Transcription

VitalSigns for FTP VFTPManaged FTP for z/OSAutomation Auditing Security MonitoringTransforming standard z/OS FTPinto a true mainframe-caliber utilitySoftware Diversified Services

CONTENTSVitalSigns for FTP (VFTP) .3z/os FTP: Like Achilles, a weak heel undermines overall strength .4A quick but telling example of crippling blind spots in z/OS FTP .6z/OS FTP is unmanaged until augmented with an FTP Manager .8Characteristics of a Proficient z/OS FTP Manager .10VFTP Transforms z/OS FTP into a Managed Service .11Ten Standout Features That Set VFTP Apart .12VFTP Architecture .19The Bottom Line .20Glossary .21QUALITY MAINFRAME SOFTWARE SINCE 1982Software Diversified Services delivers comprehensive, affordable mainframe anddistributed software with a focus on cybersecurity and compliance. Hundreds oforganizations worldwide, including many Fortune 500 companies, rely on SDSsoftware. Our expert development and award-winning technical support teamsare based in Minneapolis, MN. To learn more, please visit www.sdsusa.com.Software Diversified Services1322 81st Ave. NEMinneapolis, MN 55432(763) 571-9000 SDSVitalSigns for FTP and VitalSigns for IP are trademarks of Software Diversified Services. Other non-SDS products may betrademarks of their respective companies.VitalSigns for FTPp. 2Software Diversified Services

VITALSIGNS FOR FTP (VFTP)Managed FTP for z/OSAutomation Auditing Security MonitoringFile Transfer Protocol (FTP) usage in z/OS environments continues to grow,incessantly, both inbound and outbound—with many of these transfers still beingunautomated, unregulated, unsecured, and unmonitored. Since it is not unusualfor a mainframe to participate in tens of thousands or even a hundred thousandtransfers a day, using FTP unmanaged cannot and should not be condoned.Unmanaged FTP violates the basic tenets of mainframe operations, compromisesthe integrity of mission-critical data, unnecessarily depletes mainframe MIPS, andundermines enterprise security.Hackers around the world are intimately familiar with all of the foibles ofstandard FTP. Using standard z/OS FTP without an additional layer of automated,real-time operational management creates a glaring, significant point ofvulnerability that is easy to exploit.Unmanaged FTP is an easy-to-find, unlocked, unguarded back door into yourmainframe.The lack of adequate FTP automation with programmatic error-handling andretry capabilities, furthermore, needlessly confounds z/OS batch processing,disrupts operational schedules, tests the resolve of help desk personnel,jeopardizes compliance, and in general saps both user and enterpriseproductivity. Suffice to say that standard FTP, unmanaged, is unsuitable for use intoday’s mainframe environments. Of that there should be no doubt or debate.VitalSigns for FTPp. 3Software Diversified Services

Z/OS FTP: LIKE ACHILLES, A WEAK HEEL UNDERMINES OVERALL STRENGTHz/OS, via its Communications Server suite, provides full-fledged, standardscompliant FTP capability with multi-IP-stack support that is robust and scalable.This FTP functionality consists of a z/OS FTP server and a z/OS FTP client. The FTPserver handles FTP requests from remote clients (e.g. downstream PCs ordistributed Unix systems) while the FTP client enables mainframe endpoints,whether batch jobs or real-time terminal users (e.g. TSO users), to interact withremote FTP servers.The server and client both support SSL/TLS-based security and generate NetworkManagement Interface (NMI) records for certain key events. The server includescallable program exit processing. The server can also produce SystemManagement Facility (SMF) records that duplicate the data contained in the NMIrecords.The FTP client contains an API which can be used to programmatically drive theclient as well as to minutely monitor its operations—on a command-by-commandbasis, if required. Appropriate ancillary software is, however, needed to takeadvantage of this FTP client API. There is no equivalent API currently available forthe z/OS FTP server—though, with ingenuity, the server’s post-processing exitroutines may be used to extract some comparable operations-monitoring data.Again, this requires third-party software.Basic makeup of z/OS FTP.VitalSigns for FTPp. 4Software Diversified Services

