RA2FM zSS for Forensic Investigation - the best and only professional RACF PC/OSX/iOS tool
RA2FM - a new way to view/audit your RACF© environment. It is a dream tool for anybody having to deal with RACF©. Make RACF snapshots.
Companies that have outsourced all or some of their mainframe operations & support are even more at risk, having surrendered control to a third party.
Have you ever tried to perform computer forensics on a mainframe with RACF© installed? RA2FM is the only tool that can help you. With RA2FM you can go back n-1 versions e.g. to compare RACF definitions and all its associated datasets with the protecting profiles from HSM©, RMM©, CA1©, JCL, SMF, Catalogs plus load module information. An installation can at any time re-load older RA2FM flat files or simply keep n-1 numbers of PC/OSX RA2FM versions to review historical information. One click and you can create a complete copy of RA2FM - something you can never achieve with e.g. DB2© etc. !
For powerful data-mining RA2FM© zSS is a must.
Reduce your mainframe audit costs by >50-80%
Perform your RACF© audits in days instead of months - saves up to 80%.
Simplify your audits. No need for DB2© or Microsoft Access©.
Keep your audit findings for years to come e.g. on your server.
Comprehensive auditing and reporting
You can ONLY effectively process and analyze your audit data using RA2FM zSS.
zSS is your security therapist℠ - simply the best RACF® audit utility
I'm your RACF® security therapist℠
As one user claims: "The best thing I have ever come across for long time" and it even works on my iPAD plus I have ALL I want on one SINGLE scrollable screen pertaining to a profile. It supports as well HFS/ZFS and finally I can get rid of my Excel sheets."
It is like driving suddenly a Porsche!
Another user: "When trying to view and integrate off-shore RACF DBs, we finally have a great tool to get a better and faster understanding on how their setup was done."
Another user: "Great - I can finally dig through the SMF access report plus loading my own batch reports as well plus I can get rid my Excel solution. Love the new summary information about the RACF profiles."
z/OS Systems Engineer Benelux: "Great tool! No RACF bod with street credibility should be without. It makes (RACF) life so much easier."
z/OS Systems Engineer Japan: "It is the tool I actually would expect from IBM."
Another user: "Лучшая аудиторская программа которой я когда либо пользовался"
RA2FM is a relational DB system, allowing you to view not just RACF profiles, but rather to view/audit the complexity of your z/OS system.
RA2FM offers a view of the resources never seen before and something you are unable to have under 3270 emulation even with DB2©.
All RACF dataset profiles for outputs like DCOLLECT, Catalogs, System datasets will be obtained by the RA2FM host batch programs.
An auditor could go back endless RA2FM RACF snapshot versions!
The perfect ADD-ON for those using the z/OS SECURITY TECHNICAL IMPLEMENTATION GUIDE (STIG).
How does it work?
Multiple screens as many as you please?
view multiple RACF profiles side by side from different systems to compare items!
Group tree
YES - all details/segments per profile on ONE screen!
Key features:
- Works on iPAD (iOS), OSX and Windows
- Supports multiple RACF databases
- Search on anything related to any RACF profile type
- Outperforms any other solution i.e. DB2 solution
- Most flexible and secure from unauthorized access (all supported platforms)
- Productivity increase in excess of 1000% versus standard solutions or simply return the product
- Minimal learning curve
- The quickest way to get to know your RACF environment i.e. ideal as well for any novice
- Very easy to use
- Ideal tool as well for a novice in RACF© to learn about your security setup/implementation
- Each user has his own RA2FM on a PC/iPad - hence no interference with anybody else e.g. file missing; data has changed; server not available etc.
- Reduces paper reports - saving costs
- The whole solution is now portable - NOT TRANSPORTABLE i.e. by using an iPAD
- Drill up and down, left and right
- All relevant information (all segments) on one single screen(=window)
- Access lists pertaining to a group or user profile are on the same screen - no screen switching required
- Guess work concerning profile fields or segments vastly reduced to zero
- Analyze critical information on the fly
- Identify easily problems i.e. UACC not NONE, WARNING = YES etc.
- View profiles side by side - any combination possible - no way with i.e. 3270 screens/DB2 etc.
- Helps to reduce errors or fix problems
- You can view multiple RACF databases by limiting the search to a given system i.e. by the SMFID
- You can install as many RA2FM's on any supported system e.g. for each RACF DB one - an ideal solution for corporate auditors
- Profiles can be tagged for i.e. further investigation / follow up. Simply issue a search on tagged profiles (on or off)
- Once profiles have been loaded - no more IBM Host resources are required - hence you can drop any DB2 Solution now
- No complex DB2 SQLs or DB2 knowhow etc. is anymore required by the end-user
- Any "FINDs" can be stored for future references - a feature of supplied database
- Overall one of the very best solution for all auditors, RACF administrators and IBM Host Systems Engineers. Superior than any ACCESS© or EXCEL© or DB2© etc. solutions, as it runs on multiple platforms.
