Components on z/OS

For Mainframe Connector to operate, a TCP/IP connection must be available to a Bravura Security Fabric server. Ensure that the z/OS system that will support the Mainframe Connector subsystem is connected to the TCP/IP network that contains the Bravura Security Fabric server.

The Mainframe Connector subsystem normally converts the name of the Bravura Security Fabric server into an IP address using DNS (IP dotted decimal addresses are also supported). Accordingly, DNS should be configured on each z/OS image where the Mainframe Connector subsystem is installed.

If DNS support is not provided through other means, the Mainframe Connector subsystem procedure may contain the SYSTCPD data definition statement. This dataset can contain information that maps host names (such as the name of the Bravura Security Fabric server) to IP addresses.

There are a number of techniques available in z/OS TCP/IP implementations for providing DNS support. Using the SYSTCPD DD is one of these techniques. The method for providing DNS support specific to your site should be used when installing Mainframe Connector for z/OS.

If z/OS system password reset events will be used to trigger password resets on other systems or applications supported by Bravura Pass (a process known as transparent synchronization), it will be necessary to install security product specific, Mainframe Connector supplied, exits. Mainframe Connector supports the three standard z/OS host security products: RACF, ACF2, and TopSecret. In each case, an installation exit is available to capture password change events prior to the security product updating its database. The Mainframe Connector supplied versions of these exits will need to be installed if Bravura Pass password strength validation and transparent synchronization will be used.

For RACF, password change events are captured in the ICHPWX01 RACF exit. For RACF, pass phrase change events can also be captured in the ICHPWX11 RACF exit.

For ACF2, password change events are captured in the NEWPXIT ACF2 exit.

For TopSecret, password change events are captured in the TSSINSTX TopSecret exit.

Care must be taken to ensure that there are no conflicts in the use of these installation exits. If RACF or ACF2 are being used for the security product, Chapter 16 discusses what should be done if multiple subsystems need to make use of the new password exit.

If TopSecret is being used for the security product and multiple subsystems are making use of TSSINSTX, contact Bravura Security to discuss what approach should be taken to properly update TSSINSTX.

The main Mainframe Connector driver task runs as a true z/OS subsystem. Mainframe Connector must be defined to z/OS as a subsystem as described in Defining the Subsystem Name .

Mainframe Connector uses or requires updates to the following z/OS system libraries or their concatenation (where applicable):