Overview

This course teaches you how to implement some of the advanced facilities available in RACF. Through a combination of classroom lecture and hands-on lab exercises, you will learn how to establish an RRSF environment, including using RRSF facilities to administer security of remote RACF databases from a single centralized location, allowing users to synchronize password changes among several associated userids, using RRSF facilities to automatically maintain synchronization of two or more separate RACF databases. Other major functions that you will study include RACF sysplex data sharing and sysplex communication, RACF support for z/OS UNIX, DB2 security using RACF, Network Job Entry (NJE) security, operator commands, program control and backup, recovery of the RACF database, PassTickets, digital certificatesand program signature.

Audience

This intermediate course is for Security personnel and RACF support personnel responsible for implementing RACF, administering RACF, or both.

Prerequisites

You should have:

• RACF administration skills (obtained by attending Effective RACF Administration BE87 or Basics of z/OS RACF Administration ES19), or equivalent experience.

Objective

• Explain the features and benefits of the various advanced functions in RACF
• Decide what features should be implemented in your installation
• Identify any migration considerations associated with these functions
• List the tasks that must be performed to implement the advanced security features, and develop an implementation plan
• Make the definitions in RACF to implement the advanced security functions

Course Outline

Day 1

• Welcome
• Unit 1 - Introduction to RRSF Exercises 1-4
• Exercise 1 - Defining RRSF nodes
• Exercise 2 - Directed commands and password and passphrase synchronization
• Exercise 3 - Remote administration
• Exercise 4 - Automatic command and password direction

Day 2

• Exercises 1-4 review
• Unit 2 - RACF sysplex support Unit 3 - RACF security for DB2
• Exercise 5 - Operator command security Unit 4 - Command and console security

Day 3

• Unit 5 - RACF support for z/OS UNIX
• Exercises 6-9
• Exercise 6 - Add a z/OS UNIX user
• Exercise 7 - Using the z/OS UNIX shell
• Exercise 8 - Using the USS ISPF shell and ISPF 3.17 Udlist function
• Exercise 9 - Access control lists (ACLs)

Day 4

• Exercises 6-9 review
• Unit 6 - Controlling network job entry
• Unit 7 - Backup and recovery of the RACF database Unit 8 - Program control
• Unit 9 - PassTickets
• Unit 10 - Digital certificates
• Unit 11 - Program signing and verification