Configuring PAM to Launch BlueZone to Autoconnect to Mainframes


Article ID: 138902


Updated On:


CA Privileged Access Manager (PAM)


Whenever you create a service to launch a client application, such as BlueZone, you must get the runtime parameters configured properly.  Sometimes the application will require configuration as well.  In the case of BlueZone, it is necessary to configure a file to match the service configuration.


Release : 3.2.5 (But this should work with any version of PAM supporting Mainframe Proxy)



1.  Create a TCP Service in PAM to launch BlueZone

This is the full string in the Client Application field:  "C:\Program Files (x86)\BlueZone\7.1\bzmd.exe" /F PAMloop.zmd /~0 <Local IP> <First Port>

2.  Configure a Device for the mainframe and add the Service.

3.  Configure a Target Application and Target Account to vault the credentials to be used for autoconnecting to the mainframe.

4.  Configure a Policy and add the credentials created above.

5.  Launch BlueZone Session Manager from your PC and create a new connection, with BlueZone Mainframe Display, whose Host Address matches the loopback address configured into the PAM Service.

6.  After saving the connection there will be a prompt for a zmd filename when Bluezone Mainframe Display is exited.  This filename should match the name specified in the PAM service.

7.  Go to the Access page in PAM and launch the service.  Autoconnect should work.