 |
|
 |
|
|
 |
|
|
|
Implementing RACF Security for CICS (ES840) Training |
| |
|
 | IACET credits 3.6 |
| |
| |
Learn about security implementation for Customer Information Control System Transaction Server (CICS TS) systems using Resource Access Control Facility (RACF) as the external security manager. Learn the implementation tasks for a single-region CICS system and Multi-Region Operation (MRO) or Intersystem Communication (ISC) connected multi-region CICS systems. Understand both the CICS and RACF definitions necessary to establish effective security controls for CICS. Explore the security interface between CICS, RACF, and DB2. Hands-on lab projects can be done in teams, depending on the number of attendees and location.
Apply what you learn in the classroom with hands-on lab exercises where you actually set up the definitions in both CICS and RACF. This lab begins with exercises where you familiarize yourself with the CICS and RACF lab environment. Start with a CICS address space that has no security and learn how to protect your CICS region resources. In subsequent lab exercises, set up user sign-on security, protect transactions, and set up resource-level security and System Programmer Interface (SPI) command security. In the last lab exercise, establish security between a Terminal-Owning Region (TOR) and an Multiregion Operation (MRO)-connected Application-Owning Region (AOR). |
|
| |
|
|
|
 |
|
 |
Skills Gained |
| |
|
| |
Identify the tasks that must be done in RACF and CICS to implement security
Develop a step-by-step plan to implement RACF security on your CICS systems
Implement RACF-based security for CICS systems in single-system and CICS intercommunication (MRO and ISC) environments
Make the definitions in RACF and CICS to protect transactions, CICS resources, and SPI commands
Protect CICS system resources so that CICS itself has access but others, such as TSO users or batch jobs, are denied access
Define CICS terminal users to RACF and restrict the CICS regions to which these users are allowed to sign on
Control access to individual CICS transactions, CICS application resources accessed by these transactions, CICS System Programmer Interface (SPI) commands used within transactions, and installation-defined resources used to support application-specific security requirements
Use RACF to secure access to CICS from other platforms via Advanced Program-to-Program Communication (APPC) connections
Identify the key areas to secure for CICSPlex System Manager
|
|
|
|
Who Can Benefit |
| |
Security or CICS support individuals who design, implement, or administer RACF security for CICS systems. |
| |
|
|
|
|
Prerequisites |
| |
Familiarity with either RACF or CICS. |
| |
|
|
|
|
IBM Education Advantage Program eligibility: |
| |
|
| |
Yes - IBM Education Pack - online account
Yes - IBM Education Card
Yes - IBM Corporate Education Pass
|
|
|
|
Remarks |
| |
This course is intended for customers with either zSeries or S/390 servers and is part of the z/OS and OS/390 curriculum. |
| |
|
|
|
|
|
|
| |
|
| Code: |
ES840 |
| Length: |
4.5 days |
| Type: |
Instructor-Led |
| |
|
| Certified By: |
IBM |
| Tuition: |
$3,910 |
|
 |
 |
This course is taught by Certified IBM instructors. There is a difference. Learn More  |
|
|
| |
| | | | | Chicago, IL | Nov.9.2009 - Nov.13.2009 |  | | | | | |
|
| |
|
|
|
|
|
|
|
 |
| In this unit we will provide an overview of CICS for the student who has little or no CICS experience or training. We will focus on those aspects of CICS that are of interest from a security point-of-view, highlighting the security concerns within a CICS environment.
By doing the online lab exercise the student will become familiar with the lab environment and start a CICS region. Those students new to CICS will be exposed to some CICS provided transactions needed in later labs and will use the sample transactions that will later be subject to RACF security. | |
| In this unit we will provide some RACF background for the student who has little or no prior RACF experience or training. This is from the point-of-view of CICS only. We will focus on RACF as it pertains to CICS and minimize discussion of RACF facilities that have no interaction with CICS (such as the RACF global table and OPERATIONS attribute).
In this lab, you will use the RACF commands and/or panels to gain some basic skills in RACF. You will log onto TSO as a delegated security administrator and then display various RACF profiles for a user, a group, a data set, and a transaction. In exercises later in this course, you will actually define RACF user profiles, group profiles, data set profiles, and CICS. | |
| Protecting the CICS region | | In this topic we will discuss where security controls can be implemented to control access to CICS system data sets and application data sets from accidental and intentional access. We will see that we must give the CICS address space a user ID so that we can give CICS permission to open the data sets it needs.
