z/OS Connect EE Security Wildfire Workshop – October 26, 2021

Please be advised that enrollment is not available on this site. Contact Judy Vadnais at [email protected] for questions or for enrollment to attend the following event.

IBM will host a webex workshop of the newly announced z/OS Connect EE Security Workshop on October 26, 2021 from 1:00pm – 3:30pm (Eastern Time).

Introduction
Cloud and mobile applications have reshaped the way enterprises and systems interact. The dominate standard for new application development for these new environments uses RESTful APIs for sending and receiving JSON formatted messages to backend services. IBM z/OS Connect Enterprise Edition provides a framework that enables new application development using RESTful APIs and JSON messages for accessing z/OS based services and data when developing new cloud and mobile applications for the enterprise uniting z/OS into the Cloud infrastructure.

The administration of a z/OS Connect server and then the enablement of secure connections between REST clients connecting to a z/OS Connect server and then propagating security credentials to the z/OS resource to which are accessed is critical to protecting your data. In the world of cloud and mobile applications, protocols such as Transport Security Layer (TSL), OAuth, OpenID, and JWT are commonly used secure communications. In the workshop, we will explore some of the basic best practices for z/OS Connect administration and security options and show how they can be used to secure communications to and from z/OS Connect EE.

This workshop gives a guided hands-on experience with administration and the use of system authorization security (SAF) and the IBM z/OS Connect Enterprise Edition (EE) product. Attendees will be given the option to perform exercises that start adding system authorization security (SAF) to a z/OS Connect server. The initial exercise covers everything from enabling basic SAF security to fully enabling mutual authentication of digital certificates from the z/OS Connect Eclipse tooling and REST clients like cURL and Postman to a z/OS Connect server. Other exercises include hands-on access to z/OSMF for configuring and installing AT-TLS policies. These AT-TLS policies provide TLS protection between MVS batch application to a z/OS Connect server and between a z/OS Connect server and back-end resources such as IMS databases, IMS transactions, Db2 resources and MQ queues. A CICS security exercise provides hands-on experience configuring CICS TLS support from a CICS API requester exercise as well as configuring identity propagation from a z/OS Connect server to a CICS region. Finally, there is an exercise that introduces the use of OAuth and OpenID Connect and the use of JWT tokens with z/OS Connect server configured as an API provider and API requester.
Objectives
At the conclusion of this workshop, an attendee will have hands-on experience with:
• Performing the initial setup of a z/OS Connect Liberty server.
• Implementing and administrating SAF security with IBM z/OS Connect EE for z/OS servers.
• Enabling TLS connectivity between z/OS Connect server and z/OS backend systems like CICS, IMS DC, IBM MQ, IBM DB2 and MVS batch jobs.
• Implementing the security options available in z/OS Connect. These security options range from:
o Implementing basic security with a user identity and password using a SAF registry.
o Implementing a full exchange of digital certificates between a client and a z/OS Connect server using RACF key rings.
o Implementing JWT tokens with a z/OS Connect server as a provider and as requester.

Audience
This workshop is designed for administrators and enterprise architects who are involved with securing their z/OS Connect Enterprise environment.

Agenda
• Welcome and Introduction
• Presentation – An introduction to IBM z/OS Connect EE Security topics
• Exercises
 The exercises for administrators include:
 IBM z/OS Connect EE Initial setup
 IBM z/OS Connect EE Enabling SAF security
 IBM z/OS Connect EE Security and CICS
 IBM z/OS Connect EE Security and Db2
 IBM z/OS Connect EE Security and MQ
 IBM z/OS Connect EE Security when accessing an IMS database
 IBM z/OS Connect EE Security when accessing an IMS transaction
 IBM z/OS Connect EE Security with MVS Batch