Dangers With Unmanaged FTP on Your z/OS Network
The unique z/OS FTP doesn't embrace basic security safeguards. Its drawbacks embrace no audit path and little granularity in entry rules. Mainframes being the important data holders of the group, one can imagine how catastrophic a safety situation with FTP on z/OS can be. Deploying an FTP management software might be the best solution to cope with safety points resulting from unmanaged z/OS FTP.
On z/OS, the FTP performance consists of an FTP server and an FTP client. The FTP server handles requests from distant clients, like downstream PCs or distributed Unix methods, whereas the FTP shopper permits mainframe end-factors to work together with distant FTP servers.
Many FTP transfers on z/OS are un-automated, unregulated, unsecured, and unmonitored. The dearth of adequate FTP automation, especially programmatic error-dealing with and retry, needlessly confounds z/OS batch processing, disrupts operational schedules, assessments the resolve of assist-desk personnel, threatens compliance, and in general hurts both consumer and enterprise productivity.
A z/OS FTP batch job can fail even due to a simple, one-character typo. However, it doesn't generate a Network Administration Interface (NMI) record. In a typical FTP operation, you solely see an NMI report only when a batch job succeeds. This makes it difficult for a consumer to know the explanation for an abnormal termination. Actually, a person may not even know that the FTP operation failed. It is a excellent instance of administration deficiency of standard z/OS FTP.
Difficulty offering FTP history records makes it troublesome for users, system/community operators, and assist-desk personnel to quickly and easily determine and rectify any FTP-related operational issues.
The usual z/OS FTP, being unmanaged, is just not suitable to be used in at present's mainframe environments. Specific security standards cannot be selectively utilized to particular person FTP commands or file types, on a per-licensed person foundation, in live performance with the z/OS SAF safety facility (e.g. RACF). Thus there can be constant dangers, comparable to customers with learn-solely entry having the ability to initiate off-web site transfers, or customers trying to use certain features of the potent z/OS server SITE command.
FTP management software program makes z/OS FTP right into a nicely-managed, mainframe-class service. It will probably present customary z/OS FTP with automation, monitoring, security or auditing capabilities expected of a high-volume, mission-vital mainframe utility. Administration software program can benefit from the FTP client API to drive the client programmatically. It could use server exit packages to monitor FTP operations on a command-by-command basis. With an FTP supervisor in place to reinforce z/OS FTP, there'll not be any unknowns, safety exposures, compliance shortfalls, or operational setbacks as a result of un-automated transfers.
By enabling monitoring, automation, and control of the usual z/OS FTP, you will eliminate administration deficiencies and safety vulnerabilities. This is potential by deploying a real FTP manager.