We use it for promoting and demoting to match our SDLC. So, things start off in development, we build it – whatever it is – and it moves to a testing region. We're trying to shift that left as part of our future state where it's automated regression. But right now it's, especially on the mainframe, it's mostly manual. We move it up to testing. If they're happy with it, it goes to integrated testing, which includes customer acceptance testing. After that, it's moved to QA where it is run for a certain period of time, depending upon different application requirements in an environment that very closely mimics production as close as we can get it. And then when it signed off there, ChangeMan handles everything except the actual move through the hole in the firewall.
Why it doesn't do that? I don't know. To me, it seems like it should be able to. We put it onto what we call an MFT server, which moves it to another server that's inside the DMZ for the mainframe application.
On the distributed stuff, we run four different anti-virus suites against it, looking for vulnerabilities, penetrations, things like that. On the mainframe, I don't know that we do anything other than have a code to review with the Ops folks.