

	Features Overview Console Consolidation & Security Secure Remote Access Automation Event Management Audit Management HMC Security & Access

Key Features

HMC Security & Access

ioEnterprise Secure HMC is a suite of tools to provide secure access to local and remote HMC. Since the HMC is the command entry point from some of the most basic/low-level commands to boot, IML, and configuration change for the mainframe, access to the HMC is critical.

However, keeping staff on site near the HMC can be problematic in lights-out or remote mainframe operations. Also, since some very important information is generated by the HMC, having that information integrated into the overall mainframe operations is desirable.

Finally, securing the access to the HMC from malicious or even accidental access is critical, and Secure HMC provides for this by requiring unique logon ids, auditing user access, and encrypting data across networks.

HMC Message Monitor

ioEnterprise Secure HMC allows you to monitor HMC messages locally and remotely. HMC messages can be distributed to staff members, so the most appropriate staff members see messages which most pertain to them. Messages from many HMCs can be consolidated in a single ioEnterprise viewer (like CCS+, Automation, or Event Management).

HMC messages are gathered using standard HMC messaging protocols (like SNMP). The messages are gathered on a private network with the HMC, ensuring that the messages will not be transmitted unencrypted over the network or Internet. When the messages are transmitted to ioEnterprise viewers, the messages are encrypted using SSL.

Using ioEnterprise viewers allows users to consolidate HMC messages with NIP and Master Console messages, ensuring that the full picture of mainframe operations is displayed in a single location. This allows a user to monitor and manage all aspects of mainframe operations, securely from a single location.

HMC Command Panel

ioEnterprise Secure HMC Command Panel allows users to enter commands to the HMC in a point and click interface. Some HMC commands, like those that IPL LPAR images, can cause issues in that they can involve an overly complicated set of steps, and that it is easy to run these commands against the wrong systems accidentally or maliciously.

The HMC control panel allows users to enter commands, such as IPL commands, against a sub-set of systems that they are allowed to access based on user names or user authority. The command can then be accessed via a point-and-click interface, minimizing the steps required to enter command parameters.

The HMC Panel is available from the ioEnterprise viewers (including CCS+, Automation, and Event Manager). You can select the HMC you wish to send to a command to by clicking on an HMC message, or by selecting the HMC from a drop down list.

SSL Proxy

Some IBM mainframe HMCs support a web server interface, which allows users to connect to the HMC with their web browser, as if they are physically in front of the HMC. Some older HMCs do not provide for secure browser access to this portal (using HTTPS). ioEnterprise Secure HMC SSL Proxy encrypts the connect to the HMC’s web server using HTTPS for data encryption.

In addition to encryption, ioEnterprise SSL Proxy forces a user to log in to get access to the HMC. HMC security requires a log in, but most mainframe shops leave the default passwords in place. This means that users do not have an individual login id for the HMC. This leads to a situation where a user could log into the HMC, IPL the host, or make other critical changes, and no one could prove who did it based on log in ids. ioEnterprise SSL Proxy logs the individual user accessing the HMC, the PC or workstation the user is using to access the HMC, as well as date and time of the access and date and time of the disconnect. In this way, a user entering malicious or problematic commands could be tracked based on their user id, time they were on the system, and which PC they were using for access.