• August 17, 2022

Introducing IBM Z MFA v2.1 and its z/VM support

Secure authentication to critical IT infrastructure is paramount. Multi factor authentication is a critical improvement over legacy userid and password technology. The introduction of the IBM Z Multi-Factor Authentication V2.1 product enables the IBM z/VM operating system to benefit from this security improvement. 

With a larger remote workforce, it is paramount that all systems are protected by multi factor authentication. That’s because the combination of userid and password alone has proven to be easier and easier for hackers to break into critical systems. And a single system, such as a mobile device or desktop protected by an MFA offering is not sufficient. Subsequent sign ons can be compromised if only userid and password are involved.

Consistent authentication across systems

IBM now has offerings for z/OS, Power systems and z/VM that offer a variety of factors for authentication. These solutions are interoperable with other IBM offerings and those from other vendors. As a result, users can have a consistent authentication to all their critical systems. 

With Z MFA V2.1, z/VM sign ons are protected with a variety of factors. These include Yubikey support, RSA SecurID ®, Gemalto SafeNet, IBM Security Access Manager (ISAM), IBM Cloud Identity Verify (CIV) via RADIUS, Generic RADP, LDAP, Native timed one time password (TOTP), and SmartCard usage. Several of these factors include biometric support. MFA deals with three components: What you know, What you have and What you are.  “What you are” or “What you have” with traditional passwords can provide assurance that the right person is accessing critical systems. 

There is a demo of usage of some of the factors with z/OS. Again, the goal is consistent sign on across platforms. The experience demonstrated here will be remarkably similar for z/VM.

System requirements and features

The Z MFA support for z/VM requires a Red Hat or SUSE Linux for z system and a PostgreSQL database. The Z MFA V2.1 services will integrate with either IBM or Broadcom external security managers on z/VM to enforce multi factor authentication for selected individuals. 

Features of the Z MFA solution for z/VM include multiple z/VM systems to connect to one  Z MFA server. It can support single or shared security database environments. And in case of a disaster, where a z/VM system is brought up without a network, previously specified users sign on to z/VM without MFA. 

Start protecting today

Multi factor authentication is an important security feature that reduces risk for critical infrastructure. Protect your mainframe applications and systems in a consistent fashion with the IBM Z MFA solution. Here’s a link to the US announcement letter

Jim Porell 9 Posts

I am a Solutions Architect at Rocket Software, focusing on pre and post sales technical assistance for Rocket developed products from IBM. Prior to joining Rocket, I was an independent consultant and retired IBM Distinguished Engineer. I held various roles as Chief Architect of IBM’s mainframe software and led Business Development and marketing of Security and Application Development for the mainframe. My last IBM role was Chief Business Architect for Federal Sales. I held a TS/SCI clearance for the US Government, was a member of the US Secret Service Electronic Crimes Taskforce in Chicago and co-authored several security books. I've done cybersecurity forensic work at a number of Retail, Financial and Government agencies and created a methodology for interviewing customers to avoid security breaches for large enterprises. I have over 40 years working with Information Technology.


Leave a Comment

Your email address will not be published.