Hitachi ID Identity and Access Management Suite z/OS Integration
There are three options for managing mainframe users and passwords, on any
currently available version of z/OS:
- Install the Hitachi ID Mainframe Connector component as a started task on the
LPAR with the mainframe security database. The Mainframe Connector started task
acts as a TCP/IP listener and accepts inbound connections on a
designated TCP port. The Hitachi ID Identity and Access Management Suite server negotiates a cryptographic
handshake with the started task (256-bit AES, shared secret
key, mutual authentication, random session keys) and asks the started
task to issue RACROUTE commands to enumerate users, verify current
passwords and reset passwords.
Fast, secure, reliable, easy to configure.
Change control to install a local, privileged agent on the mainframe.
- Manage passwords using a Telnet or TN3270 script, assuming
that a Telnet or TN3270 service is enabled and available. This
option is less secure and robust than the Mainframe Connector started task,
but requires no change control on the mainframe.
No change control, no local agent on the mainframe.
Slower connections, no cryptographic protection, fragile if the
terminal user interface is substantially changed.
- Install an LDAP directory server on the mainframe, which uses
the mainframe security database as its back-end, at least for user
and password data. IBM and CA both provide such directory products.
With the LDAP service installed,
Hitachi ID Identity and Access Management Suite can integrate with the mainframe as through it were
a normal LDAP directory.
Fast and potentially secure -- if LDAP+SSL is used.
Mainframe LDAP directory products are not widely deployed and can
be fragile. Change control and a local software footprint
on the mainframe are required.
- Windows and Active Directory:
Integration between Hitachi ID Identity and Access Management Suite and Windows servers and Active Directory.
- Lotus Notes / Domino Integration:
Integration between Hitachi ID Identity and Access Management Suite and Lotus Notes / Domino.
- Z/OS, OS390 and MVS:
Integration between Hitachi ID Identity and Access Management Suite, z/OS, OS390 and MVS security products.
Integration between Hitachi ID Identity and Access Management Suite and Database (DBMS) servers.
- RSA SecurID:
Integration between Hitachi ID Identity and Access Management Suite and RSA SecurID tokens.