“Current mainframe customers are discovering that it’s more cost-effective to extend and reuse existing applications with Web services and/or appropriate middleware,” Hudson says. This is occurring primarily in the banking, financial, and insurance industries.
“While historically, mainframe IAM has been confined to products such as RACF, ACF2 and Top Secret, we see the area expanding as leading vendors in this space expand their product capabilities to include IAM software products for provisioning (which includes roles and entitlements) and Web access management interfaces and tools for mainframe environments,” Hudson says.
RACF is now a component of IBM’s Security Server offering, which controls access to all protected z/OS resources. The IBM Security Server components also include Lightweight Directory Access Protocol (LDAP), firewall technologies, Enterprise Identity Mapping (EIM), Public Key Infrastructure (PKI) services, and network authentication service for the z/OS environment. An IBM source told Hudson there are now more than 5,000 unique applications for the System z platform, almost half of which are Linux-based.
CA offers ACF2 and CA Top Secret for z/OS, z/VM and z/VSE, and includes z/OS UNIX and Linux for System z, according to Hudson. It also offers the CA Web Administrator for ACF2 and Top Secret. This is a browserbased Graphical User Interface (GUI) option for customers on CA ACF2 and CA Top Secret r12 for z/OS, which enables centralized management of remote or delegated administration, and can reduce the learning curve for new systems administrators. Hudson points out that CA’s recent acquisition of Eurekify lets it provide “strong roles management” on the mainframe.
Sevral other vendors offer IAM products that work on other platforms. Some vendors, such as Centrify, offer products that work on multiple platforms. The Centrify Suite offers a centralized IAM solution that leverages Microsoft Directory. Centrify also supports Red Hat Linux running on IBM System z.
Oracle Identity and Access Management 10g runs on Red Hat Enterprise Linux A Release 4, Update 5. Sun also offers IAM products for the mainframe, but, with its purchase by Oracle, it’s not yet clear whether these will be rolled into Oracle’s product line.
Novell is among the vendors offering IAM solutions that run on multiple platforms. Its Privileged User Manager works across UNIX and Linux. FoxT’s Enterprise Access Controls integrate IAM infrastructure over UNIX, Linux, IBM System z, and Windows-based servers. Quest Software offers its Vintela single sign-on solutions for the UNIX, Linux, Mac, and Java platforms.
IAM solutions running on non-mainframe platforms tend to tie back into the mainframe, or should, for an enterprisewide view. That’s one reason IDC’s Hudson contends a comprehensive IAM architecture is necessary. Another reason is the growing mobility of the workforce.
“The IAM architecture must extend [out] to incorporate remote users accessing corporate data via laptops, cell phones, PDAs and so on,” Hudson says. “Identity assurance must be end-to-end—and the ends keep changing so the architecture must be both flexible and secure.”
Extending IAM to Other Platforms