Mainframe MVS storage access

The Continuous Compliance Engine can connect to a wide range of host systems, including Mainframes, Linux, and Windows, as long as they support SFTP, FTP, and FTPS protocols. Furthermore, mainframe MVS storage can be accessed using the FTP and FTPS protocol. In order to access the mainframe data set and effectively mask its contents, you must adhere to the z/OS path name guidelines described below. Failing to meet these criteria will result in the user being directed towards the USS storage, rather than the mainframe MVS storage.

A data set name consists of one or more parts connected by periods. Each part is called a qualifier.
Each qualifier must begin with an alphabetic character (A to Z) or the special character @, #, or $.
The remaining characters in each qualifier can be alphabetic, special, or numeric (0 to 9) characters.
Each qualifier must be 1 to 8 characters in length.
The provided path or qualifier should end with a period dot (.).

Masking large datasets in-place on mainframe MVS storage

For in-place jobs involving large datasets that exceed the configured system default size of the MVS storage, users should manually create a dataset with the same name as the input dataset, appending a .msk extension. This newly created dataset should have a larger size than the input dataset and must be allocated before executing the job.

Valid connection with Mainframe

Invalid connection with Mainframe

As described in the banner at the top, the request is failing due to an error with the **Server Name** address. Verify that the server name is correct and that the server is accessible from your network.

As described in the banner at the top, the request is failing due to an error with the **Path** format, indicating that a slash must follow the hostname URI.

If Is Multiple Virtual Storage(MVS) Path is checked, it validates if the path provided is MVS or not.

FTPS Connector for Mainframe storage

FTPS is an encryption protocol like FTP with support for TLS/SSL to establish a secure and encrypted channel for data transfer between the Continuous Compliance Engine and the mainframe storage. This added layer of security ensures that all data exchanged remains confidentially and tamper-proof.

If the connector is configured via the API, then in connection mode “FTPS“ needs to passed, for example:

CODE

{
      "connectorName": "MAINFRAME_FTPS",
      "environmentId": 1,
      "connectionInfo": {
        "connectionMode": "FTPS",
        "path": "MASKING.",
        "host": "zos.example.com",
        "loginName": "maskinguser",
        "password": "maskingpwd",
        "port": 21,
        "userDirIsRoot": false
      }
}

The FTPS connection mode is specifically designed and available exclusively for mainframe storage systems. This connection mode is not available with any other connectors.

To establish a successful connection to the mainframe using FTPS, it is important that users upload the Server SSL Certificate to the TrustStore of the Data Engine. Detailed instructions for adding the certificate to the Data Engine TrustStore can be found in the TrustStore settings page.

Note: Mainframe FTPS connection mode currently only supports Multiple Virtual Storage. Path validation of Is MVS is always active for this mode.

Invalid/no certificate

The Continuous Compliance Engine experiences connection errors while trying to establish a connection with the mainframe USS storage. These errors comes when either incorrect or invalid certificates are provided or when no certificates have been uploaded to the TrustStore of the Data Engine.

Connection failed when an Invalid or No SSL Certificate was provided