FTP was built long, long ago, with no attention to security. The data is clear-text. The commands are clear-text. The IDs and passwords are clear-text too. You simply can’t keep sending that clear-text data anywhere outside the building, not anymore. You’ve got to secure them, and probably very soon.
VFTP – SSH encrypts FTP coming out of z/OS batch jobs without you having to edit and test a single line of batch JCL code.
There are at least two very reliable ways to secure that FTP traffic from z/OS. Both of those solutions involve securing FTP traffic by encrypting it with SSH.
Secure FTP with SSH and VitalSigns for FTP™ (VFTP):
Secure Shell (SSH) is a widely trusted cryptographic protocol. It uses public/private key encryption (a.k.a. PKI) to authenticate users and machines, to encrypt traffic, and to ensure the integrity of data. It is the standard network security tool in the Linux/Unix world. Remote access to a Linux/Unix system is almost always guarded by SSH. Also, Microsoft® provided a implementation for Windows® in 2016.
With help from VFTP, Tectia® SSH clients/servers (built by SSH Communications Security, the creators of SSH) provide unique SSH services for collaboration with z/OS FTP clients/servers.
Tectia SSH can secure z/OS FTP traffic in either of two ways. The difference is the number of FTP installations involved.
FTP through an SSH Tunnel:
SSH tunneling means transferring data between two z/OS FTP installations, with SSH in the middle. A file transfer gets encrypted before it leaves its home machine, then decrypted after it is safely inside the destination machine. SSH clients/servers reside at either end, guarding the passage between the FTP clients/servers and the outside world. The SSH tunnel transports safely encrypted FTP commands and data between them.
Converting FTP to Secure FTP (SFTP):
FTP-to-SFTP conversion lets FTP and SSH at one end transfer data to an SSH client/server living alone at the other end–a common situation on Linux/Unix boxes.
SFTP is the SSH version of FTP; it’s the file transfer mechanism built into SSH clients and servers. But SFTP commands are different than FTP commands, so the batch jobs can’t speak to SSH directly. They need some kind of translator in between.
So you put an SSH client on z/OS, between your FTP client and the outside world. The batch jobs talk to FTP. The FTP client passes commands and data to the SSH client, which translates FTP to SFTP. Then secure SFTP traffic travels the SSH connection to the SSH server at the other end.
What’s the Hard Part?
It is relatively simple to install the SSH clients/servers and get them talking to one another.
The harder part is telling the FTP clients/servers to work with their SSH partners.
That’s where VFTP comes in. VFTP is smart controlling software that sits between the batch jobs and the native z/OS FTP client.
VFTP acts as a proxy FTP client. You configure z/OS to use VFTP as the default for outgoing FTP commands and data. Then when a batch job wants to send a transfer, it talks to VFTP, which looks at the job name, or the user ID, or the destination, then passes the message to native z/OS FTP along with configuration instructions about SSH encryption and/or conversion.
Conclusion:
The VFTP-SSH Collaboration from Software Diversified Services will easily secure any and all outgoing FTP traffic that has SSH installed at the other end.
VFTP – SSH encrypts FTP coming out of z/OS batch jobs without you having to edit and test a single line of batch JCL code.
On top of that, VFTP provides far simpler and more thorough monitoring of z/OS FTP traffic than z/OS itself does. Auditors love it.
Product Webinar
Peeling the Onion!
Exploring Mainframe File Transfer Methods & Best Options for Security
Watch as we peel back the layers of the SFTP onion.
Resources
VFTP-SSH Collaboration
View all the latest VFTP-SSH resources, including webinars, datasheets, white papers, and more.
Free Demo/Trial
We offer individualized product demonstrations by request. Your organization can also try SDS Software on your system for 30 days, free of charge.
Contact SDS
Phone: (800) 443-6183
Phone: (763) 571-9000
200 Village Center Drive, Suite 250
North Oaks, MN 55127
USA