The student will identify what security can be implemented for the CICS address space, and define the RACF profiles needed to implement security for the CICS address space.
This is the first of a series of exercises through which you will implement security for your team's CICS environment, much like you will need to be able to do in the real world after you've completed this course. The lab exercise instructions will ask you to define profiles to control access to CICS's data sets, and define a user profile for CICS so that you can give CICS permission to OPEN its data sets. You will also be asked to create a profile so that VTAM can protect the APPLID value used by your CICS region. | |
| In this unit we will describe the process that CICS and RACF go through when a user signs on to CICS. The various RACF definitions that have to be made to implement security for sign-on will be discussed.
In this lab you will gain experience setting up CICS and RACF for sign-on security. You will define user profiles required by CICS when security is activated for a CICS region and authorize these userids to sign on to your CICS region. You will make changes to CICS system initialization parameters to activate security within your CICS region. You'll also define several user profiles to represent a small user population, authorize these users to sign on to your CICS region and then test these userids that you've defined to verify that they are each able to sign on successfully to your CICS system. | |
| |
| After completing this unit, you should be able to describe the authorization checking process that RACF uses to control access to transactions. You will be able to make definitions in the System Initialization Table (SIT) to activate CICS for transaction security. We will explain how profiles to protect transactions can be defined in the member and grouping general resource classes. You will learn how to define RACF profiles to control access to transactions
The lab exercise will have you defining the RACF resource profiles needed to control access to transactions and make the appropriate changes to the SIT to activate transaction security. | |
| CICS resource and SPI command security | | After completing this unit, the student should be able to explain the security facilities available for CICS resources, and explain when resource-level security is needed. We will explain the definitions in CICS and RACF to setup resource level security. Also, in this unit, we will explain what control is provided for SPI command security and how to make the definitions in CICS and RACF to implement SPI command security.
In this online lab exercise you will make definitions in CICS and RACF to implement security for CICS resources and SPI command security. | |
| CICS Intercommunication Bind and Link Security | | Now that you have learned how to set up security for a single system, we will build upon that experience to extend the security controls to encompass the typical environment in which a number of CICS regions are connected to form, a complex of multiple CICS regions. In many cases, one or more of these CICS regions can be connected to another node or system that supports APPC (also known as LU6.2) communication, but may well not be a CICS system running on a zSeries processor. This unit will introduce this heterogeneous communication environment and the security controls available within CICS.
In this lab exercise you will gain hands-on experience setting up security for a CICS Multi-region operation (MRO) environment.
You will learn to make the additional definitions that are specific to the security mechanisms that CICS provides for interconnected CICS systems using Inter-region communication (IRC).
You will establish Bind Security controls to ensure that only the two
CICS regions that you intend to establish a connection are capable of doing so. You will make the necessary definition to establish Link Security controls between these two systems to allow each system to limit the transactions and resources accessible to the other. | |
| CICS Intercommunication Conversation Security | | This unit will take Bind and Link Security one step further and address Conversation Security. We will also explore the security issues that arise when CICS is communicated to by non-CICS systems, such as AS/400, IMS, APPC, and so forth. We will learn what facilities are available to provide security for these environments.
In the lab exercise you will make the appropriate definitions in CICS and RACF to implement User Security between any two CICS regions, such as between a TOR and an AOR.
Securing CICSPLex SM
This topic describes how to implement security for CICSPlex System Manager (CICSPlex SM).
Planning for Implementation
After completing this unit, you should be able to develop a plan to implement security in CICS systems using RACF
CICS and DB2 Security
In this unit, we will explore the security interface between CICS, RACF, and DB2. We will concentrate on the security facilities available in CICS and RACF and will not attempt to teach DB2 security. | |
| In this unit, we will explore the security interface between CICS, RACF, and DB2. We will concentrate on the security facilities available in CICS and RACF and will not attempt to teach DB2 security. | |
| |
|
| |
 |
| |
 |
|
| |
When you take a certified course with ExitCertified, you are learning from
the creators of the products you use. Our commitment to your IT
community, along with our authorization to deliver certified courses,
ensures you receive a premium training experience.
There is a difference. Learn from the source. |
|
|
 |
|
|
 |
|
