SSH

Features Specific to Tectia Server for IBM z/OS

Tectia Server for IBM z/OS includes the following features in addition to the generic Tectia Server features described above:

File system support

Tectia Server for IBM z/OS supports MVS (including PS, PDS, PDSE, and VSAM) and USS file systems, and Generation Data Groups (GDG).

Coded character set translation

Full and configurable ASCII/EBCDIC conversion is supported as well as configurable CONVXLAT conversion tables for seamless cross-platform compatibility between IBM z/OS and Unix/Linux/Windows hosts.

Tectia Server for IBM z/OS allows the coded character sets to be configured for file transfer or terminal connections, and users can invoke the change code page command, chcp, to change the character set encodings dynamically.

Direct MVS data set access

Tectia Server for IBM z/OS incorporates direct streaming for all MVS file system operations, which improves file transfer performance by eliminating any additional memory and disk staging operations required previously for transferring files in MVS.

Direct MVS data set access is supported on both the client and server modules of Tectia Server for IBM z/OS. To work together with Windows, Unix, and Linux client hosts, direct streaming requires Tectia ConnectSecure on the client side.

MVS data set listing

Users of Tectia Client and ConnectSecure can list MVS data sets as files and folders, facilitating easy cross-platform file transfer between mainframe and non-mainframe systems. Users can drag-and-drop files with IBM z/OS by using SFTP GUI of Tectia Client.

Integrated mainframe authentication

Tectia Server for IBM z/OS supports RACF, ACF2, and TSS through standard SAF for seamless integration with the IBM mainframe authentication methods. Existing authentication and access control management tools can be used, and there is no need to create new profiles or passwords. Public-key authentication is also supported for both interactive and unattended connections.

Hardware-based key generation and storage

Both client and server-side private keys can be generated and stored on hardware by using Integrated Cryptographic Service Facility (ICSF) for maximum security.

SAF keyring support for certificate storage

Tectia Server for IBM z/OS supports storing client, server, and Certification Authority (CA) certificates on System Authorization Facility (SAF) keyrings. Optionally, the Tectia certificate validation can be omitted so that only the checks done by SAF will be used.

Hardware acceleration

Tectia Server for IBM z/OS supports 3DES, SHA-1, and AES hardware acceleration facilities for optimized encryption performance and lower CPU usage. All IBM-provided cryptographic hardware including CCF, PCICA, PCICC, PCIXCC, CPACF, and CryptoExpress2 are supported for acceleration.

Versatile command-line tools for scripting

Tectia Server for IBM z/OS includes versatile command-line tools that can be used for secure remote login, remote command execution, and secure file transfer operations. These tools allow easy scripting of automated jobs using JCL batch and USS scripts.

Secure TN3270 connectivity

Tectia Server for IBM z/OS allows transparent encryption of TN3270 application connections between Windows workstations and mainframes. There is no need to reconfigure existing terminal emulators. Mainframe RACF passwords can be used for authenticating Secure Shell connections. For more information, see Tectia Server for IBM z/OS Administration Manual.

File transfer profiles

File transfer profiles improve the usability of file transfers that involve automatic code set translation. File transfer profiles allow users to specify file transfer parameters (e.g., ASCII/EBCDIC translation and data set allocation parameters) that are used for specific file transfers. Both global and user-specific file transfer profiles are supported.

Support for System Management Facility (SMF)

Login and file transfer information can be collected and stored as SMF type 119 records.