Vanguard Administrator™ offers the widest range of administration, data mining, and reporting tools available today to simplify and enhance security management functions on systems running IBM's Security Server™ (RACF®).
How it Works
As Vanguard's flagship product, Administrator is the software pioneer in offering significantly higher levels of security administration over the native capabilities of the IBM Security Server (RACF). Vanguard continues to enhance Administrator's functional leadership by offering improved performance, ease-of-use, expanded functionality, and full integration as a vital component of the comprehensive Vanguard Security Solution™.
Vanguard Administrator easily handles increased management workloads and complex system administration for either centralized or decentralized Security Server environments - in either interactive or batch processing modes. Security automation features provide easy-to-use password administration, decentralized administration support, task-oriented, context-sensitive administration, authority analysis, background security assessment, DB2 authority reporting and data services. Now, beginning with the latest release, Administrator supplies complete management capability for the digital certificate information controlled by the z/OS Security Server (RACF).
Save Time and Money
Even the most routine administrative tasks can consume valuable staff time. Vanguard Administrator's powerful automation features drastically reduce routine administration time and cost, allowing the security professional to handle greater workloads or tackle more complex issues.
Vanguard Administrator lets system administrators quickly and easily execute complex, time-consuming tasks like:
- Create a new, fully defined User ID based on the attributes of a pre-existing user or profile (CLONE)
- Remove a user, group, or security rule while ensuring the integrity of the Security Server's database (DELETE)
- Replace all instances of a given user or group within all security rules (OWNER)
- Change the notification recipient when a Security Server violation occurs (NOTIFY)
- Remove all traces of obsolete security rules to improve database integrity, eliminate possible security exposures, and improve operating system performance (OBSOLETE)
- Replace all occurrences of a user profile system-wide after it has been updated, such as when the user changes User ID, department, or job function (REPLACE)
- Move a user to a different department by removing current authorities and replacing them with new ones in a single step (TRANSFER)
Vanguard Administrator provides quicker access to relevant data, easily administers passwords across systems, offers decentralized support, generates complete Security Server (RACF) commands, analyzes resource access, and provides extensive reporting and audit capabilities. No other software package comes close
For any business that depends on its IT backbone, the risk of breaches in system integrity remains a constant threat. Vanguard knows that to minimize risk, security professionals should continuously monitor and administer security servers. Vanguard Administrator makes it easier than before.
Vanguard Administrator improves the quality and effectiveness of your security environment by performing security risk assessments in the background while you are doing regular administrative tasks. For example, if you request an Online Access Analysis for a group and a data set, Administrator goes further and does a complete security assessment on the access lists for the data set profiles analyzed and tells you in the Access Analysis Report if it found a potential problem.
Bringing Together Administration and Reporting
Vanguard's integrated software approach brings together security administration, monitoring capabilities, and update functions. For example, one of Vanguard's proprietary Enabler™ technologies called SmartLink™ seamlessly links Vanguard's powerful Advisor™ reporting and notification software package with Administrator. Now you can review actual system log (SMF) events involving both users and resources you are working on.
Another Enabler is Find-it-Fix-it-Fast™ that automatically populates the correct Vanguard Advisor™ data panel with the information you were working on in Administrator. Once all of the updates are made SmartLink brings you right back to Administrator where you left off.
eDistribution for Fast Online Reports
Only Vanguard Administrator can deliver online reports with lightning speed through your email system. Using eDistribution™, another one of Vanguard's Enabler technologies™, you can prepare specific distribution lists in Administrator to post critical reports to specific individuals or groups as soon as they are generated.
Go "Live" or Extract Security Data
Need to work immediately with users, groups and resources you just added to your Security Server (RACF) database? Vanguard Administrator gives you the option to easily switch between the "live" Security Server database or a fully customizable Extract File for all reports and commands. Security Server (RACF) data can contain huge amounts of information not relevant to your specific search. Administrator lets you define exact selection criteria in order to extract and view on the Security Server (RACF) data you need to see.
Full Control of Commands and Profiles
How effective is your security administration without the ability to readily change the Security Server (RACF) options (SETROPTS) settings when necessary? Administrator is the only security administration tool that allows users with proper authority to review and manage all SETROPTS settings in the Security Server (RACF) database.
