VTS Gate provides enhanced security for VTS-TSRs, specifically, Read-only, SAF interface protected (using security tools like ACF2, RACF, and Top Secret) and hardware key protected VTS-TSRs.

With a Read-only VTS, user applications are only allowed to read from the VTS. Updates to the VTS can only be performed by switching the VTS to read-write mode using an MVS-authorized program.

With an SAF interface protected VTS, access to the VTS is controlled by authorization levels granted using an SAF security tool. The authorization granted to the user controls their ability to read from, update, start up or shut down the VTS. An SAF protected VTS can be started up in read-only or read-write mode.

With a hardware key protected VTS, the VTS is built in a hardware key protected dataspace which can only be updated by MVS-authorized programs running in supervisor state and key 0. A hardware key protected VTS can only be started up in read-only mode.

A hardware key protected VTS can also be SAF interface protected, in which case, the VTS will be a Read-only VTS.