Mainframe

Using the connector for RACF (agtracf), CA-TopSecret (agtts), and CA-ACF2 (agtacf2 ), in conjunction with Mainframe Connector (sold separately), which is installed as a started task on the LPAR with the RACF, CA-TopSecret, or CA-ACF2 security database.

The following sections deal with this method.

Mainframe Connector acts as a TCP/IP listener, and accepts inbound connections on a designated TCP port. The Bravura Security Fabric server negotiates a cryptographic handshake with the started task, and asks the started task to issue RACROUTE commands to enumerate accounts, validate current passwords, and perform other Bravura Security Fabric operations.

Mainframe Connector can also intercept password changes made in native mode in RACF, CA-TopSecret or CA-ACF2 and automatically trigger automatic password synchronization for the user whose password changed.

See Mainframe Connector documentation for more information.

Using the Telnet connector (agttelnet), where the Telnet service is enabled and available through either TCP/IP or an SNA gateway.

This method is less secure and robust, but requires no change control or local agent on the mainframe. Providing the Telnet service is available, you can also use this method for systems running older versions of MVS.

See TCP Telnet HTTP or HTTPS Access to learn about this method.

Using the LDAP connector (agtldap) to connect to an LDAP directory server installed on the mainframe.

This method is fast and potentially secure, if LDAP+SSL is used. Mainframe LDAP directory products are relatively new and quite fragile. Change control and a local software footprint on the mainframe are still required.

See LDAP Directories to learn how to target an LDAP directory.