Developing Effective RACF Administration Skills

Duration: 4 Days

Method: Instructor led, Hands-on workshops.

Price: $3200.00

Course Code: RF1000

Audience

System programmers or security administrators, security analysts or other technical support people which need to understand z/OS RACF Security Functionality.

Description

If you want to gain some proficiency in understanding z/OS RACF to support security administration for products and components running under the z/OS operating system, then this is the course for you. First, we will cover the essential elements for security implementation on z/OS. Next, we will go deep into RACF (Resource Access Control Facility) commands, resources, profiles, and options used to provide security under z/OS, including a look at some auditing facilities offered by IBM. We will then cover some enterprise-wide capabilities which integrate with security on other platforms. We then diverge into the UNIX System Services side of z/OS to cover the unique security considerations for that environment. We also include an introduction into the commands and structure of USS to ensure that you have the necessary knowledge to navigate around USS. This course will give you 8 hours of dedicated time to practice on our z/OS system.

Objectives

Upon successful completion of this course, the student will be able to:

Understand the breadth of security capabilities of security under z/OS and USS
Understand the commands, resources and utility functions necessary to implement strong security under z/OS and USS
Understand how to analyze what security profiles and rules are currently in place
Understand how RACF can be utilized in support of enterprise-wide security
Understand security implementation on USS plus the special security capabilities within

Prerequisites

Good working knowledge of z/OS plus its key components from a usage point of view. Several months experience using TSO/ISPF and JCL. A basic knowledge of application processes under z/OS.

Topics

I. Introduction to z/OS Security Basics
- Basic security facilities
- Security Server components
- Integrated security services
- Brief look at some special optional services
II. Security Server Administration from RACF
- A look into the basics of RACF and functions to work with it
- Overview of commands, profiles, classes and resource managers
- Detailed look at the implementation of user profiles
- Detailed look at implementation of group profiles
- Detailed look at dataset profiles
- Detailed look at general resource profiles
- Detailed look at some auditing tools provides
- A brief look at remote administration capabilities
- Implementation of digital certificates
III. Implementation of Integrated Security Services
- Working with Kerberos implementations
- Working with Enterprise Identity Management (EIM) implementations
- Working with LDAP and OCEP implementations
IV. Working with Subsystem Security Capabilities
- Working with CICS security functionality
- Working with MQ security functionality
- Working with Db2 security functionality
V. Introduction to UNIX System Services(USS)
- Overview of USS terminology, applications, file systems and services
- A bit more details about the USS file system
- Detailed look at the USS interfaces for your usage
- Special considerations for editing, copying and creation of USS files
VI. USS Implementation Requirements
- Implementation via software install functions
- Implementation of RACF requirements
- Detailed look at RACF commands and facilities to work with USS resources
VII. USS Security Administration
- RACF user and group facilities related to USS security
- RACF special resource profiles related to USS security
- Understanding the contents of the File Security Packet and usage considerations
- Detailed look at implementation of Access Control Lists (ACLs)
- Working with SECLABEL recourses
- Understanding the USS security daemons
- Working with z/OS utility programs which execute USS function