Canada's Leader in Professional Development

855-581-7246 Call us: 416-368-7246 ext 2

Advanced z/OS Security: Crypto, Network, RACF and Your Enterprise

Currently no upcoming Class Dates


System z continues to extend the value of the mainframe by leveraging robust security solutions to help meet the needs of today's on demand, service-oriented infrastructures. System z servers have implemented leading-edge technologies, such as high-performance cryptography, multi-level security, large-scale digital certificate authority and life cycle management, improved Secure Sockets Layer (SSL) performance, advanced Resource Access Control Facility (RACF) function, and z/OS Intrusion Detection Services. This advanced z/OS security course presents the evolution of the current z/OS security architecture and explores in detail the various technologies involved in z/OS Cryptographic Services, z/OS Resource Access Control Facility (RACF), and z/OS Integrated Security Services.

In the hands-on exercises, you begin with your own z/OS HTTP Server in a TCP/IP environment. Throughout the exercises, you make changes to the configuration to implement authentication via RACF, SSL, and use of digital certificates. Use is made of facilities such as RACDCERT to mange digital certificates, PKI Services, and RACF auto registration. These exercises reinforce the concepts and technologies being covered in the lectures.


  • Describe the components of network security, platform security and transaction security on z/OS
  • Describe how RACF supports UNIX users and groups
  • Describe Web server security flow on z/OS
  • Explain the contents and use of a digital certificate
  • Explain the difference between asymmetric and symmetric cryptographic techniques
  • Explain SSL V3 client authentication
  • Explain the basics of WebSphere Application Server and Web services security
  • Utilize the RACDCERT command
  • Discuss the OCSF service providers
  • Explain VPN (IPSec), SSL/TSL, and AT-TLS and the differences between them
  • Discuss the z/OS Communication Server policy agent, IDS, and IP filtering
  • Describe and utilize System SSL
  • Explain how TN3270 and FTP SSL support works
  • Explain how IBM secure hardware cryptographic coprocessors work
  • Explain how Kerberos authentication works
  • Explain the LDAP terms of DN, object class, attribute, schema, back end, and directory


This intermediate class is intended for z/OS system programmers and security specialists in charge of designing and implementing z/OS security for Web-enabled applications.


You should have:

  • General z/OS knowledge including basic Unix System Services skills
  • Experience configuring any of the web servers on z/OS
  • Basic knowledge of TCP/IP and RACF.


3.5 days


  • Overview of z/OS Security for the On Demand Environment
  • z/OS Platform Security
  • Introduction to Digital Certificates and PKI
  • The SSL Protocol
  • HTTP Server Security and SSL Client Authentication
  • RACF and Digital Certificates
  • Open Cryptographic Services Facility
  • z/OS Communication Server Network Security
  • System SSL Overview
  • TN3270 Secure Connection
  • FTP Server and Client Secure Connection
  • Cryptography Overview - System z9 Integrated Cryptography
  • Network Authentication Services
  • Tivoli Directory Services (LDAP) in z/OS
  • An Introduction to OpenSSH for z/OS

Click here to reach us by Email Contact Us
About | Terms of Use | Privacy Visit our Facebook page   Visit ot Linkedin page   View our Tweets