Tectia

Features Specific to SSH Tectia Server for IBM z/OS

SSH Tectia Server for IBM z/OS includes the following features in addition to the generic SSH Tectia Server features described above:

File system support

SSH Tectia Server for IBM z/OS supports MVS (including PS, PDS, PDSE, and VSAM) and USS file systems, and Generation Data Groups (GDG).

Coded character set translation

Full and configurable ASCII/EBCDIC conversion is supported as well as configurable CONVXLAT conversion tables for seamless cross-platform compatibility between IBM z/OS and Unix/Linux/Windows hosts.

SSH Tectia Server for IBM z/OS allows the coded character sets to be configured for file transfer or terminal connections, and users can invoke the change code page command, chcp, to change the character set encodings dynamically.

Direct MVS dataset access

SSH Tectia Server for IBM z/OS incorporates direct streaming for all MVS file system operations, which improves file transfer performance by eliminating any additional memory and disk staging operations required previously for transferring files in MVS.

Direct MVS dataset access is supported on both the client and server modules of SSH Tectia Server for IBM z/OS. To work together with Windows, Unix, and Linux client hosts, direct streaming requires SSH Tectia ConnectSecure on the client side.

MVS dataset listing

Users of SSH Tectia Client and ConnectSecure can list MVS datasets as files and folders, facilitating easy cross-platform file transfer between mainframe and non-mainframe systems. Users can drag-and-drop files with IBM z/OS by using SFTP GUI of SSH Tectia Client.

Integrated mainframe authentication

SSH Tectia Server for IBM z/OS supports RACF, ACF2, and TSS through standard SAF for seamless integration with the IBM mainframe authentication methods. Existing authentication and access control management tools can be used, and there is no need to create new profiles or passwords. Public-key authentication is also supported for both interactive and unattended connections.

Hardware-based key generation and storage

Both client and server-side private keys can be generated and stored on hardware by using (Integrated Cryptographic Service Facility (ICSF) for maximum security.

SAF keyring support for certificate storage

SSH Tectia Server for IBM z/OS supports storing client, server, and Certification Authority (CA) certificates on System Authorization Facility (SAF) keyrings. Optionally, the SSH Tectia certificate validation can be omitted so that only the checks done by SAF will be used.

Hardware acceleration

SSH Tectia Server for IBM z/OS supports 3DES, SHA-1, and AES hardware acceleration facilities for optimized encryption performance and lower CPU usage. All IBM-provided cryptographic hardware including CCF, PCICA, PCICC, PCIXCC, CPACF, and CryptoExpress2 are supported for acceleration.

Versatile command-line tools for scripting

SSH Tectia Server for IBM z/OS includes versatile command-line tools that can be used for secure remote login, remote command execution, and secure file transfer operations. These tools allow easy scripting of automated jobs using JCL batch and USS scripts.

Secure TN3270 connectivity

SSH Tectia Server for IBM z/OS allows transparent encryption of TN3270 application connections between Windows workstations and mainframes. There is no need to reconfigure existing terminal emulators. Mainframe RACF passwords can be used for authenticating Secure Shell connections. For more information, see SSH Tectia Server for IBM z/OS Administration Manual.

File transfer profiles

File transfer profiles improve the usability of file transfers that involve automatic code set translation. File transfer profiles allow users to specify file transfer parameters (e.g. ASCII/EBCDIC translation and data set allocation parameters) that are used for specific file transfers. Both global and user-specific file transfer profiles are supported.

Support for System Management Facility (SMF)

Login and file transfer information can be collected and stored as SMF type 119 records.