Tectia® SSH Server for z/OS
mainframe security software
Secure mainframe communications
Tectia SSH Server for IBM z/OS is the most trusted remote access and secure FTP server software in the industry. It's easy to set up and combines enterprise-grade reliability with high performance and a light toll on cryptographic processing.
Data communications – (often) the weakest link in mainframe security
- Mainframes are an integral component of large IT infrastructure, handling 68% of the world's production IT workloads. One reason for their popularity is their built-in advanced security features.
- Despite the internal robustness of mainframes, failing to properly secure data communications will create an obvious vulnerability in the mainframe security architecture. The FTP protocol, still commonly in use, transmits data in plain text format – easily readable by anyone who can intercept the communications.
- The TN3270 protocol, also commonly in use, transmits user passwords in plain text format - risking that an intruder could log in to the mainframe.
- Exposures increase the risk of breaches, rising Total Cost of Ownership (TCO), potential outages, and compliance issues.
- Without dedicated solutions, secure file transfers are not only difficult to set up but also inefficient - using costly CPU cycles, increasing the operating and administration costs, complexity, time delays, and potential errors.
How does Tectia help you with mainframe security?
Seamless transition to secure data transfers
Safeguard your data with the latest encryption algorithms and enable transition from File Transfer Protocol (FTP) to SSH File Transfer Protocol (SFTP). The set up is easy without Job Control Language (JCL) modifications, breaking your existing file transfers or requiring manual changes to scripts.
Eliminate manual steps
Get direct access to MVS datasets. This is convenient since there is no need to stage your files to Hierarchical File System (HFS) – an extra step in the process that increases the risk of manual error and requires expertise.
Stay compliant & ensure business continuity
A great number of regulations require that your critical data transfers are protected, such as PCI-DSS, SOX, HIPAA, FISMA, FIPS.
We want to make sure that you stay compliant and enjoy uninterrupted operations. We provide 24/7 support and professional services for large-scale setups.
Encryption beyond the norm
We have a proven, 25-year-long track record as pioneers and innovators in encryption. SSH is a leading player in post-quantum cryptography (PQC): we develop it together with other leading companies and authorities in Finland.
Monitor access to your mainframes
No amount of encryption will make your mainframes secure if you are not monitoring your access control. With our new Zero Trust features, you can easily manage who gets access to your mainframes with role-based access, grant temporary access, get a full audit trail of mainframe usage, and reduce password-related risks and inconveniences.
Main features:
Ease of use
- ISPF application for installation and configuration
- Configurable FTP fallback option for controlled and phased deployment
- System-wide and user-specific file transfer profiles
- Listing of MVS data sets as files and folders for easy interactive command line
User and server authentication
- Authentication and access control through SAF calls to RACF, ACF2, and TSS
- User authentication with passwords
- User and server authentication with X.509 certificates
- User and server authentication with public keys
- Logging and auditing using SMF records and Syslogd facilities
Secure File Transfer Protocol (SFTP)
- Transparent, automatic FTP-SFTP conversion
- Transparent FTP tunneling
- Multi-terabyte file size support
- Strong encryption of data
- Strong packet-by-packet file integrity checking
- SFTP and SCP command-line tools for interactive and unattended use
- Transparent, automatic FTP-SFTP conversion
- Transparent FTP tunneling
- Multi-terabyte file size support
- Strong encryption of data
- Strong packet-by-packet file integrity checking
- SFTP and SCP command-line tools for interactive and unattended use
-
Secure against the quantum threat, with Quantum-Safe Algorithms
Mainframe security
- Automatic transparent encryption of data-in-transit, including user ID and password
- Hardware acceleration of cryptographic operations
- Support for U.S. NIST FIPS 140-2 Certified hardware acceleration
- Configurable re-keying policies
- Multi-channel support - multiple secure sessions are multiplexed to a single TCP/IP connection
- Compliance with the IETF Secure Shell standards
Remote access
- Secure tunneling for TN3270 connections
- Transparent tunneling for TN3270
Zero Trust access control
- Role-based access control (RBAC) - grant and revoke access for multiple mainframe systems at once
- Support for temporary access
- Full audit trail with SIEM integration support
- No passwords - no stolen or leaked passwords, no password rotation
- Optional browser client for TN3270
Who is Tectia for?
Organizations that get the most out of Tectia SSH Server for IBM z/OS, generally:
- Need to comply with regulations, such as PCI-DSS or FIPS. For example, US Federal agencies, large financial institutions, credit card companies, retailers, insurance companies, etc.
- Require massive file transfers
- Need mainframe security controls to mitigate risk from unauthorized use
- Need seamless transition from FTP to SFTP
Mainframe security resources
mainframe security solution tectia
Tectia SSH Server for IBM z/OS Datasheet
Find more technical details about mainframe security software Tectia. In-depth information about the technical specifications of Tectia.
case study: secure mainframe file transfer
Banking & Finance Institute Secure Mainframe Communications
Learn how one of our customers, an Australian bank and financial services provider with +10k employees, secured their mainframe communications by migrating from FTP to SFTP with Tectia.
buyer's guide
Secure Data Communications for IBM z/OS Mainframe
Learn about the challenges of mainframe security, how to solve them, and understand how to select a mainframe security solution that is the right fit for your organization.
Blog post
The mainframe isn’t going anywhere – how can we secure it?
Mainframes are still a crucial component of IT infrastructures. Without proper mainframe security and mainframe security software, organizations are at risk.
Blog post
How to make mainframes quantum-safe?
Quantum computers are getting more powerful, threatening the security of all modern data infrastructures. And mainframes are no exception to this threat.