VitalSigns for FTP
HomeGroovy ?SolutionsNewsPartnersContact

 

VitalSigns for FTP: precise, low-overhead FTP Security for FTP Servers and Clients on z/OS

SDS’s VitalSigns for FTP software overcomes serious FTP obstacles by instantly providing:

  • Appropriate security all across your organization, for both clients and servers.
  • Comprehensive workload monitoring and management to ensure that you can meet your business needs.
  • Easy-to-use and fully robust controls over the configuration and behavior of z/OS FTP clients.
  • Thorough audit trails to assure compliance.

 

FEATURES

Tight integration with RACF, ACF2 and Top Secret

VitalSigns for FTP addresses FTP’s security shortcomings by integrating fully with mainframe SAF security (RACF, ACF2, or TopSecret) and by making it easy to change standard FTP traffic into encrypted FTP traffic.

VitalSigns for FTP secures individual FTP commands

  • For example, allow read access to a data set while preventing its off-site transfer, or allow transfer of sequential files but not JES files.
  • You can selectively disallow any FTP server command, including individual functions of the powerful SITE command.
  • You can allow FTP users to transfer the files they need, while preventing them from using FTP to snoop around.

FTP Authentication, Encryption, Security Automatically, with No JCL Changes

  • VitalSigns for FTP, teamed up with an SSH Tectia SOCKS proxy, can encrypt traffic to and from a z/OS FTP client and transmit it through an SSH tunnel. VitalSigns for FTP and SSH Tectia can also translate FTP traffic into SFTP (secure shell file transfer) traffic.
  • Automatic and transparent for the users. No need to modify the JCL in batch jobs that invoke a z/OS FTP client.
  • Real-time alerts when FTP jobs fail, and a comprehensive end-to-end audit trail.
  • Detailed tracking and logging of all FTP and SSH Tectia file transfers and file transfer sessions tells you who transferred what, when, where, how.
  • Was the transfer authorized? Was it successful? VitalSigns for FTP answers these questions and more.

Pre-configured with a set of standard queries which can be used to obtain:

  • 10 most active FTP users
  • FTP jobs submitted
  • failed transfers
  • suspect transfers
  • size of files transferred
  • elapsed time for transfers
  • server logons that failed

End to-end audit trail that contains details of all attempted FTP sessions and transfers.

  • FTP auditors can review every aspect of transfer history, easily getting details for a given system, FTP session, file transfer, or user ID.
  • VitalSigns for FTP logs entire sessions, so you can see each transfer in context: What lead up to a failed transfer? What other transfers were attempted in same FTP session? You will see your FTP activity in a whole new way.

Automation: Control z/OS FTP Clients On-Line; Script FTP commands in z/OS Batch Jobs

VitalSigns for FTP can dynamically control configuration of the z/OS FTP client.

  • It can recognize batch jobs by name, job step, and user ID, then reconfigure the FTP client to use a specific route—clear text, SSL/TSL encryption, an SSH tunnel, or SFTP.

Controls are simple, intuitive web-browser displays.

  • You can change FTP client configuration and direct alerts to e-mail addresses dynamically and easily.
  • No need to revise JCL and test new batch jobs.

Easy-to-master but versatile FTP Control Language (FCL) to automate z/OS FTP client batch mode processing.

  • Conditionally execute FTP commands. Execution of one FTP command can depend on the success of the previous command, or on the server reply, or on the client condition code.
  • Batch jobs with FCL can conditionally retry a failed transfer, wait before passing to the next FTP command, act on some failures but ignore others, log messages to the system console, and notify the right people by e-mail when automated recovery is not possible.
  • FCL is simple to implement. It is fully compatible with existing FTP command syntax.
  • FCL is implemented at a global level with no risk to existing FTP jobs.
  • Use FCL to deliver enhanced FTP with greater predictability, security and performance.

VitalSigns for FTP can log every FTP transfer to the system console, or more likely, every failed transfer, providing means to further control and automation system wide.

 

SPECIFICATIONS

VitalSigns for FTP Works with FTP Server and Clients on z/OS 1.6 or Later

VitalSigns for FTP Agents reside on z/OS 1.6 or later:

  • The z/OS system provides the z/OS Communications Server 1.6 or later.
  • The z/OS Communications Server provides the z/OS FTP Server and FTP Client.
  • z/OS Communications Server is configured to support the z/OS Network Management API.
  • z/OS provides RACF or a comparable security system that supports the z/OS Systems Authorization Facility (SAF) interface.
  • z/OS 1.8 provides details about FTP sessions that are not available from earlier z/OS versions.

VitalSigns for FTP Agents work with the z/OS security system and the FTP server program exits to...

  • Validate VitalSigns for FTP users.
  • Thoroughly log FTP server sessions and data transfers.
  • Enforce security rules for FTP server resources, for example Allow/disallow data set access, Allow/disallow individual FTP commands at the server.

VitalSigns for FTP's FTP Client interfaces with the z/OS FTP client to...

  • Dynamically reconfigure the z/OS client for specific batch jobs.
  • Thoroughly log FTP client sessions and data transfers.
  • Process VitalSigns for FTP's FTP Control Language in z/OS batch jobs, then pass FTP commands to the z/OS client.

The VitalSigns for FTP - SSH Tectia bundle:

  • VitalSigns for FTP monitors SFTP and SCP traffic via SMF records reported by Tectia clients and servers.
  • VitalSigns for FTP FTP Clients can direct z/OS FTP traffic to a Tectia SOCKS proxy for Encrypted transmission through a secure SSH tunnel and dynamic translation to the SFTP protocol.

Two VitalSigns for FTP Databases reside on z/OS USS, on Linux/Unix, or on Windows:

  • VitalSigns for FTP uses a Derby 10.4 database server.
  • The VitalSigns for FTP Live Database holds immediate real-time FTP monitoring data delivered to it by the VitalSigns for FTP Agents.
  • The VitalSigns for FTP Live Database provides user and configuration data to all other parts of VitalSigns for FTP.
  • Long-term data is periodically copied to archive files, then purged from the Live Database.
  • The VitalSigns for FTP Archive Database provides access to the archived data through the same browser interface that displays the live data.

VitalSigns for FTP Live and Archive Web Servers reside on z/OS USS, on Linux/Unix, or on Windows.

  • VitalSigns for FTP uses a Tomcat 5.5 web server to provide user access to VitalSigns for FTP Databases.
  • The web servers also provide VitalSigns for FTP configuration tools to VitalSigns for FTP administrators

 

MORE RESOURCES

Download the datasheet

for:

  • More technical information
  • Free trial

VitalSigns for FTP is a SDS product.