zTrust® Password Synchronisation

Synchronize changes across your mainframe estate

Enabling password/pass phrase synchronisation for multiple ESMs

ZTRUST® Password Synchronisation is a security utility that eases the process of synchronizing password changes across multiple Enterprise Security Management (ESM) systems in real time.

This software is particularly useful for sites with hybrid ESM products such as RACF, Top Secret and/or ACF2.

  • Links incompatible ESMs
  • Automatically detects password/pass phrase changes in real-time
  • Automatically forwards changes to remote ESM systems
  • Industry-standard TLS encryption in addition to internal ZTRUST® encryption
  • Enables single and bi-directional synchronisation
  • Agent and Master architecture to reduce system definitions and cross-sysplex connections
  • Secure repository to temporarily queue changes
  • Whitelist/blacklist configuration options

Why you need ZTRUST® Password Synchronisation

Large mainframe sites typically synchronise password changes using ESM vendor supplied features such as RRSF and CPF. Due to historic mergers or perhaps during a large migration exercise, mainframe sites can have a mix of ESMs from different vendors, and cannot synchronise passwords across differing ESM boundaries.

How ZTRUST® helps

ZTRUST® Password Synchronisation addresses this limitation by providing any-to-any password and pass phrase synchronisation between any combination of ESM – essentially providing a link between incompatible ESMs. ZTRUST® can be used in parallel with RRSF and CPF or can potentially be used as a replacement for password/phase synchronisation functionality. Key features include:

  • Automatic real-time detection of password/pass phrase changes. AES-256 encryption of any passwords, pass phrases and userids temporarily held in transient storage.
  • Automatic forwarding of changes to remote ESM systems. Sensitive data is encrypted throughout, even if the network connections are not encrypted.
  • TCP Communication between ZTRUST® instances, enabling TLS encryption to industry standards to be used in addition to the internal encryption implemented in ZTRUST®.
  • Single and bi-directional synchronisation: sites can decide to implement bi-directional synchronisation between two or more ESMs, or to only synchronise in one direction.
  • Agent and Master architecture reduces system definitions and cross-sysplex connections. Agent systems forward local changes to a centralized master that routes the changes to one or more remote ESMs.
  • Secure repository temporarily queues changes that cannot be delivered to one or more remote systems due to system or network availability. Transactions are saved in an AES-256 encrypted state and automatically discarded after a configured period of time if they cannot be delivered.
  • Whitelist/blacklist configuration options to restrict the subset of users for whom passwords and pass phrases are synchronised.

Get in touch

Get in touch to find out more about these and our other fully supported bespoke mainframe software solutions. Vertali is an IBM PartnerWorld member.

Back To Top

Based on your location, we think you may prefer the Vertali APAC site where you’ll get regional content, offerings and contacts.

APACVertali APAC Vertali Global

Dismiss