A separate SSH Tectia Server for IBM z/OS product is available for IBM Mainframes. In addition to the general SSH Tectia Server features described above, the SSH Tectia Server for IBM z/OS includes the following features:
File system support
SSH Tectia Server for IBM z/OS supports both MVS (including PS, PDS, PDSE, and VSAM) and USS file systems.
Version 5.4 introduces support for Generation Data Groups (GDG).
Code set translation
Full and configurable ASCII/EBCDIC conversion is supported as well as configurable CONVXLAT conversion tables for seamless cross-platform compatibility between IBM z/OS and Unix/Linux/Windows hosts.
Direct MVS dataset access
SSH Tectia Server for IBM z/OS incorporates direct streaming for all MVS file system operations, which improves file transfer performance by eliminating any additional memory and disk staging operations required previously for transferring files in MVS.
Direct MVS dataset access is supported on both the client and server modules of SSH Tectia Server for IBM z/OS. To work together with Windows, Unix, and Linux client hosts, direct streaming requires the EFT Expansion Pack for SSH Tectia Client.
MVS dataset listing
Users of SSH Tectia Client can list MVS datasets as files and folders, facilitating easy cross-platform file transfer between mainframe and non-mainframe systems. Windows users can drag-and-drop files with IBM z/OS by using SFTP GUI of SSH Tectia Client.
Integrated mainframe authentication
SSH Tectia Server for IBM z/OS supports RACF, ACF2, and TSS through standard SAF for seamless integration with the IBM mainframe authentication methods. Existing authentication and access control management tools can be used, and there is no need to create new profiles or passwords. Public-key authentication is also supported for both interactive and unattended connections.
OpenSSH and IBM Ported Tools key support
SSH Tectia Server for IBM z/OS supports the legacy OpenSSH public-key format used by IBM Ported Tools, eliminating the need for manual key conversions in multi-vendor Secure Shell environments. The key-compatibility feature also allows easy migration of OpenSSH and IBM Ported Tools environments to SSH Tectia.
SSH Tectia Server for IBM z/OS supports X.509v3 certificates for further security and scalability in large and dynamic network environments. The advanced certificate validation capabilities of SSH Tectia including support for multi-level certificate chains and multiple revocation methods ensure seamless interoperability with any X.509v3 standards-compliant PKI environment.
Flexible certificate revocation
Both CRLs (Certificate Revocation Lists) and OCSP (Online Certificate Status Protocol) are supported for centralized revocation of user credentials. CRLs are automatically fetched using HTTP or LDAP depending on the local settings and the CRL Distribution Point extension in the certificate. CRLs can also be imported offline in legacy environments.
Certificate lifecycle management
IETF PKIX standards (CMPv2) and Cisco Systems' Simple Certificate Enrollment Protocol (SCEP) are supported for online certificate enrollment. Certificates can also be imported by using the PKCS#12 envelope format supported by most CAs (Certification Authorities).
Hardware-based key generation and storage
Both client and server-side private keys can be generated and stored on hardware by using ICSF (Integrated Cryptographic Service Facility) for maximum security.
SAF keyring support for certificate storage
SSH Tectia Server for IBM z/OS supports storing client, server, and CA (Certification Authority) certificates on SAF (System Authorization Facility) keyrings. Optionally, the SSH Tectia certificate validation can be omitted so that only the checks done by SAF will be used.
SSH Tectia Server for IBM z/OS supports 3DES, SHA-1, and AES hardware acceleration facilities for optimized encryption performance and lower CPU usage. All IBM-provided cryptographic hardware including CCF, PCICA, PCICC, PCIXCC, CPACF, and CryptoExpress2 are supported for acceleration.
Versatile command line tools
SSH Tectia Server for IBM z/OS includes versatile command line tools that can be used for secure remote login, remote command execution, and file transfer operations. These tools allow easy scripting of automated jobs using JCL batch and USS scripts.
Transparent TN3270 tunneling
SSH Tectia Connector together with SSH Tectia Server for IBM z/OS allow transparent encryption of TN3270 application connections between Windows workstations and mainframes. There is no need reconfigure existing terminal emulators.
Transparent FTP tunneling
The client component of SSH Tectia Server for IBM z/OS supports transparent FTP tunneling, providing a quick and easy way to secure FTP file transfers without the need to change existing FTP jobs. Transparent FTP tunneling can be used to secure both interactive and unattended FTP sessions. On the server side, any server running Secure Shell and FTP is supported.
Scripted file transfers
SSH Tectia Server for IBM z/OS includes versatile command line SFTP and SCP (Secure Copy) tools for easy scripting of automated and ad-hoc file transfers using JCL batch jobs and USS scripts.
File transfer profiles
File transfer profiles improve usability of file transfers that involve automatic code set translation. File transfer profiles allow users to specify file transfer parameters (e.g. ASCII/EBCDIC translation and data set allocation parameters) that are used for specific file transfers. Both global and user-specific file transfer profiles are supported.
Support for System Management Facility (SMF)
Login and file transfer information can be collected and stored as SMF type 119 records.