The low-level and somewhat ad hoc management-related features of z/OS FTPcannot be construed as offering sufficient security, automation, or real-time andhistorical monitoring for mission-critical, high-volume mainframe FTP operations.That is irrefutable.To have the necessary automation, monitoring, and management, z/OScustomers have no choice but to implement an ancillary FTP manager. Such anFTP manager, if well architected, will gainfully exploit, synthesize, and augmentthe IBM-provided FTP-management hooks and stubs, such as NMI, the client API,and server exits, to ensure that z/OS FTP can truly qualify as a mainframe-class,managed service. VitalSigns for FTP (VFTP), the focus of this white paper, is agood example of a well-architected, state-of-the-art z/OS FTP manager. VFTP, aswill be shown, adroitly addresses FTP automation, security, auditing, andmonitoring.The bottom line here is that standard z/OS FTP is robust and scalable, butwoefully inadequate management is its undeniable Achilles’ heel. Hence theimmediate justifiable need for a product such as VFTP to transform z/OS FTP intoa managed resource.A z/OS FTP batch job that will fail because of asimple, one-character typo—but will not resultin an NMI record being generated by the z/OSFTP client. Thus, there will be no record thatthis FTP transfer did not take place! Refer tothe narrative on the next page.VitalSigns for FTPp. 5Software Diversified Services

A QUICK BUT TELLING EXAMPLE OF CRIPPLING BLIND SPOTS IN Z/OS FTPConsider the relatively simple, but very typical, z/OS FTP batch job exampleshown on the previous page. In this example, a user named Tim is trying toupload a file to a directory on the remote machine designated "Tim." Tim,however, in the change directory (CD) command on line 17 of the JCL, mistypesthe directory name. Instead of "Tim," he types in "Tin". There is no such directoryon the remote machine.Consequently, when the z/OS FTP client sends this bad CD command to theremote FTP server, it will receive an error code. The z/OS FTP client will thenabort the job. z/OS will not notify Tim, in real time, that his FTP job aborted.Moreover, there will be no NMI record generated to denote that the transfer didnot occur and that the FTP job was abnormally terminated! The z/OS FTP clientonly generates an NMI record when an actual transfer, i.e. a put or get, isattempted. In this case, the error occurred prior to the put command.One can now easily visualize and even relate to the chain of events that are likelyto unfold. Assume that Tim was uploading this file so that a colleague, at adifferent location, can use it to complete a high-priority project. At some pointTim will get a call from his colleague to say: "Hey, I am still waiting. What’s up?"Tim will claim that he did indeed send the file and that it should have beenuploaded hours ago. While still on the phone, Tim scrambles to log onto theremote machine to locate the file. To his chagrin, he is unable to locate it.Tim then calls the local help desk. They query their logs but do not see anythingpertaining to Tim’s transfer. There is no confidence-of-success indication becausethe transfer never took place! They now have to start combing through the joblog to find what happened to that job. This takes time. At this stage nobody issure whether the job was executed—believing that this is the root cause of theproblem. Tim, unconvinced, decides that he better log on to TSO and see if hecan find the job. He discovers that his job did indeed run. Now he has to lookthrough the SYSOUT to see what transpired. It is then that he finds that a slip onthe keyboard was the culprit and that he needs to correct the CD statement andresubmit the job.Suffice to say Tim is not pleased that it took this much effort to determine whyhis FTP transfer failed. Neither is his colleague or, for that matter, the help deskpersonnel. Time was wasted. Productivity was squandered. Deadlines weresacrificed. Tempers frayed. User satisfaction suffered. All because z/OS FTP is inessence an unmanaged service—totally defying what is customarily expectedfrom mission-critical, high-volume system utilities.VitalSigns for FTPp. 6Software Diversified Services

Things would have been very different if VFTP had been present.Authorized users can gain access to the comprehensive and incisive managementdata collected and collated by VFTP via a very visual, point-and-click, webbrowser-based interface. Thus, it would be possible to permit users like Tim, aswell as help desk personnel, to have access to VFTP.With access to VFTP, all that Tim would have had to do when he received thedreaded "Where is the file you were sending me?" was to log onto VFTP andquickly click on the Problem Sessions query. He would have immediately seen hisFTP job on the list.He could then pull up the detailed VFTP Session Activity Log (see page 9) withanother click. This log would tell him, instantly, what went wrong. Tim could havedone all of this while he was still on the phone with his colleague. He could thenhave explained what happened. VFTP would have prevented the frustration andthe time that was squandered.Expanded view of the entries from the VFTP Session Activity Log with the errorclearly highlighted to facilitate instant detection.VitalSigns for FTPp. 7Software Diversified Services