- Create instant Email based on selected/found profiles i.e. to inform another user about potential issues
- Create a PDF based on selected/found profiles - (FM runtime does not support this function. Instead you have to use the PRINT function from the FILE menu under OSX. Under Windows you must install i.e. a tool like doPDF from http://www.dopdf.com/de/quick-download.php which is free to create a PDF.
- Quick find - find 'anything' 'anywhere' in all profiles/records ( it is like SPOTLIGHT)
- View ALL profiles in table style format if needed
- Create VISIO© stencils as of Version 3.xx
- Integrated/independent task management solution to track open issues pertaining to RACF - this is a modified/free solution from FM©
- Free format SQL support - SQLs can be stored in a repository for future reference
- Random password generator
- Beyond RACF - there is much more to it:
- Interact with IBM's SMF IRRADU00 and IRRDBU00 data i.e. for access records (currently only the EVENT ACCESS is supported)
- Interact with IBM's DCOLLECT (Dataset, Cluster, Volume records, Backup (MCDS), Migrat (BCDS) ) based on their RACF profile names
- Interact with ICF catalog
- Identify/find user-IDs with too many connects and permits
- Support of LNKLIST, APFLIST, APFLIST, PAGE, DUMP, CATALOG entries with protecting RACF profiles.
- Support of PARMLIB members: IKJTSO00, SCHED00, IEFSSN00, IEASVC00, IFAEDLIS.
- Identify excessive connects and permits in the user profiles
- Identify how much space a user-ID or group-ID is using
- Extended table views of profiles
- Automatic space calculation for DCOLLECT records to identify storage usage e.g. by SMS class, high-level qualifiers or RACF profile names
- Display how mach storage a RACF user or group has allocated on your system
- Excessive access rights: View "IN-direct" accesses per user-ID i.e. to how many resources has a user-ID access via permitted group-IDs. You will be surprised by the figures calculated on the fly. Auditors/Admins have normally no clue to how many resource profiles a single user is 'permitted' due to over-authorization via connected group-IDs - so called 'roles or functions'.
Benefits:
- Perform audits in days and not in months
- Reduce daily frustrating and labor intensive tasks i.e. under TSO or DB2 or Batch to find the necessary items and its related RACF segments
- Save labor costs and increase employee productivity
- Reduce your regular external and internal audit costs
- Reduce costs on your mainframe in case you get charged by CPU/IO's
- Multiple RACF Databases in one single tool at your fingertips
- No SQL's to learn but we support SQLs as of Version 7.9.5
- Very easy to install unlike other solutions
- You have your security data present even at your meetings if necessary
- Ideal tool to get to know one or more RACF database(s)
- Ideal tool for trainees to learn about RACF segments and its fields plus its relationships
- Unparalleled search/reporting capabilities unlike e.g. CARLa from IBM etc.
- It gives you a more complete picture about all resources used / defined apart from just RACF profiles
- The very first tool which includes not just RACF related information i.e. DCOLLECT, HSM, CA1, RMM, Catalogs
- Standalone tool
- State of the art software which works as well on an iPAD (any iOS device with FM GO) - most handy
- Can be utilized by visually impaired users, as the layouts can be re-sized
- The only comprehensive RACF PC tool which works under Windows and OSX and iOS (iPAD, iPHONE)
Prerequisites:
- Windows or OSX and/or iPAD (for the iPAD download from Apple app-store Filemaker GO 12 for iPAD - it is FREE!) - it is not recommended to run RA2FM2 on an iPhone due to its limited screen size). RA2FM gets loaded on the iPAD via Apples iTunes (click on the apps - then on FILEMAKER GO and add RA2FM to it - YES thats all!)
- It is highly recommended to utilize a large screen >= 19inch under OSX or Windows, as you can view multiple windows under RA2FM.
- IRRDBU00 program from IBM
- IRRADU00 program from IBM (optional)
- IRRHFSU program from IBM supporting ZFS/HFS offloads refer to http://www-03.ibm.com/systems/z/os/zos/features/racf/downloads/irrhfsu.html (optional)
- RACF® (with updated IRRDBU00 record layouts by IBM, it may become necessary to replace the RA2FM products to support e.g. new field names or new records)
- ESA up to z/OS 2.2
- RA2FM batch interface RA2$FM02 (install one LINKLIB plus SAMPLIB) - shipped in XMIT binary format. Program RA2$FM02 has no hooks into the operating system. RA2$FM02 requires a CPU Key which has to be requested from supplier or local distributor.
