and CICS.

Instructors

The great majority of the IBM courses we offer are taught directly by our engineers. This is the only way we can guarantee the highest quality. We complement all the training with our own materials and laboratories, based on our experience during the deployments, migrations and courses that we have carried out during all these years.

Added value

Our courses are deeply role oriented. To give an example, the needs for technology mastery are different for developer teams and for the people in charge of deploying and managing the underlying infrastructure. The level of previous experience is also important and we take it very seriously. That is why beyond (boring) commands and tasks, we focus on solving the problems that arise in the day to day of each team. Providing them with the knowledge, competencies and skills required for each project. In addition, our documentation is based on the latest version of each product.

Agenda and course syllabus

Day 1

  • Welcome, course introduction, and administration

  • Unit 1 – CICS overview

  • Exercise 1 – CICS familiarization

  • Unit 2 – RACF overview

  • Exercise 2 – RACF familiarization

Day 2

  • Unit 2 lab review

  • Unit 3 – Protecting the CICS region

  • Exercise 3 – Protecting the CICS region

  • Unit 4 – Sign-on security

  • Exercise 4 – Sign-on security

Day 3

  • Unit 5 – Transaction security

  • Exercise 5 – Transaction security

  • Unit 6 – CICS resource and SPI command security

  • Exercise 6 – CICS resource security and SPI command security

Day 4

  • Unit 7 – CICS intercommunication bind and link security

  • Unit 8 – CICS intercommunication conversation security

Day 5

  • Lab Review

  • Unit 9 – Securing CICSPlex SM

  • Unit 10 – Planning for implementation

  • Unit 11 – CICS and DB2 security

  • Unit 12 – CICS Web Services security

Do you need to adapt this syllabus to your needs? Are you interested in other courses?  Ask us without obligation.

Locations for on-site delivery

  • Austria: Vienna
  • Belgium: Brussels, Ghent
  • Denmark: Cophenhagen
  • Estonia: Tallinn
  • Finland: Helsinki
  • France: Paris, Marseille, Lyon
  • Germany: Berlin, Munich, Cologne, Hamburg
  • Greece: Athens, Thessaloniki
  • Italy: Rome
  • Louxemburg: Louxembourg (city)
  • Netherlands: Amsterdam
  • Norway: Oslo
  • Portugal: Lisbon, Braga, Porto, Coimbra
  • Slovakia: Bratislava
  • Slovenia: Bratislava
  • Spain: Madrid, Sevilla, Valencia, Barcelona, Bilbao, Málaga
  • Sweden: Stockholm
  • Turkey: Ankara
  • United Kingdom: London

Related products

z/OS System Services StructureHardware Configuration and Definition (HCD) for z/OS
SiXe Ingeniería
×