Request demo
mainframe security software

Secure, automate & optimize mainframe communications

Tectia SSH Server for IBM z/OS is the most trusted remote access and secure FTP server software in the industry. It's easy to set up and combines enterprise-grade reliability with high performance and a light toll on cryptographic processing.

Request pricing Get free trial


Fast-track mainframe security

For many vendors, data that needs to be moved between a mainframe and a distributed system has to be manually converted to a viable and actionable format — but it can be a convoluted process. It requires configuring thousands or even millions of files by hand. It also leads to data transformations that require further handling.

With Tectia SSH Server for IBM z/OS, you can avoid manual and complicated processes by utilizing Tectia's automation features. You can:

  • Enable seamless FTP-SFTP conversion to ramp up mainframe security without JCL modifications

  • Enable direct access to MVS formats and efficient automation tools, while avoiding preprocessing, staging, and manual actions


Direct access to data sets without staging

With Tectia for IBM z/OS, you can improve your productivity and operational efficiency:

  • Run batch jobs in parallel instead of in sequences. Tectia for z/OS is capable of operating with different dataset definitions and retains and writes the metadata for a wide variety of dataset types, such as PDS(e) load libraries.

  • Get direct access to datasets without having to write datasets to files.

  • Get notifications of successful or failed data transfers with retry/restart options.

  • Enjoy seamless character-set conversions from preexisting and customizable code pages, enabling clean transfers between mainframe, Windows, and Unix.


Multi-layer security that meets regulations, including GDPR, SOX, GLBA, PCI DSS, and HIPAA

Tectia Server for z/OS offers:

  • Enhanced security by reducing the risk of breaches and data loss

  • Compliance with regulation (e.g. PCI-DSS, SOX, HIPAA, FISMA) 

  • Evolve with your needs into Post-Quantum Cryptography

  • zIIP cryptography off-loading


Ensure business continuity

Tectia Server for z/OS offers: 

  • Increased efficiency and reduced admin costs through easy setup, CPU optimization, maintenance, and solution support

  • Ensured business continuity and full compatibility with SSH Tectia family

  • Uninterrupted operations with 24/7 support

Main features

Request demo


Ease of use

  • ISPF application for installation and configuration
  • Configurable FTP fallback option for controlled and phased deployment
  • System-wide and user-specific file transfer profiles
  • Listing of MVS data sets as files and folders for easy interactive command line

User and server authentication

  • Authentication and access control through SAF calls to RACF, ACF2, and TSS
  • User authentication with passwords
  • User and server authentication with X.509 certificates
  • User and server authentication with public keys
  • Logging and auditing using SMF records and Syslogd facilities

Secure File Transfer Protocol (SFTP)

  • Transparent, automatic FTP-SFTP conversion
  • Transparent FTP tunneling
  • Multi-terabyte file size support
  • Strong encryption of data
  • Strong packet-by-packet file integrity checking
  • SFTP and SCP command-line tools for interactive and unattended use
  • Secure against the quantum threat, with Quantum-Safe Algorithms

Mainframe security

  • Automatic transparent encryption of data-in-transit, including user ID and password
  • Hardware acceleration of cryptographic operations
  • Support for U.S. NIST FIPS 140-2 Certified hardware acceleration
  • Configurable re-keying policies
  • Multi-channel support - multiple secure sessions are multiplexed to a single TCP/IP connection
  • Compliance with the IETF Secure Shell standards

Remote access

  • Secure tunneling for TN3270 connections
  • Transparent tunneling for TN3270

Zero Trust access control

  • Role-based access control (RBAC) - grant and revoke access for multiple mainframe systems at once
  • Support for temporary access
  • Full audit trail with SIEM integration support
  • No passwords - no stolen or leaked passwords, no password rotation
  • Optional browser client for TN3270

Tectia SFTP special facilities for z/OS data transfer

Many special facilities are provided in Tectia SFTP to work natively with z/OS data in a simple and productive way that will be familiar to mainframe professionals. They include:

Filetype JES

Supports the submission of batch jobs to the JES (Job Entry Subsystem) reader and access to JES spooled output.

