VitalSigns for FTP (VFTP)

SDS USA logo

Automatic and transparent FTP-to-STFP conversion for z/OS

VitalSigns for FTP makes it easy to install precise, low-overhead security and automation for file transfer (mainframe SFTP, FTPS, FTP) to and from mainframes, and for mainframe FTP servers and clients.

VitalSigns for FTP is an integrated monitoring, auditing, management and security suite that allows companies of any size to ensure the highest level of security and compliance across multiple computing platforms.
VitalSigns for FTP addresses FTP's security shortcomings by fully integrating mainframe FTP with mainframe SAF security (RACF, ACF2, or Top Secret), and by making it easy to change standard z/OS FTP traffic into encrypted z/OS SFTP traffic.

Complete FTP security, easily implemented

FTP use has exploded in the past several years, and it might unfortunately be the biggest threat to your z/OS data infrastructure. The inherent shortcomings in FTP have costs, seen and unseen, in the areas of security, automation, and visibility. VitalSigns for FTP software overcomes serious FTP obstacles by instantly providing:

  • Appropriate security all across your organization, for both clients and servers
  • Comprehensive workload monitoring and management to ensure that you can meet your business needs
  • Easy-to-use and fully robust controls over the configuration and behavior of z/OS FTP clients
  • Thorough audit trails to assure compliance and monitor security

A full range of functionalities allow protection against inside and outside risks

  • VFTP users can secure individual FTP commands (for example, allow read-access to a data set while preventing its off-site transfer, or allow transfer of sequential files but not JES files).
  • VFTP lets you to treat commands to the z/OS FTP server as secure resources. You can selectively disallow any mainframe FTP server command, including individual functions of the powerful SITE command. You can allow FTP users to transfer the files they need, while preventing them from using FTP to snoop around.
  • VFTP readily collaborates with third-party mechanisms to encrypt traffic to and from a z/OS FTP client and transmit it through more secure protocols, such as TSL or SFTP.
  • As far as users are concerned, those kinds of security measures are automatic and transparent (no need to modify the JCL in batch jobs that invoke a z/OS FTP client).

Monitoring & auditing: complete mainframe FTP traffic records

Customers, regulators, and business partners hold you accountable for slow performance, delayed data, lost or stolen files. A growing body of government regulations (Sarbanes-Oxley, Gramm-Leach-Bliley Act, HIPAA, PCI DSS) mandate processes for adhering to standards and providing audit trails.

VitalSigns for FTP provides immediate, real-time notification when z/OS FTP jobs fail, and a comprehensive end-to-end audit trail. VFTP's detailed tracking and logging of all mainframe FTP transfers and file-transfer sessions tells you who transferred what, when, where, how. Was the transfer authorized? Was it successful? VFTP answers these questions and more.

Automation: control z/OS FTP clients online, script FTP commands in z/OS batch jobs

Typically, upgrading standard z/OS FTP to a more secure z/OS SFTP configuration requires revising the batch jobs that rely on the FTP client. That means editing, testing, and dealing with production red tape. An outage in FTP operations must be discovered, and then manually handled - often by restarting the entire operation. The costs add up: time lost while discovering the unusable file, time to re-start FTP, time to duplicate the transmission…

Now VFTP provides a revolution in FTP automation: by dynamically controlling configuration of the z/OS FTP client, and by recognizing batch jobs by name, job step, and user ID, then reconfigure the FTP client to use a specific route-clear text, SSL/TSL encryption, or mainframe SFTP. VFTP's controls for such work are simple, intuitive web-browser displays. You can change FTP client configuration and direct alerts to email addresses dynamically and easily. There is no need to whatsoever to revise JCL and test new batch jobs.