Rather than dance around and come up with some expensive, fragile kludge, why not just document the business / technical requirement and let management duke it out.
This is, after all, a political issue. I would expect some push pack from the PC folks and the more clueless auditors, but your business/technical case is pretty straightforward. And, no, SSH is not a mainframe quality solution. Keep in mind that FTP like services can be, in fact, a serious exposure to Windows servers and (to a lesser degree) other non MF servers. 'Man in the middle' servers (using some sort of store and forward strategy) seem to be surprisingly 'soft' targets and seem to be popular attack vectors. PCI compliance seems to favor point to point over MITM solutions. I would compose a simple memo with that same quote (along with a link to the source document) to frame the question to management. You might note that you have queried the community and found that a significant number of shops have embraced FTP as a strategic business direction. And many of those shops are PCI compliant. And your competitors. HTH and good luck. -----Original Message----- From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of Barbara Nitz Sent: Monday, August 24, 2009 1:47 AM To: [email protected] Subject: Software delivery via internet or tape This is probably a bad time to enquire about it (as most of you are at Share), but here goes: I read in the SOD: "IBM plans to discontinue delivery of software on 3480, 3480 Compressed (3480C), and 3490E tape media. IBM recommends using Internet delivery when ordering your z/OS products or service which eliminates tape handling. If you must use physical delivery, you may continue to choose 3590 or 3592 tape media. Internet delivery is IBM's flagship delivery method; therefore, future software delivery enhancements will be focused on Internet delivery. " Seeing how 'internet delivery' is the prefered method, how many of you are allowed to have a direct ftp connection to IBM? We certainly are NOT allowed to have that! So 'internet delivery' means downloading to a PC (provided there is enough space on the PC, and I don't even know if the 'toaster' - citrix clients - can download via ftp), then uploading to z/OS again, provided there is enough space there, too. Takes hours, is full of errors. How are others handling this? Best regards, Barbara NOTICE: This electronic mail message and any files transmitted with it are intended exclusively for the individual or entity to which it is addressed. The message, together with any attachment, may contain confidential and/or privileged information. Any unauthorized review, use, printing, saving, copying, disclosure or distribution is strictly prohibited. If you have received this message in error, please immediately advise the sender by reply email and delete all copies. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
