This IBM® Redbooks® publication documents the strength and value of the IBM security strategy with IBM z™ Systems hardware and software (referred to in this book by the previous product name, IBM System z®). In an age of increasing security consciousness and more dangerous and advanced persistent threats, System z provides the capabilities to address today’s business security challenges. This book explores how System z hardware is designed to provide integrity, process isolation, and cryptographic capability to help address security requirements.

We highlight the features of IBM z/OS® and other operating systems that offer a variety of customizable security elements. We also describe z/OS and other operating systems and additional software that use the building blocks of System z hardware to meet business security needs. We explore these from the perspective of an enterprise security architect and how a modern mainframe must fit into an enterprise security architecture.

This book is part of a three-volume series that focuses on guiding principles for optimized mainframe security configuration within a holistic enterprise security architecture. The intended audience includes enterprise security architects, planners, and managers who are interested in exploring how the security design and features of the System z platform, the z/OS operating system, and associated software address current issues, such as data encryption, authentication, authorization, network security, auditing, ease of security administration, and monitoring.

This book was produced by a team of specialists from around the world working at
IBM International Technical Support Organization (ITSO), Austin Center.

Axel Buecker is a Certified Consulting Software IT Specialist in the IBM Security business unit. He writes extensively and teaches IBM classes worldwide on areas of software security architecture and network computing technologies. He holds a master’s degree in Computer Science from the University of Bremen, Germany and has 29 years of experience in various areas that are related to IT security architecture, workstation and systems management, network computing, and business solutions. Before he joined the ITSO in March 2000, Axel worked for IBM in Germany as a Senior IT Specialist in software security architecture.

Thomas Cosenza is a Senior Certified IT Security Consultant and Specialist who joined IBM in 1998 after receiving his Computer Engineering degree from the University of Florida. Since 2004, Thomas has been working within the IBM Lab Services group creating IT security solutions on IBM System z for governments and corporations around the world. Among these solutions are IBM RACF®, IPSec VPN, Transport Layer Security (TLS), and IBM DataPower® XI50z. He is a regular speaker at the System z University, Share, and other vendor conferences, where he presents security solutions that customers can deploy within their enterprises. Thomas has also been certified by ISC2 as an Information Systems Security Professional (CISSP) since 2006 and has been a member in good standing since then.

Uma Kumaraguru is a Host Networking Specialist in the IBM Global Technology Services® Delivery organization. She is the Technical Lead for the team in India that provides Infrastructure Services support for Communications Server on z/OS. Uma has been with IBM since 2006 and has more than 11 years of experience in the IT industry. She specializes in z/OS Communications Server components, such as TCP/IP, SNA, and IBM VTAM®, and its related ISV and OEM products. She is based in Chennai, in South India, and has a bachelor’s degree in Computer Science Engineering.

Christopher Meyer, CISSP, is a Senior Software Engineer in the IBM Software Group,
on the IBM z Systems™ team, where he focuses on communications security. He has more than 30 years of experience in developing IBM operating systems and security-related software products.

Vinicius Oliveira is a Level 1 IBM IT Specialist located in Belo Horizonte, Brazil. He has 10 years experience in IT solutions. He joined IBM in 2009 as an IT Specialist for IBM Global Account, Canada, supporting internal IBM accounts as a member of the technical leadership team, with focus on infrastructure. His previous work experience includes network administration and analysis. Vinicius now works as a team leader for the IBM Rational® Support Team in Brazil. He specializes in infrastructure, middleware, and server support.

Vinodkumar Ramalingam is a Certified Senior IT Specialist for IBM System z. He works on architecture and technical solution development for the Mainframe Speciality Services Area in Global Technology Services, on the Delivery Technology and Engineering team. He has over 14 years of experience on System z, and has had various roles in IBM since 2004. He has a Master’s in Philosophy degree in Computer Science, a master’s in Information Technology, an MBA, and a post-graduate diploma in Cyber Law.

Jan Thielmann is a Certified IT Specialist for IBM z/OS in the IBM Software Group, in Germany. Jan joined IBM in 2006 and started working with System z and z/OS in 2008. Since 2009, he has been a member of a cross-brand System z Software Services Team. One of his main focus areas is Security on z/OS, mainly RACF with IBM Security zSecure™, but also other products in that area. He delivers service projetcs for clients accross Europe and presents regularly at IBM System z conferences. He is 11 years younger than RACF and holds a Bachelor of Science degree in Applied Computer Science.

Joe Welsh is a Senior Management IT Consultant and certified IT Network Specialist who joined IBM in 1988. He has held the roles of developer, designer, and tester for IBM z/OS Communications Server (VTAM, TCP/IP). Since 1998, he has performed IT consulting services engagements focused on SNA, Advanced Peer-to-Peer Networking (APPN) and high-performance routing (HPR), Enterprise Extender, VTAM, TCP/IP, and IP security for the Communications Server for (IBM AIX®, Linux, Microsoft Windows, and z/OS) at Fortune 500 companies around the world. This includes providing SNA, APPN and HPR, TCP/IP, and IP Security education and training, developing network designs and migrations, strategy and product direction, problem determination, implementation, and installation and migration assistance. Joe also provides network design, migration, and implementation services for 3745 NCP conversions to Communication Controller for Linux on zSeries for IBM customers worldwide. In 2012, he began assisting customers with IBM zEnterprise® BladeCenter Extensions, and Multi-site Workload Lifeline implementations.

Thanks to the following people for their contributions to this project:

Julie Bergh, Judith Broadhurst, Mike Fox, Gus Kassimis, Linwood Overby, Jerry Stevens
IBM

Here’s an opportunity to spotlight your skills, grow your career, and become a published author—all at the same time. Join an ITSO residency project and help write a book in your area of expertise, while honing your experience using leading-edge technologies. Your efforts will help to increase product acceptance and customer satisfaction, as you expand your network of technical contacts and relationships. Residencies run from two to six weeks in length, and you can participate either in person or as a remote resident working from your home base.

Find out more about the residency program, browse the residency index, and apply online:

Your comments are important to us.

We want our books to be as helpful as possible. Send us your comments about this book or other IBM Redbooks publications in one of the following ways:

IBM Corporation, International Technical Support Organization
Dept. HYTD Mail Station P099
2455 South Road
Poughkeepsie, NY 12601-5400