What we do

antoff IT inc offers a variety of service offerings based on the experience of past projects, but always tailored to client's specific needs.

Build brand-new RACF systems

The objective of this offering is to:

Provide RACF project design and planning
Review client security objectives
Introduce RACF features and concepts
Review client naming standards
Install RACF and populate the RACF database

Reengineering of RACF systems

The objective of this offering is to achieve an improvement and/or modernization of RACF security system using consultant expertise and RACF reporting tools. Such reengineering may be needed due to:

Conversion from CA-ACF2 or CA-Top Secret to RACF
Auditor's (internal and/or external) findings, demanding that missing, incomplete or wrong RACF protection to be dealt with and corresponding RACF controls implemented correctly
Upgrade to new versions of z/OS and/or planning to use new RACF features or components of the Security Server ( firewall, LDAP, PKI etc.)

Protect job submission with RACF

The objective of this offering is to achieve improved RACF security control, auditability and accountability over the production batch environments within the OS/390 and z/OS systems.

Migrate from CICS internal security to RACF

The purpose of the offering to migrate from CICS internal security to RACF is:

Identify how internal security of CICS resources is implemented
Implement RACF protection for CICS system transactions (categories 1,2 and 3, mirror, TCPIP etc.) and CICS system commands (such as EXITPROGRAM, SYSTEM, PROGRAM etc.)
Convert internal security for CICS applications to profiles in CICS general resource classes TCICSTRN, MCICSPPT etc.
Implement protection through profiles in grouping classes (GCICSTRN, NCICSPPT, VCICSCMD etc.)
Build access lists for application transactions and other CICS resources
Protect CICS logs through profiles in class LOGSTRM

Merge RACF databases

Merging databases may be done in various ways: using the IBM DBSYNC utility, in-house written programs, or third party tools. We recommend using the MERGE function of the zSECURE product from CONSUL.

Migrate to RACF from CA-Top Secret and CA-ACF2

We have a proven methodology to achieve successful migrations for large clients using third party conversion tools. This offering includes 5 deliverables: review of the CA-Top Secret or ACF2 security system, preparation of a migration plan, actual conversion, introducing RACF administration and reporting, post-conversion testing and tuning.

Migrate to RACF products having internal security

The purpose of these offerings is to migrate IBM and third party products from using internal security - to RACF. We have methodologies for conversion of SDSF, CA-1, VPS, Omegamon, Jobtrac etc.

Implement RACF security for Unix System Services (USS)

This offering includes: managing UIDs and GIDs, assigning superuser attributes, performing Application Identity Mapping, defining cataloged procedures to RACF, implementing Access Control Lists, auditing access to files and directories.

Implement RACF security for PKI Services

This offering includes: plan, install and implement z/OS Security Server PKI Services, create RACF environment for PKI prereqs (HTTP server, LDAP server, OCSF and OCEP ), create all necessary RACF profiles for PKI Services, create certificates and key rings, customize httpd.conf, pkiserv.tmpl and pkiserv.conf.

Implement RACF security for z/OS WebSphere Version 5

This offering includes: plan, install and implement z/OS WebSphere V5, create RACF environment for WebSphere (userids, groups, datasets, certificates etc).

Reporting for RACF

The purpose of this offering is to provide a comprehensive suite of reports for RACF. We can use ICETOOL, DB2 queries over downloads from RACF utilities IRRADU00 and IRRDBU00. Our preferred tool is CARLA language from CONSUL. We also offer a health checking reporting based on the CONSUL function CHANGE TRACK.

Auditing of RACF

The objective of this offering is to provide assistance and expertise to perform an assessment of the RACF environment. The assessment is based upon a comparison between a pre-defined best security practice checklist and the existing security implementation. A document will be delivered describing the findings and recommendations resulting from this security assessment.