Sort by:

Category:

Brand:

Name (A-Z):

Free tools:

Leverage our free tools to help address some of your basic business challenges and needs. Go »

Test drive our software:

Download evaluation software for several of our brand products. Go »

Close panel

You are here: Home Security Rocket Key Bridge for IBM ICSF and RSA Key Manager, for z/OS

Rocket Key Bridge for IBM ICSF and RSA Key Manager, for z/OS Overview

Leverage Your Strengths

The current regulatory and economic climates demand more from your technology, and your skilled staff, than ever before. This is particularly true in your mainframe environment: sensitive data abound, downtime is unaffordable, and processing power, software development, and administration expertise each come at a premium.

To optimize performance and minimize the use of valuable CPU time when securing sensitive data in your mainframe applications, you've invested in cryptographic coprocessor hardware for your mainframe. That investment has shaped your application source code and administration processes.

Due to regulatory compliance pressure within your organization, choosing and implementing an enterprise key management solution has become a priority. You may have already identified RSA Key Manager as the class-leading solution for enterprise key life-cycle management. If so, you may already be realizing the value of timely access to policy-driven cryptographic key material for an authorized set of applications or devices throughout your enterprise.

IBM ICSF and RSA Key Manager are wise investments. Rocket Key Bridge for IBM ICSF and RSA Key Manager makes them wiser. It leverages Rocket's deep understanding of both industry-leading technologies to exploit their respective advantages.

Streamline Mainframe Key Management and Auditing

Rocket Key Bridge keeps your mainframe encryption key material up to date, and synchronized with changes that occur inside RSA Key Manager Server. As keys are imported, ICSF record labels are automatically chosen according to your organization's naming standards.

The RKBADMIN utility allows authorized mainframe administrators to retrieve the most up-to-date ICSF record label information for any managed Key Class, and makes your process for encryption key rollover simpler, more secure, and less error-prone.

Because Rocket Key Bridge notifies the RSA Key Manager Server whenever it chooses an ICSF record label for a new piece of imported key material, the RSA Key Manager Server can be used to audit the flow of sensitive key material to your mainframe environment. The granular SAF authorities supported by Rocket Key Bridge allow your mainframe security administrators to ensure that the imported keys are used appropriately.

Security in Depth

Where Rocket Key Bridge functionality requires network communication between hosts, all such communication is secured by mutually-trusted TLS connections. Additionally, the client identity in each TLS connection must be positively authorized to access the services it is requesting.

Inside the IBM z/OS mainframe environment(s) where Rocket Key Bridge services are available, requests for such services are subject to a granular set of SAF-based authorization checks. These SAF authorities are fully documented, and can be configured by the security administrator to test the requesting user against both the type of operation requested, and the data to which the operation applies.

Highlights

  • Requires no changes to application source code
  • Uses the class-leading enterprise key life-cycle management of RSA Key Manager
  • Automates and streamlines encryption key rollover for mainframe cryptography applications
  • Simplifies regulatory compliance auditing for mainframe cryptography applications
  • Built for high security and high performance; uses specialized mainframe cryptographic hardware and native key stores
  • Granular, SAF-based access control; supports all major External Security Managers (IBM RACF, CA-ACF2, and CA-TopSecret)
  • Easy installation includes an intuitive administration utility
  • Includes a powerful set of call-level interfaces for deep integration options

System Requirements

  • IBM z/OS 1.9, 1.10, 1.11, or 1.12
  • IBM System SSL, Cryptographic Services base
  • IBM CryptoExpress2 (CEX2C) or CryptoExpress3 (CEX3C) cryptographic coprocessor installed
  • A network-accessible instance of RSA Key Manager Server v2.7 or later

Some components of Rocket Key Bridge for IBM ICSF and RSA Key Manager run on a Linux instance with the following requirements:

  • Linux Standard Base 3.0-compliant Linux OS (SLES 10+ recommended)
  • Support for software compiled for 32-bit x86 architecture
  • RSA Key Manager Client v2.7.x for LSB 3.0 and 32-bit x86 architecture

This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit. (http://www.openssl.org/)

Document Actions
Contact Us

Contact us today to request a quote, arrange a trial of the software in your environment, or to schedule a phone consultation with a domain expert to help evaluate whether Rocket Key Bridge for IBM ICSF and RSA Key Manager is a good technical fit for your organization.

request more info


Rocket Software develops, licenses, and supports enterprise infrastructure software and solutions. Rocket services customers in all geographies through our worldwide sales force, support team, and R&D labs. Our customers deploy our products in these strategic infrastructure domains: application development, application modernization, business intelligence, compliance and security, consumer productivity, database servers, database tools, file transfer, mainframe productivity, network management, publishing and search, SOA and integration, storage management, terminal emulation, and text mining.