z/OS (MVS) Processing
The z/OS Group (formerly known as MVS) supports the State’s large-scale mainframe computing systems. These systems provide base services to thousands of Nebraskans 24 hours per day, 7 days per week. The z/OS platform provides simultaneous service to hundreds of TSO users, processes several thousand batch jobs per day and provides the computing power for the CICS and Database Management services. In addition, over two trillion characters of information are stored online with several trillion more available on tape media. For additional information or to discuss your large-scale computing needs, please contact Fred Lupher at 471-0489 or fred.lupher@nebraska.gov.
Network access to the State’s mainframe server is provided by the z/OS Networking section of the z/OS Group. They support client access, both legacy SNA and IP, to the many applications running on the mainframe server such as DB2, CICS and TSO. Services such as FTP provide secure access to mainframe data, and provide business partners of the State a method to retrieve or supply data to the State. The z/OS Networking staff support the z/OS firewalls which protect the z/OS mainframe server from unauthorized access. This group also assists other Information and Technology Services divisions in analyzing connectivity and performance issues that concern mainframe server application access.
The Office of the CIO requires that all data transfers to and from the mainframe be encrypted. This includes transfers that are internal to the State network as well as external. The preferred method for doing this is through CONNECT:Direct SECURE + (or CONNECT:Direct over VPN) which provides auditing and restart capabilities as well as authentication and encrypted data transfers. Other methods for encrypted transfer provided by the mainframe are SFTP and FTP TLS/SSL. VPN is an additional method that can be used to encrypt FTP transfers.
Good communication between endpoints is vital to ensure correct setup; every remote client/server site is unique.
Note 1: SFTP – Secure File Transfer Protocol – Different protocol than FTP; uses Secure Shell (SSH) communications technology to secure the control and data connection.
Note 2: FTP TLS/SSL (Also known as FTPS) – File Transfer Protocol with the added option of Secure Sockets Layer (SSL) or Transport Layer Security (TLS – successor to SSL). TLS/SSL is used to secure the control and data connection.
Note 3: VPN – Virtual Private Network - a private data network that makes use of the public telecommunication infrastructure, maintaining privacy through the use of a tunneling protocol and security procedures.
The Office of the CIO requires that all TN3270 communication to the z/OS TN3270 server be encrypted.
A no charge web-based alternative to TN3270 client software called Host On-Demand (HOD) is the preferred 3270 emulation method. HOD is an internet solution that provides secure access to host applications and data from a Java-enabled web browser. HOD is server-based, which means that no desktop software is required to access applications hosted on State mainframe.
If a State agency needs to use TN3270 client software, State agencies can obtain a copy of the most current release of PCOMM from the Office of the CIO to use for terminal emulation at no charge to the agency. Agencies are also free to utilize other TN3270 software that can support SSL connections. Both Attachmate and Passport require current releases of their TN3270 client software to support SSL. SSL capability is an additional chargeable feature on Passport.
|
... leading the way