Security considerations
z/OS® Explorer provides mainframe access to users on a non-mainframe workstation. Validating connection requests, providing secure communication between the host and the workstation, and authorizing and auditing activity are therefore important aspects of the product configuration.
The security mechanisms used by z/OS Explorer servers and services rely on the data sets and file systems it resides in being secure. This implies that only trusted system administrators should be able to update the program libraries and configuration files.
The following topics are covered in this chapter:
- Server security
- Authentication methods
- Connection security
- Using PassTickets
- Using Multi-Factor Authentication
- Audit logging
- JES security
- Encrypted communication
- Client authentication using X.509 certificates
- Port Of Entry (POE) checking
- Altering client functions
- Push-to-client developer groups
- Log file security
- Miscellaneous information
- z/OS Explorer configuration files
- Security definitions
Note: Remote Systems Explorer (RSE), which provides core services
such as connecting the client to the host, consists of 2 logical entities:
- RSE daemon, which manages connection setup, and is started as a started task or long running user job.
- RSE server, which handles individual client request, and is started as a thread in one or more child processes by RSE daemon.
Refer to Understanding z/OS Explorer to learn about basic z/OS Explorer design concepts.