Data Sheet

Tectia Server for Linux on IBM System z

Secure File Transfers and Data-In-Transit

Tectia Server for Linux on IBM System z provides the ultimate SSH data security solution with strong encryption and authentication for mainframe le transfers and data-in-transit. How to secure mainframe le transfers in complex environments? With Tectia Server for Linux on IBM System z, you can secure le transfers,data-in-transit and remote access between distributed systems and mainframes running Linux. While providing Secure Shell (SSH) based technology and an easy command-line interface, no modications to the existing infrastructure or applications are required. Tectia Server for Linux on IBM System z offers a quick and easy method to replace interactive and unattended plaintext FTP connections with secure SFTP and SCP command-line tools. Condentiality, data integrity and strong authentication are guaranteed with both remote connections and data transfers. But our network is so complex... Tectia Server for Linux on IBM System z integrates easily into heterogeneous environments to secure mission critical data-intransit and legacy applications. Tectia Server for Linux on IBM System z is designed to deliver end-to-end security to enterpriseclass data centers running Linux on IBM mainframe systems by providing secure encrypted communication channels between IBM mainframe systems and other platforms. You can secure cross-platform connections and operations within distributed systems running Tectia for Windows, Unix and Linux, or other Secure Shell (including OpenSSH) implementations. Tectia Server for Linux on IBM System z uses IBMs FIPS-certied cryptographic hardware facilities and hardware cryptographic acceleration. It also supports a wide variety of server and user authentication methods, such as public key and X.509 certicates for strong two-factor authentication. How to secure virtualized environments? Transition to virtualized IT environments and data security of application trafc is cost-effective with Tectia Server for Linux on IBM system z. It adds powerful security capabilities, such as strong authentication and encryption of data, for secure host database connections, secure remote logins, and secure le transfers throughout internal and external networks. Do the data security regulations demand the impossible? PCI-DSS, SOX, HIPAA, FISMA and Basel II dene data encryption and strong authentication demands for companies, and failing to follow the relevant regulations results in failing security audits not to mention the risks of making it into the headlines about data security breaches.

Tectia Manager Tectia Server Secure use of Legacy Applications

Centralized Security Management

Tectia Server

Secure use of Remote Commands

Tectia Server for IBM z/OS

Secure System Administration

Secure File Transfers

Tectia Client

Drag-and-drop Secure File Transfers

Automated Secure File Transfers

Branch offices

Tectia Client

Tectia Server

Tectia Server or any other Secure Shell Server

SSH Communications Security | [email protected] | www.ssh.com

Features
Secure File Transfer
SFTP and SCP command-line tools for interactive and unattended use Strong data encryption Strong le integrity checking Multi-gigabyte le size support Anonymous secure le transfers with the SFTP protocol Data stream compression for low-speed connections With Tectia Server for IBM z/OS: Support for MVS and USS le systems SFTP Extensions for MVS dataset direct streaming SFTP Extensions for SITE command support Automatic EBCDIC-ASCII character conversion

Ease of Use
User-specic connection proles for easy session setup Nested tunnels for end-to-end communications security in remote access

Security
Multi-tier security architecture Congurable re-keying policies Authentication agent functionality Multi-channel support multiple secure sessions are multiplexed to a single TCP/IP connection Compliance with the IETF Secure Shell standards

User and Server Authentication

User and server authentication with public keys User and server authentication with X.509 certicates User authentication with passwords Two-factor user authentication based on smart cards and cryptographic tokens Keyboard-interactive interface for easy integration with third-party methods Support for GSSAPI/Kerberos Support for OpenSSH keys

Secure Application Connectivity

Automatic tunneling FTP tunneling TCP tunneling (port forwarding) Secure forwarding of X11 sessions Support for connections to any standard Secure Shell server, including OpenSSH

Specications
Supported Cryptographic Algorithms
Hardware Accelerated: AES (128 bit) 3DES (168 bit) SHA-1 and SHA-2 hash algorithm Symmetric (Session Encryption) Algorithms: AES (128 / 192 / 256 bit) 3DES (168 bit) Data Integrity Algorithms: HMAC MD5, HMAC SHA1, HMAC SHA224, HMAC SHA256, HMAC SHA384 and HMAC SHA512 Key Exchange Algorithms: Dife-Hellman (SHA-1 and SHA-2 methods)

Supported PKI Specications

X.509 v3 certicate support X.509 v2 CRL fetching via HTTP, LDAP, ofine OCSP SCEP PKCS#7 and PKCS#12 import PKCS#8 and PKCS#11 key support

Supported Server Platforms

Red Hat Enterprise Linux 5.1, 6 (s390) SUSE Linux Enterprise Server 9 and 10 (s390) Note: 31-bit glibc compatibility library is required on 64-bit operating systems

Supported Third-Party Authentication Products

Microsoft CA Windows domain authentication through GSSAPI Microsoft IAS through RADIUS FreeRADIUS

SSH Communications Security | [email protected] | www.ssh.com