Z/OS FTP IS UNMANAGED UNTIL AUGMENTED WITH AN FTP MANAGERStandard z/OS FTP is, in effect, an unmanaged service because the IBM supplied‘management’ features are not comprehensive and cohesive, as shown by theabove example. The IBM standard features are:» Incomplete – SMF/NMI records not generated for all FTP commands.» Intractable – no automated or conditional retries of failed commands.» Inexact – inability to selectively apply security criteria to individual FTPcommands.» Incapable – additional third-party software required to exploit server exits andclient API.» Incommunicative – limited options for real-time notifications via email or WTOoperator console messages.» Inefficacious – NMI/SMF records do not provide necessary context and aredifficult to categorize for audit purposes.Given these demonstrable shortcomings, it is easy to see why standard z/OS FTPhas to be augmented with a suitable FTP Manager à la VFTP. Without such an FTPmanager you will continue to be confronted daily with the following types ofproblems:1. Inability to implement meaningful automation, in particular for batch jobs, toovercome transient network outages, override certain return codes, andexecute recovery measures or activate contingency options—using conditionalIF-THEN-ELSE FTP execution sequences.2. Difficulty in providing the relevant FTP history records, suitably grouped, tomeet current audit and compliance requirements, e.g. HIPAA and SarbanesOxley.3. Exposure to major security breaches given that specific security criteria cannotbe selectively applied to individual FTP commands or file types, on a perauthorized-user basis, in concert with the z/OS SAF security facility (e.g. RACF).Thus, there will be constant dangers such as users with read-only access beingable to initiate off-site transfers or users trying to exploit certain functions ofthe potent z/OS server SITE command.4. Users, system/network operators, and help desk personnel experiencingproductivity and morale sapping delays due to the absence of incisive, realtime and historical FTP monitoring that would let them determine and rectifyFTP-related operational issues—quickly and easily. True FTP monitoring wouldput an end to that plaintive, perennial cry for help: "Can somebody please tellme what happened to that file I was trying to send with FTP?"VitalSigns for FTPp. 8Software Diversified Services

With this insight into the management deficiencies of standard z/OS FTP, it isnow easy to compile a profile of what a proficient FTP manager needs to be inorder to make z/OS FTP into a well-managed, mainframe-class service. The tableon page 10 sets out to do just this by categorizing the desired characteristics of afull-function FTP manager in terms of must-have capabilities and value-enhancingfeatures. The FTP manager that you opt for should indubitably possess, withoutcompromise, all the must-have capabilities and quite a few of the valueenhancing features.VFTP's information-packed and easy-to-follow FTP Session Activity Log.VitalSigns for FTPp. 9Software Diversified Services

CHARACTERISTICS OF A PROFICIENT Z/OS FTP MANAGERIMPERATIVEHIGHLY DESIRABLEΘ Provide automation, auditing,security, and monitoring for boththe z/OS FTP server and clientfrom within a single unified,consistent framework.Θ Extract, synthesize, and collatemanagement data from NMIrecords, FTP client API, and FTPserver exits to ensure totalvisibility with no potential for blindspots (even when no SMF/NMIrecords are generated).Θ Powerful, but easy to master, FTPcontrol language to realize batchmode FTP client automation.Θ Ability to selectively apply securitycriteria to individual FTPcommands or file types, on a perauthorized-user basis (withoptional date/time criteria), inconcert with the z/OS SAF securityfacility (e.g. RACF).Θ Detailed logging of FTP sessionsand transfers for both real-timemonitoring as well as data forregulation- compliant, off-lineauditing.Θ Options for notifying users andoperators of FTP status andprogress via email or operatorconsole messages.Θ Data collection that is unimpededby SSL/TLS encrypted transfers.Θ FTP client API usage that in no wayinterferes with or compromisesthe functioning of the client.Θ Augmentation of IBM’s newconfidence-of-success indicator toembrace error scenarios notcovered by standard z/OS FTP.Θ Browser-based, very visual, pointand-click monitoring with aconstantly visible navigation tree andinstant drill-down options—that isintuitive and simple to master.Θ Zero dependence on inefficient andoften inconclusive (as whentransactions are encrypted) datacollection techniques such as packettracing.Θ Modifiable queries that can bequickly and precisely targeted tomonitor specific types of file, user, orsession activity—with the option ofsaving the queries for later use.Θ Ability to easily locate various z/OSFTP problems with a single click—including client and server transferfailures, premature clienttermination, log-in failures, transfersthat ended with low confidencelevels, and commands that wererejected by security rules.Θ Tight integration with RACF, ACF2,and Top Secret.Θ Customizable summary-levelreporting to realize a bird’s-eye,network-wide view of FTP usage interms of who, what, when, andwhere.Θ Clean, scalable, low-overheadarchitecture that relies exclusively onstandard IBM provided APIs, exits,and data, and is fully conformantwith industry and z/OS standards.Θ Not dependent on external softwaresuch as DB2 and WebSphere.Θ Mainframe management softwarethat is quick and easy to install andmaintain.VitalSigns for FTPp. 10Software Diversified Services

