IBM Security Z Security

Introducing IBM Z MFA v2.1 and its z/VM support

By James Porell posted Tue May 19, 2020 09:45 PM


Secure authentication to critical IT infrastructure is paramount. Multi factor authentication is a critical improvement over legacy userid and password technology. The introduction of the IBM Z Multi-Factor Authentication V2.1 product enables the IBM z/VM operating system to benefit from this security improvement.

With a larger remote workforce, it is paramount that all systems are protected by multi factor authentication. That's because the combination of userid and password alone has proven to be easier and easier for hackers to break into critical systems. And a single system, such as a mobile device or desktop protected by an MFA offering is not sufficient. Subsequent sign ons can be compromised if only userid and password are involved.

Consistent authentication across systems

IBM now has offerings for z/OS, Power systems and z/VM that offer a variety of factors for authentication. These solutions are interoperable with other IBM offerings and those from other vendors. As a result, users can have a consistent authentication to all their critical systems.

With Z MFA V2.1, z/VM sign ons are protected with a variety of factors. These include Yubikey support, RSA SecurID ®, Gemalto SafeNet, IBM Security Access Manager (ISAM), IBM Cloud Identity Verify (CIV) via RADIUS, Generic RADP, LDAP, Native timed one time password (TOTP), and SmartCard usage. Several of these factors include biometric support. MFA deals with three components: What you know, What you have and What you are.  “What you are” or “What you have” with traditional passwords can provide assurance that the right person is accessing critical systems.

There is a demo of usage of some of the factors with z/OS. Again, the goal is consistent sign on across platforms. The experience demonstrated here will be remarkably similar for z/VM.

System Requirements and features

The Z MFA support for z/VM requires a Red Hat or SUSE Linux for z system and a PostgreSQL database. The Z MFA V2.1 services will integrate with either IBM or Broadcom external security managers on z/VM to enforce multi factor authentication for selected individuals.

Features of the Z MFA solution for z/VM include multiple z/VM systems to connect to one  Z MFA server. It can support single or shared security database environments. And in case of a disaster, where a z/VM system is brought up without a network, previously specified users sign on to z/VM without MFA.

Start protecting today

Multi factor authentication is an important security feature that reduces risk for critical infrastructure. Protect your mainframe applications and systems in a consistent fashion with the IBM Z MFA solution. Here's a link to the US announcement letter