Host Access Management and Security Server

Specs

Tech Specs (including Advanced Authentication Add-on, Security Proxy Add-on, and Terminal ID Management Add-on)

Compliance

  • Compliance with United States Government Configuration Baseline (USGCB) security policy requirements

Authentication

  • Microsoft Active Directory single sign-on
  • Support for NTLM 2
  • Public Key Infrastructure (PKI) support
    • Certificate Revocation List (CRL) support
    • Online Certificate Status Protocol (OCSP) support
    • Certificate policy support
  • X.509 certificate support for CAC, PIV, and other smart cards
  • Kerberos 5 with Microsoft Active Directory
  • Directory Support, including support for Active Directory, NetIQ eDirectory, OpenLDAP, and other RFC compliant directory servers
  • Support for Micro Focus Advanced Authentication

Authorization (Access Control)

  • LDAP integration to restrict terminal, printer, and file transfer session access to authorized users
  • Access control for session access based on individual identity or LDAP group membership
  • LDAP-based access control enforced through secure token authorization technology
  • Dynamic LDAP group support
  • Secure terminal and file transfer connections to multiple hosts through a single port in the firewall

Auditing

  • MSS Management Server log
  • MSS Security Proxy Server log
  • MSS Metering Server log
  • Log data tracks usage by LDAP-distinguished names

Encryption and Security

  • FIPS 140-2-validated cryptographic module (Certificate #3152)
  • TLS and HTTPS
  • 256-bit AES, 128-bit AES, and Triple DES
  • RSA
  • DSS/Diffie-Hellman

Support for MSS add-On components*

  • Security Proxy Add-On: Deliver end-to-end encryption and enforce access control at the perimeter with patented security technology.
  • Advanced Authentication Add-On: Enable multifactor authentication to authorize access to your valuable host systems.
  • Automated Sign-On for Mainframe Add-On: Enable automated sign-on to IBM 3270 applications via your identity and access management system.
  • PKI Automated Sign-On Add-On: PKI-enable automated application sign-on to your critical enterprise systems.
  • Terminal ID Management Add-On: Dynamically allocate terminal IDs based on username, DNS name, IP address, or address pool.

*Requires an additional license

  • Installation support
  • Automated installer for Windows and Linux with all necessary components
  • Automated installer for Linux on Z runs with your supplied Java runtime
  • Native 64-bit installer support for 64-bit versions of Windows and Linux

Server platforms supported**

  • SUSE Linux Enterprise Server (SLES) 11 SP4
  • Red Hat Enterprise Linux 6
  • Windows 2012
  • Linux on Z Systems
    • SUSE Linux Enterprise Server (SLES) 11 SP4
    • Red Hat Enterprise Linux 6

** Supported versions include those listed and higher

System requirements

  • Workstations running Micro Focus client software (see Micro Focus Clients Supported above)
    • A web browser that supports Java 8 or above if using links list feature
    • Java Runtime Environment 8 or above if using links list feature
  • MSS Administrative Console
    • A web browser that supports JavaScript and Cookies
  • MSS Administrative Server, Metering Server, and Terminal ID Management Add-On
    • Java Servlet 2.3-compliant servlet engine and Java Server Pages (JSP) 1.2
  • MSS Security Proxy Add-On
    • Java Runtime Environment 8 or above
  • MSS Advanced Authentication Add-On
    • Micro Focus Advanced Authentication Appliance 5.2 or above
  • MSS Automated Sign-On for Mainframe Add-On
    • IBM Digital Certificate Access Service (DCAS) running on z/OS
    • OS/390 V2R10 or above
    • RACF configured for DCAS

Micro Focus clients supported

release-rel-2020-9-2-5123 | Tue Sep 15 18:06:14 PDT 2020
5123
release/rel-2020-9-2-5123
Tue Sep 15 18:06:14 PDT 2020