Notice: will be retired soon. Please visit our new site at
Defender Tokens
Quest offers the widest range of tokens on the market – software, hardware and web-based – to meet your diverse authentication needs.
View now »

Defender Mainframe Edition

Affordable and Achievable Two-Factor Authentication for Mainframes

Quest Defender Mainframe Edition (ME) enhances security by enabling two-factor authentication for your entire IBM System z mainframe network or single business transactions. Defender ME gives you the ability to authenticate users via any of the leading dynamic password tokens at three levels: network entry, application selection or business transaction. Defender ME encompasses the latest cryptographic developments in hardware technology and includes support for multiple token types from multiple vendors.


Network Security - Extends security defenses from the kernel of the individual mainframe systems to the network periphery so users are validated before they enter the network.

Application/Transaction Protection – Directs users via user ID and password to permitted applications only. Users can also be forced to provide additional personal token information either at the application level, the transaction level or both.

OATH-Compliant – Supports any OATH-compliant token (from Quest or any OATH-compliant hardware vendor), providing you with the flexibility to choose a solution that is right for you.

RSA SecureID Support – Supports the latest RSA SecureID® AES token with 9-digit serial numbers, the only solution for System z with fully integrated support for 128-bit AES tokens. Users with AES tokens do not need to be authenticated by connecting to a Unix, Windows or RSA ACE® Server, providing you with security and reliability while reducing your overall investment.

Alerts – Escalates message warnings (including NewView alerts) to an operator console or central host.

MVS System Support – Supports Multiple Virtual Storage (MVS) systems with three levels of Defender:

  • Defender ME VSSE – Controls which LU-to-LU sessions VTAM will allow or deny, including terminal-to-application, application-to-printer, peer-to-peer and Network Job Entry (NJE) sessions.
  • Defender ME Secure – Provides active network security and information protection by directing the user to permitted applications only. Also validates via a user ID.
  • Defender ME Authenticator – Includes all the features of Defender ME Secure as well as incorporating three-factor authentication: a user ID, a user-changeable password and a personal device-generated code.

Transaction-level Interface (TLI) – Extends security beyond the VTAM network front end to the user’s own business transaction. Protects sensitive transactions by requesting user ID and password validation from within the transaction.

Home-node Processing – Permits users to specify the name of the machine where they want to be authenticated. Home node processing is useful on large networks where users access their systems from both home and remote locations.

mainframe authentication

Sys Reqs

HardwareIBM z Series
Operating SystemIBM z/OS (all levels)
EnvironmentVTAM, VSAM
Security systemRACF, ACF2, TOPS