Bringing Mainframe Security To Your Applications - ez/Integrator allows diverse platforms to interface and use the proven authentication, authorization and auditing capabilities of an IBM® mainframe.
Vanguard ez/Integrator makes it easy to interface software applications running on other platforms to use the proven authentication, centralized authorization checking, and auditing services of a mainframe's trusted security database (RACF®). Vanguard ez/Integrator is an easy-to-use, powerful Applications Programming Interface (API) that is part of the Vanguard family line of security software solutions. Your software solution can now easily link to the mainframe with Vanguard applications programming interface (API) without having to create a whole new security infrastructure.
In addition, ez/Integrator can be used to help you create a customized security solution for your applications. ez/Integrator also makes it easy to "embed" specific Vanguard security technologies into your company's software application for e-business environments and other unique solutions. You can now record or store important information from software running on other platforms - like event messages - to the mainframe's System Management Facility (SMF).
The Three AAA's of Security
- Authentication - ez/Integrator provides the capability to authenticate user Ids and passwords from many distributed platforms and applications against the most secure password repository in your enterprise, the zSeries Security Server (RACF).
- Authorization - ez/Integrator allows an application to use the zSeries Security Server (RACF) to perform authorization checking.
- Auditing - ez/Integrator provides customizable, mainframe-strength centralized auditing facilities.
Integrate New Applications with Mainframe Security
Companies that develop or purchase applications to run on multiple platforms typically need to build a security infrastructure to accommodate the new applications. In the case of a newly developed application, this requires many hours designing and creating User ID and password authentication processes, access authentication schemes and an auditing facility. With the power of Vanguard ez/Integrator, all these needed functions are provided as easy-to-use program calls to the trusted mainframe. For purchased applications, ez/Integrator can be easily interfaced to provide these capabilities. In either case, companies save time, money and effort by utilizing the existing security infrastructure of Security Server (RACF).
A common problem with moving an application from one platform to another is the difference in security system environments. Applications usually do not automatically inherit or utilize the security environment of the platform to which the application is moved. This often requires a significant and costly modification to the application, and in many cases, the change is not even possible. Vanguard ez/Integrator eliminates platform dependencies by providing a centralized, uniform and robust security infrastructure. When applications using ez/Integrator are ported to another platform, the security remains the same. No modifications are required.
Most organizations have many different systems that generate audit and logging reviews. This requires companies to often build or purchase multiple reporting tools. The user has to learn how to utilize each of these tools to generate the reports they need to monitor and track activity. With ez/Integrator, all of this information can be written to the mainframe, providing a central repository from which all reporting and analysis can be done. The company can now save money by eliminating the redundancy of purchasing and implementing multiple reporting products, training users, and backing up of the audit databases.
Single Point of Control
Since all authentication and authorization requests from your distributed applications can now be routed to the Security Server (RACF) on the mainframe, security administration can be performed from a single point. A company can save money by reducing the complexity of security administration through multiple platforms.
By maintaining security definitions in the Security Server (RACF), Vanguard ez/Integrator can be used to check a user's access to corporate resources across different systems from a single point. For example, a company maintaining a web site or intranet on Windows may wish to limit access to certain pages only to predetermined users. Through ez/Integrator, user credentials can be verified, and the Security Server will determine if the user is authorized to see specific pages.
A product or application is often tied to the operating system and its support of a programming language. The product or application requires the features of that system to operate properly. ez/Integrator currently supports multiple systems such as Windows®, UNIX®, AS400®, etc. Products or applications using ez/Integrator can easily move to another platform, in most cases only requiring recompilation.
Concept of Inheritance
Vanguard Security Solution products work together hand-in-hand. Vanguard calls this the "Concept of Inheritance." For example, when Vanguard ez/Integrator is used to authenticate user IDs and passwords, perform authorization checking or create audit records, all of this activity is logged to the System Management Facility (SMF) log file in real time. This means that the information is automatically made available to Vanguard Advisor™ for security event detection, notification, analysis, and electronic report distribution.
Making Security Easier
According to Doug Behrends, Information Security Specialist "the initial application of ez/Integrator was for one of our systems that was a browser based interface to a legacy IMS system. Prior to ez/Integrator, the user would have to periodically login to the system using a 3270 session to maintain their password.
For service bureaus with thousands of RACF users defined, this is becoming more and more of a problem as customers need for 3270 sessions decreases. With ez/Integrator, customers have access to a wide variety of mainframe and open systems based applications using a single user ID and password. We also had a problem with application IDs that did legacy data access 'on behalf' of an end consumer. These IDs had previously been defined with non-expiring passwords that would have to be manually changed on a periodic basis. With ez/Integrator, we have now been able to implement a routine that changes the password for that account on a daily basis. This has improved our security profile by not requiring an individual to know this password, as well as simplifying the password maintenance process.
In addition, we have always had a customer based security interface where they can manage their own employees RACF access. With ez/Integrator, we can now extend that management model out to the Open systems platforms as well. We have made a strategic commitment to implementing this single point of authentication and management for all future application developments. This will also include use of the resource access checking functionality."
How it Works:
ez/Integrator creates and manages a secured communications link between a variety of platforms and the existing mainframe security infrastructure, enabling RACF to serve as a common security directory. This means that enterprise-wide applications can reference existing RACF controls and audit facilities.
A product or application is often tied to the operating system and its support of a programming language. The product or application requires the features of that system to operate properly. ez/Integrator currently supports multiple systems such as Windows®, UNIX®, AS400®. Products or applications using ez/Integrator can easily move to another platform, in most cases only requiring recompilation.
By centralizing security around existing and proven security services on the mainframe, ez/Integrator eliminates the redundant administration activities often associated with developing distributed applications.