Advanced z/OS Security: Crypto, Network, RACF, and Your Enterprise

System z continues to extend the value of the mainframe by leveraging robust security solutions, to help meet the needs of today's on demand, service-oriented infrastructures. System z servers have implemented leading-edge technologies, such as high-performance cryptography, multi-level security, large-scale digital certificate authority and lifecycle management; as well as improved Secure Sockets Layer (SSL) performance, advanced Resource Access Control Facility (RACF) function, and z/OS Intrusion Detection Services. This advanced z/OS security course presents the evolution of the current z/OS security architecture. It explores in detail, the various technologies that are involved in z/OS Cryptographic Services, z/OS Resource Access Control Facility (RACF), and z/OS Integrated Security Services.

In the hands-on exercises, you begin with your own z/OS HTTP Server in a TCP/IP environment. Throughout the exercises, you make changes to the configuration to implement authentication by using RACF, SSL and the use of digital certificates. Use is made of facilities such as RACDCERT to manage digital certificates, PKI Services and RACF auto registration. You will also implement different scenarios to implement ssl security for a typical tcpip application; FTP: SSL, TLS, server authentication, client certificates and AT-TLS. These exercises reinforce the concepts and technologies being covered in the lectures.

SKU: 204. Category: z/OS

Description

At Sixe Engineering we have been providing official IBM training around the world for over 12 years. Get the best training from our specialists in Europe. We have important discounts and offers for two or more students.

Course details

IBM course code: ES66G Category: z/OS / Security z/os
Delivery: Online & on-site** Course length in days: 3.5

Target audience

This class is intended for z/OS system programmers and security specialists in charge of designing and implementing z/OS security for web-enabled applications.

Desired Prerequisites:

You should have:

  • General z/OS knowledge, including basic UNIX System Services skills

  • Experience configuring any of the web servers on z/OS

  • Basic knowledge of TCP/IP and RACF

Instructors

The great majority of the IBM courses we offer are taught directly by our engineers. This is the only way we can guarantee the highest quality. We complement all the training with our own materials and laboratories, based on our experience during the deployments, migrations and courses that we have carried out during all these years.

Added value

Our courses are deeply role oriented. To give an example, the needs for technology mastery are different for developer teams and for the people in charge of deploying and managing the underlying infrastructure. The level of previous experience is also important and we take it very seriously. That is why beyond (boring) commands and tasks, we focus on solving the problems that arise in the day to day of each team. Providing them with the knowledge, competencies and skills required for each project. In addition, our documentation is based on the latest version of each product.

Agenda and course syllabus

Day 1

  • Welcome

  • Unit 1: Overview of z/OS security for on-demand business Unit 2: z/OS platform security: Part 1

  • Unit 3: z/OS platform security: Part 2

  • Unit 4: Introduction to digital certificates and PKI

Day 2

  • Unit 5: The SSL protocol

  • Unit 6: HTTP and Apache server, SSL client authentication and WebSphere Application Server security

  • Unit 7: RACF and digital certificates

  • Unit 8: Open Cryptographic Services Facility

  • Exercise 1: Controlling access using the httpd.config file Exercise 2: SSL protocol

Day 3

  • Exercise 2: SSL protocol (continued)

  • Unit 9: Introduction to z/OS Communications Server security features Unit 10: System SSL overview

  • Unit 11: TN3270 secure connection

  • Unit 12: FTP server and client secure connection

  • Unit 13: Cryptography overview: System z integrated cryptography

Day 4

  • Exercise 3: SSL client authentication and RACF auto registration

  • Unit 14: Network authentication services and Enterprise Identity Mapping Unit 15: LDAP Directory Services in z/OS and the Tivoli Director Server for z/OS

  • Unit 16: An introduction to OpenSSH for z/OS

  • Exercise 4: Securing FTP with SSL: FTPS, TLS, AT-TLS

Do you need to adapt this syllabus to your needs? Are you interested in other courses?  Ask us without obligation.

Locations for on-site delivery

  • Austria: Vienna
  • Belgium: Brussels, Ghent
  • Denmark: Cophenhagen
  • Estonia: Tallinn
  • Finland: Helsinki
  • France: Paris, Marseille, Lyon
  • Germany: Berlin, Munich, Cologne, Hamburg
  • Greece: Athens, Thessaloniki
  • Italy: Rome
  • Louxemburg: Louxembourg (city)
  • Netherlands: Amsterdam
  • Norway: Oslo
  • Portugal: Lisbon, Braga, Porto, Coimbra
  • Slovakia: Bratislava
  • Slovenia: Bratislava
  • Spain: Madrid, Sevilla, Valencia, Barcelona, Bilbao, Málaga
  • Sweden: Stockholm
  • Turkey: Ankara
  • United Kingdom: London

Related products

z/OS System Services StructureHardware Configuration and Definition (HCD) for z/OS
SiXe Ingeniería
×