Hi Tom, You wrote:
> One product that is prominent in their discussions is RSA's > SecurID. Their website lists components for Windows, > Solaris, AIX, and Intel-based Linus. My boss is going to ask > them if they support systems on IBM zSeries platforms. Can do! RSA teamed up with Rocket Software, Inc., to develop an RSA Authentication Agent for IBM z/OS and OS/390 that, in ESM-Mode, integrates with RACF and co-exists with CA-ACF2 and CA-Top Secret. See <http://www.peritus.com/portfolio/agent/>. RSA, for which I've been a consultant for many years, has provided ACE/Agents for IBM mainframes for at least a decade, and -- on special order -- a mainframe-resident RSA authentication engine which can support a gargantuan SecurID user base. (That doesn't sound like what you are looking for, but some government agencies and consumer-oriented enterprises require an authentication engine with mainframe muscle.) The Rocket Mainfame Agent for SecurID for z/OS (now on v.2) is a native IBM VTAM app. Rocket has also developed a z/OS SDK, and a GWAPI plug-in to IBM's HTTP Server that support SecurID 2FA for the IBM WebSphere (v.3.5 and above). I think Rocket has also adapted RSA's crypto SDK, BSAFE, for z/OS. The Rocket Mainframe Agent it is only one of about 350 RSA-certified SecurID solutions, an unparalleled array of 3rd party apps and network devices with integrated support for RSA's 2FA options. These products all ship SecurID-Ready; many are essentially plug 'n play. The Rocket z/OS Agent reportedly takes about two hours to fully install and configure. Configurations options range from a single terminal or end-user to a complete network with multiple authentication servers. Communications between the Rocket Agent and an RSA Authentication Manager (RAM), on an stand-alone host, are encrypted UDP. Needless to add, the z/OS agent supports the full RSA SecurID portfolio of authentication devices, including: AES-based SecurID tokens (fobs or cards), classic SecurID cards, pinpad SecurIDs, SecurID smart cards, USB plugs with storage and a SecurID LCD for token-code display, and SecurID token-emulation software for PDAs, mobile phones, and physically-secured PCs and laptops. The USB SecurIDs display token-codes from one SecurID, but the memory stick can carry the seeds for another six "virtual" SecurIDs, which can be tapped by a PC-resident token-emulation app. Not all tokens are equal, of course. Not even all SecurIDs are equal. Some are more or less robust in the face of different threat scenarios, but you can surely find an appropriate 2FA token in the RSA portfolio. > Has anyone else had experience with this product even > without their mainframe systems being part of the setup? There is a lot of experience out there. There are 15,000 enterprises and government agencies which have installed RSA Authentication Managers (aka ACE/Servers) and issued various types of SecurIDs to employees, contractors, and consumers. Happy Thanksgiving, folks! Suerte, _Vin