This allows Tectia SFTP to interact with the batch environment, a core part of mainframe business processes, both to trigger batch jobs and to work with job output.

Filetype IDCAMS

Supports the execution of IDCAMS commands and viewing the resulting output. IDCAMS is a utility to define and manipulate datasets, types of files used in z/OS, with special organizations and features to support batch and online processing.

Access to IDCAMS allows Tectia SFTP to perform operations on datasets beyond the Unix file/directory view for which that protocol was originally conceived.

Filetype PDS

Supports operations on Partitioned Datasets, a particular variety of datasets (both PDS and PDSE (extended)), much used in z/OS environments to store "members" containing source code, JCL (Job Control Language) "decks", executables, etc.

While Tectia z/OS SFTP has always supported basic access to PDS members, this facility extends this to support operations on whole PDSes with all or a set of their members, including creating and transferring their associated metadata. This gives Tectia SFTP the ability to work with these datasets in the way a z/OS software product is expected to operate, natively and with full functionality.

Filetype IEBCOPY

Supports the execution of IEBCOPY commands and viewing the resulting output. IEBCOPY is a utility for manipulating PDSes and PDSEs, copying, reorganizing, unloading, reloading, etc.

This facility allows Tectia SFTP to make use of IEBCOPY when transferring this kind of dataset. In particular, IEBCOPY is required for correctly transferring PDSE "program object, type 2" members, which contain proprietary metadata structures not divulged by IBM.

Filetype ADRDSSU

Supports the execution of ADRDSSU commands and viewing the resulting output. ADRDSSU is a utility for working with collections of datasets, especially for dumping and restoring datasets to/from a transportable format.

For datasets with sensitive internal structures, this is the most effective way to transfer them without corrupting that structure and rendering them useless. This facility allows Tectia SFTP to perform such dataset transfers in an integrated operation, more productively than via a series of manual processes.

Filetype DFSORT

Supports the execution of DFSORT commands and viewing the resulting output. DFSORT is a utility that sorts datasets, but it also has many other abilities, such as selecting, reformatting, or converting the contents of datasets, including VSAM.

This facility gives Tectia SFTP access to the individual records and fields of a dataset, essentially allowing ETL (Extract, Translate, Load) operations via selective file transfers.


Supports file transfer to and from Unix named pipes.

This facility allows Tectia SFTP to interact with Unix pipelines on z/OS, making the Unix shell, utilities, and programs available to perform transformations on the data stream dynamically.

Subsys Batchpipes

Supports file transfer to and from the Batchpipes subsystem. Batchpipes is a z/OS subsystem that allows pipe-like access to datasets, used to improve parallelism in batch processes by eliminating temporary datasets.

This facility allows Tectia SFTP to participate in such batch processes, introducing or extracting data for transfer.

Filetype QSAM

Supports QSAM (Queued Sequential Access Method) dataset IO. QSAM provides a simple API for record-based IO to sequential datasets, without any of the transformations performed by the C-runtime API normally used by Tectia SFTP. In some cases, these transformations introduce limitations, such as, for example, the inability to handle zero-length variable records or to open a dataset and wait for input.

This facility allows Tectia SFTP to overcome these limitations when necessary for constructing solutions.


Who is Tectia for?


Organizations that get the most out of Tectia SSH Server for IBM z/OS, generally:

  • Need to comply with regulations, such as PCI-DSS or FIPS. For example, US Federal agencies, large financial institutions, credit card companies, retailers, insurance companies, etc.
  • Require massive file transfers 
  • Need mainframe security controls to mitigate risk from unauthorized use
  • Need seamless transition from FTP to SFTP

Learn more about Tectia customers

Tectia is trusted by some of the world's leading enterprises.

Tectia references

Try Tectia SSH Server for z/OS for free!

Download the trial to get started on your Tectia journey. Try it for free for 60 days!

Start Tectia z/OS trial!