- RA2FM is fully compatible with IBM's IRRDBU00 (IRRADU00 type ACCESS) and IRRHFSU field/record layout up to z/OS 2.2
- You need an FTP program like FileZilla to transfer the files created by RA2$FM02 on the IBM mainframe to WIN/OSX in ASCII mode.
The following RACF IRRDBU00 records are supported by RA2FM zSS:
- 0100- - -Group Basic Data
- 0101- - -Group Subgroups
- 0102- - -Group Members
- 0103- - -Group Installation Data
- 0110- - -Group DFP Data
- 0120- - -Group OMVS Data
- 0130- - -Group OVM Data
- 0140- - -Reserved
- 0141- - -Group TME Data
- 0150- - -Reserved
- 0151- - -Group CSDATA Custom Fields
- 0200- - -User Basic Data
- 0201- - -User Categories
- 0202- - -User Classes
- 0203- - -User Group Connections
- 0204- - -User Installation Data
- 0205- - -User Connect Data
- 0206- - -User RRSF Data
- 0207- - -User Certificate Name
- 0208- - -User Associated Mappings
- 0209- - -User Associated Distributed Mappings
- 020A- - -User MFA Factor Data Record
- 020B- - -User MFA Policies Record
- 0210- - -User DFP Data
- 0220- - -User TSO Data
- 0230- - -User CICS® Data
- 0231- - -User CICS Operator Classes
- 0232- - -User CICS RSL Keys
- 0233- - -User CICS TSL Keys
- 0240- - -User Language Data
- 0250- - -User OPERPARM Data
- 0251- - -User OPERPARM Scope
- 0260- - -User WORKATTR Data
- 0270- - -User OMVS Data
- 0280- - -User NETVIEW Segment
- 0281- - -User OPCLASS
- 0282- - -User DOMAINS
- 0290- - -User DCE Data
- 02A0- - -User OVM Data
- 02B0- - -User LNOTES Data
- 02C0- - -User NDS Data
- 02D0- - -User KERB Data
- 02E0- - -User PROXY Data
- 02F0- - -User EIM Data
- 02G0- - -Reserved
- 02G1- - -User CSDATA Custom Fields
- 0400- - -Data Set Basic Data
- 0401- - -Data Set Categories
- 0402- - -Data Set Conditional Access
- 0403- - -Data Set Volumes
- 0404- - -Data Set Access
- 0405- - -Data Set Installation Data
- 0410- - -Data Set DFP Data
- 0420- - -Reserved
- 0421- - -Data Set TME Data
- 0500- - -General Resource Basic Data
- 0501- - -General Resource Tape Volume Data
- 0502- - -General Resource Categories
- 0503- - -General Resource Members
- 0504- - -General Resource Volumes
- 0505- - -General Resource Access
- 0506- - -General Resource Installation Data
- 0507- - -General Resource Conditional Access
- 0508- - -Filter Data
- 0509- - -General Resource Distributed Identity Mapping Data
- 0510- - -General Resource Session Data
- 0511- - -General Resource Session Entities
- 0520- - -General Resource DLF Data
- 0521- - -General Resource DLF Job Names
- 0530- - -Reserved
- 0540- - -General Resource Started Task Data
- 0550- - -General Resource SystemView Data
- 0560- - -General Resource Certificate Data
- 0561- - -General Resource Certificate References
- 0562- - -General Resource Key Ring Data
- 0570- - -General Resource TME Data
- 0571- - -General Resource TME Child
- 0572- - -General Resource TME Resource
- 0573- - -General Resource TME Group
- 0574- - -General Resource TME Role
- 0580- - -General Resource KERB Data
- 0590- - -General Resource PROXY Data
- 05A0- - -General Resource EIM Data
- 05B0- - -General Resource Alias Data
- 05C0- - -General Resource CDTINFO Data
- 05D0- - -General Resource ICTX Data
- 05E0- - -General Resource CFDEF Data
- 05F0- - -General Resource SIGVER Data
- 05G0- - -General Resource ICSF
- 05G1- - -General Resource ICSF Key Label
- 05G2- - -General Resource ICSF Certificate Identifier
- 05H0- - -General Resource MFA Factor Definition Record
- 05I0- - -General Resource MFA Policy Definition Record
- 05I1- - -General Resource MFA Policy Factors Record
- 1210- - -User MFA Factor Tags Data Record
- 1560- - -General Resource Certificate Information
- plus IRRHFSU 0900-0904
Note: RACF® / DB2® are trademarks of IBM