Why is the industry choosing RACF and the z/OS Security Server

For over 20 years, IBM's Resource Access Control Facility (RACF) has been the premier product for securing valuable corporate data. RACF is the industry leader among customers, with growth rates that have exceeded 15% each year for the past five years.

This astounding growth can be attributed to many factors including IBM aggressively investing in RACF to exploit new technology, IBM service and support, and product integration. In addition, RACF will be an important element of Tivoli's comprehensive enterprise network security solution. This is an exciting time to be a RACF customer!

For more specifics on the z/OS Security Server, please read on...


Your security solution is only as good as its integration with your application environments. RACF excels at integration with your existing and future application environments. Key elements are:

RACF easily integrates with any product which adheres to the MVS System Authorization Facility (SAF) interface. This means that you can use RACF for your user identification, access control, and auditing without having to modify your existing applications.

Release 4 of the OS/390 Security Server contains support for DB2 without requiring modifications to DB2 code, modifications that could prevent you from upgrading DB2 to the latest release or could complicate problem diagnosis. Support for RACF's control of DB2 objects is a standard part of DB2. 

Remember, IBM products are developed with RACF and naturally work nicely with RACF.

Securing the enterprise

IBM's cross-platform integration technology is based on industry standard initiatives such as DCE as opposed to proprietary, single vendor, closed solutions. RACF's DCE support was the first, and is still the leader, among all of the S/390 security packages. DCE is supported on HP, DEC, Sun, and many other platforms including IBM.

The Tivoli architecture and products are leading the industry in cross-platform administration. You can use Tivoli products to manage RACF-defined users TODAY!

Product administration

Countless installations have migrated to RACF from other security products. After these migrations are complete, we ask the customer to analyze the administrative effort required to support their security environment before and after their migration to RACF. The vast majority of customers report that they were able to reduce staff or have their security administrators take on additional responsibilities such as LAN administration after moving to RACF. No one has ever had to add staff to administer RACF.


RACF's performance is outstanding. RACF has provided extensive buffering and caching since release 1.2 in 1977, beginning with the introduction of in-storage index blocks. Since then, we've enhanced further by placing as much RACF information in storage as we could, including data blocks, ICB, generic profiles, profiles specified by the administrator, and profiles specified by the application. None of these required any new hardware support.

When new services are available, RACF uses them to further improve performance. While they are not pre-requisites, many times these services, both hardware and software, can be utilized with RACF.

System reliability

RACF's recovery mechanisms, which by the way are rarely needed since RACF failures are very infrequent, provide a fast, real-time switching to the recovery environment. No application of forward transactions is required. Forward recovery is a technique that is not the best solution to all recovery problems.

Comprehensive auditing, monitoring, and reporting

Since 1978, IBM has provided the RACF report writer for reporting and analysis. With the advent of relational databases and intelligent reporting tools, customers demanded, and we delivered, the ability to process audit information using the reporting tool of their choice, using the inquiry languages with which they are familiar.

RACF's database unload utility (IRRDBU00) and RACF's SMF unload utility (IRRADU00), provide information to security administrators and auditors in a format that is usable by any installation-chosen reporting or database management product. IRRADU00 and IRRDBU00 are standard part of RACF. No specialized reporting packages are required. Whether you are using DB2, Oracle, SAS, or even just DFSORT, you can effectively process and analyze your audit data.

As always, IBM protects your investment with RACF. The RACF Report Writer is still a supported part of the RACF product.

Security leadership

IBM and RACF maintain leadership in security. IBM invented and patented Data Encryption Standard (DES), which the world relies upon for commerce, and then licensed it freely. We invented and patented PassTickets, which is the basis for System/390 single-signon technology. We have contributed key pieces of technology for DCE. Together, RACF and MVS was the first large-system to be placed on the Evaluated Products List (EPL) at a C2 level of trust. We followed up three years later by becoming the first large-system product to be placed on the EPL at a B1 level of trust

Integrity is the hallmark of RACF. We don't provide a security mechanism unless it conforms to the MVS Statement of Integrity and provides function reliably.

Industry support

IBM participation in industry user groups such as SHARE and GUIDE is extensive. RACF has representatives who are active in both of these conferences. RACF is also an active participant in other conferences such as Vanguard's Security Expo (RACF-97). In addition, RACF developers are extremely active in internet discussion groups, such as the RACF-L discussion group. IBM provides instructions for joining this discussion group in the front of each of the RACF manuals.

RACF also provides access to its comprehensive information source, the RACF home page at http://www.s390.ibm.com/racf. From this page, you can find our frequently asked questions list, lists of user groups at which IBMers are speaking about security, and the latest information about RACF.

Net: RACF's support of its customers is the best in the industry.

A cornucopia of other reasons

There are other qualities that reinforce IBM's leadership in security. Specifically:

The bottom line

When selecting a security product to protect your most important corporate data, you have to ask yourself which product:

The answer to all of these is RACF!

Need help migrating to RACF?

For more information on migrating to RACF or the z/OS Security Server, go to the Migration page.

For more information on RACF, go to the Resource Access Control Facility web page.

Contact IBM

Browse z/OS