Administrator also provides a powerful profile editor called the Vanguard RACF® Command (VRC) facility. VRC presents information on pop-up data panels that permit replacing displayed field information. Newly entered values are automatically formatted into the appropriate Security Server commands for immediate execution or scheduled batch processing. Vanguard's unique profile editor provides normal Security Server authority checking and logging.
With VRC you can quickly and easily perform complex profile updates on a single, scrollable profile display. Then review and modify the generated Security Server (RACF) commands before they are executed.
The VRC facility always accesses and updates the live Security Server (RACF) database. VRC processes all profile types and options:
- User Profiles
- Group Profiles
- Data Set Profiles
- General Resource Profiles
- Selected SETROPTS options
You can even create specific VRC environments to limit viewing data elements contained in Security Server (RACF) profiles for specific user groups or individuals.
The Ultimate Security Safety Net
If the security administrator or manager accidentally deletes authorities or security rules that are not otherwise documented, it becomes impossible to rebuild those rules. In some extreme cases, such accidents have shut down entire systems causing significant inconvenience and financial loss to the company. With Vanguard Administrator in place, such a scenario would never happen.
Administrator's powerful REBUILD command maintains a continuous Security Server (RACF) command log and can automatically recreate the complete command sequence used to define your security environment. REBUILD may be executed in a live security environment or in an archived back-up environment. Just this single function can justify your investment in Vanguard Administrator.
Vanguard Administrator utilizes Vanguard patented technology, allowing you to decentralize portions of your security administration and reporting workload. This sophisticated and patented technology limits user control and data displays to the end user to whom you have decentralized administration related duties.
Administrator lets you assign password administration to outside departments (such as an IT Help Desk) that would not otherwise have Security Server authority. This allows part of the routine maintenance to be passed on to others, freeing IT security personnel to focus on other more critical tasks. Administrator permits Help Desk personnel to change passwords, revoke a user ID, and resume a user ID. Such capabilities would only apply to users or groups for whom the Help Desk administrator has direct responsibility or authority - all controlled by Administrator.
Various reporting and analysis needs can also be decentralized. This lets an administrator create and analyze their own reports without requiring the assistance of specialized IT security personnel. Administrator allows access to information and reports only for those profiles for which the administrator has assigned authority. With Administrator, a decentralized group administrator can create the following:
- Batch Access Analysis - reports on the actual access capability of any user or group within the requester's authority
- Access List Anomaly Analysis - reports on redundant or duplicated accesses
- Scope of Authority Analysis - identifies the profiles a given user may alter. This also may be used to identity all users that have the ability to alter certain resources
- Group Tree Report - provides a representation of the actual security domains for your environment
- Cross Reference Report - reports on all occurrences of users or groups in the Security Server database
- Batch and Online Reports - displays reports on users, groups, data sets and general resources
Schedule Commands for Unattended Operation
All Vanguard Administrator commands may be scheduled for unattended operation at off-peak hours. A user may also use Task Oriented Commands or commands from on-line reports to trigger events in response to changes found by Administrator.
SMS File Handling
For more uniform file handling, Vanguard Administrator provides full support for System Managed Storage (SMS).
User Data Editor
The User Data Editor allows the security administrator to edit and browse the User Data area of security profiles. Both formatted and unformatted edit and browse capabilities are available.
Ensuring a Secure DB2 Environment
The DB2 subsystem can maintain its own security rules independent from the Security Server. Vanguard Administrator automatically extracts DB2 security information, combines it with Security Server rules, and makes it accessible to all of Administrator's powerful data mining and reporting capabilities. This gives the security administrator a complete view of enterprise-wide security without the need for formal DBA training.
DB2 Authority Reporting combines Security Server (RACF) information with DB2 access rules to comply with your company's security policies. DB2 Table Build provides the fastest tool to create and DB2 tables from files produced by the Security Server extract function.
Managing Digital Certificate Information
Now the digital information controlled by the Security Server (RACF) can be fully managed using Administrator. These capabilities, introduced in latest release, enable users to create new digital certificates, delete them, prepare requests for certificates to be signed by certificate authorities, import new signed certificates, renew existing certificates and can also add and delete certificates from digital certificate rings. These management functions can be used along with Administrator's selective digital certificate reporting capabilities for maximized efficiency and ease-of-use.