IBM® Security Server is a set of features in z/OS® that provide security.

Security Server provisions include:

• Controlling the access of users (user ID and password) to the system
• Restricting the functions that an authorized user can perform on the systems' data files and programs

Many installations use a package called Security Server, which is commonly referred to by the name of its most well-known component, RACF®. Resource Access Control Facility (RACF) is a component of Security Server. It controls access to all protected z/OS resources. RACF protects resources by granting access only to authorized users of the protected resources and retains information about the users, resources, and access authorities in specific profiles.

The following is a list of the security components of z/OS that are collectively known as Security Server:

• DCE Security Server

This server provides a fully functional OSF DCE 1.1 level security server that runs on z/OS.

• Lightweight Directory Access Protocol (LDAP) Server

This server is based on a client/server model that provides client access to an LDAP server. An LDAP directory provides an easy way to maintain directory information in a central location for storage, update, retrieval, and exchange.

• z/OS Firewall Technologies

This is an IPV4 network security firewall program for z/OS. In essence, the z/OS firewall consists of traditional firewall functions as well as support for virtual private networks.

The inclusion of a firewall means that the mainframe can be connected directly to the Internet if required without any intervening hardware and can provide the required levels of security to protect vital company data. With the VPN technology, securely encrypted tunnels can be established through the Internet from a client to the mainframe.

• Network Authentication Service for z/OS

This provides Kerberos security services without requiring that you purchase or use a middleware product such as Distributed Computing Environment (DCE).

• Enterprise Identity Mapping (EIM)

This offers a new approach to enable inexpensive solutions to easily manage multiple user registries and user identities in an enterprise.

• PKI Services

This allows you to establish a public key infrastructure and serve as a certificate authority for your internal and external users, issuing and administering digital certificates in accordance with your own organization's policies.

• Resource Access Control Facility (RACF)

This is the primary component of the Security Server; it works closely with z/OS to protect vital resources.

The topic of security can be a whole course by itself. In this section, we introduce you to the RACF component and show how its features are used to implement z/OS security.