Configuring PAM to Launch BlueZone to Autoconnect to Mainframes

book

Article ID: 138902

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

Whenever you create a service to launch a client application, such as BlueZone, you must get the runtime parameters configured properly.  Sometimes the application will require configuration as well.  In the case of BlueZone, it is necessary to configure a file to match the service configuration.

Environment

Release : 3.2.5 (But this should work with any version of PAM supporting Mainframe Proxy)

Component : PRIVILEGED ACCESS MANAGEMENT

Resolution

1.  Create a TCP Service in PAM to launch BlueZone


This is the full string in the Client Application field:  "C:\Program Files (x86)\BlueZone\7.1\bzmd.exe" /F PAMloop.zmd /~0 <Local IP> <First Port>


2.  Configure a Device for the mainframe and add the Service.


3.  Configure a Target Application and Target Account to vault the credentials to be used for autoconnecting to the mainframe.


4.  Configure a Policy and add the credentials created above.


5.  Launch BlueZone Session Manager from your PC and create a new connection, with BlueZone Mainframe Display, whose Host Address matches the loopback address configured into the PAM Service.



6.  After saving the connection there will be a prompt for a zmd filename when Bluezone Mainframe Display is exited.  This filename should match the name specified in the PAM service.


7.  Go to the Access page in PAM and launch the service.  Autoconnect should work.

Attachments