VFTP TRANSFORMS Z/OS FTP INTO A MANAGED SERVICESDS, a company that has been successfully delivering mainframe software staplessince 1982, has made an indelible mark in the mainframe IP management arenawith its state-of-the-art, feature-rich, and nimble VitalSigns for IP (VIP). VIP hasbeen in production use since 2003 as a pervasive IP status, problem, andperformance monitor. It provides at-a-glance visibility of all the popular IPapplications, including FTP.VIP is not, however, an FTP manager. VitalSigns for FTP is.VFTP benefits from the experience and expertise that SDS gained with VIPproviding mainframe customers with in-depth, real-life, real-time IPmanagement. Consequently, the product objectives for VFTP were built aroundexplicit customer wishes, requests, and expectations as to z/OS FTP monitoring,automation, and control. VFTP sets out to satisfy all the characteristics of aproficient z/OS FTP manager as enumerated in the table on the previous page.VFTP modernizes z/OS FTP and transforms it into a mainframe-class, secure,mission-critical service. With VFTP, z/OS FTP can finally fulfill the competitive,compliance, security, and user satisfaction demands now confronting enterprisesaround the world.VFTP relies on an agent/server architecture with the agent, server, and VFTPdatabase all being z/OS-based in VFTP.The VFTP agent assimilates data, in real time, from both the z/OS FTP client andserver via NMI records, server exits, and the FTP client API (using VFTP's FTPclient wrapper).All the data gathered by the VFTP agent is maintained on the VFTP database.The VFTP server collates, analyzes, structures, and formats this data for on-the-flyconsumption by operators and users—who access and query the VFTP serverthrough a web-browser-based GUI.VFTP’s architecture is discussed further on page 19. VFTP is designed to workwith IBM’s z/OS FTP client and server.A well-known U.S. Secretary of Defense once famously said: "There are knownknowns. There are known unknowns. But there are also unknown unknowns."Heeding this caution, VFTP ensures that when it comes to z/OS FTP there will nolonger be any unknowns, whether known or unknown!VitalSigns for FTPp. 11Software Diversified Services

TEN STANDOUT FEATURES THAT SET VFTP APART1. Easy-to-master and versatile VFTP FTP Control Language (FCL) to automatez/OS FTP client batch mode processing. FCL eliminates the hitherto need formanual intervention whenever there is a glitch in FTP client operations—evenif the problem was due to a transient network outage. With FCL it is nowpossible to implement conditional FTP client execution sequences based onthe familiar IF-THEN-ELSE syntax.FCL permits the execution of FTP commands to be contingent on the outcomeof the previous command, responses received from the server, or return codesgenerated by the FTP client. FCL makes it possible to:» Retry failed transfers on a controlled basis.» Determine which failures, under what conditions, warrant recovery, andwhat the recovery steps should be—thus precluding the squandering ofresources on futile or inconsequential retry efforts.» Log germane state-of-play bulletins or detailed error messages to thesystem operator console using WTO commands.» Send email to designated personnel to notify them of any FTP aberrationsthat might jeopardize a file transfer.» Maintain an audit trail, at the system console, of all FTP transfers performedor those that failed to complete.FCL statements, denoted by a ";!" prefix, can be freely interspersed with FTPcommands—as shown in the FTP/FCL sequence on the following page. The useof FCL does not in any way hinder the execution or modify the behavior of FTPcommands. The processing of FCL statements to control the flow of FTPcommands is performed by the VFTP client wrapper, which interacts with thez/OS FTP client via the IBM supplied API.FCL ensures that z/OS FTP batch jobs can now enjoy the level of automationexpected from a mainframe utility.2. Tight integration with RACF, ACF2, and Top Secret, so that z/OS FTP can nowbe treated as a genuine secure resource. With VFTP it is now possible toselec