eTrust CA-Top Secret Security for z/OS and OS ... - SupportConnect
eTrust CA-Top Secret Security for z/OS and OS ... - SupportConnect eTrust CA-Top Secret Security for z/OS and OS ... - SupportConnect
The SYSPLEX XES FunctionThere are three types of structures that can be defined to the Coupling Facility,these include the List, Cache, and Lock structures. eTrust CA-Top Secret uses theList structure to "hold" the Security File. With a List structure, numerousfunctions can be performed against the Security File. For example, reads, writes,deletes, or multiple deletes can be performed. A connection between eachsystem in the sysplex and the structure in the Coupling Facility must be createdto establish communication. This connection must be established prior to anyother function and indicates to the Coupling Facility which structure is to containthe data for future processing. When eTrust CA-Top Secret is donecommunicating with the structure in the Coupling Facility, a disconnect must beperformed. A List structure can be redefined while systems are connected to it.A redefining of the structure can take place if, for example, it becomes full and itis necessary to increase its size.A List structure is made up of headers and data elements. Each header can beused to break up different types of information in the structure. There is amaximum of sixteen headers that any one structure can have. With each header,data elements contain the data that is stored in the structure. The number ofheaders and the size of each data element are defined to the Coupling Facilitywhen eTrust CA-Top Secret "connects" to the structure. eTrust CA-Top Secretonly requires the use of one header. Multiple data elements can exist under thatone header.The total size of the structure is dependent on how the structure is defined to theCoupling Facility. The required size of the Coupling Facility structure can bedetermined using the TSSFAR utility. This is done when the systemsprogrammer defines the name of the structure. Next, the amount of data isdependent on how the structure is defined at connection time. The first systemto connect to a structure supplies information on how the structure is set up. Forexample, the number of headers and the maximum data element size, are two ofmany factors determining the amount of data that can be placed in a structure.These factors are supplied at connection time and are used in a calculation that isdone during the connection.Once a List structure is full, no more data can be added to it. However, thesystem programmer can increase the size of the Coupling Facility structure withno disruption to the system, or rebuilt the structure characteristics with minimaldisruption to the system.The Coupling Facility design handles any failure in it or its connections bydisconnecting and reverting to normal I/O processing. After the problem isresolved, the user must reactivate the Coupling Facility by reactivating thesysplex connection.3–2 Cookbook
The SYSPLEX XCF FunctionThe SYSPLEX XCF FunctionThe XCF function within a sysplex environment allows communication betweenall systems in the sysplex. The main function is the message routing capability.Any system within the sysplex can "join" a group and send and receive messagesfrom each of the other members within the same group. For example, if systemA wanted to send a message to all other systems in the group it can do so byissuing a send message to the Coupling Facility. The Coupling Facility is thenresponsible for posting or notifying all other "joined" systems within the groupthat a message is waiting for them. Each notified system is then responsible forreceiving the message that was sent. The actions performed by the receivingsystem depend on the content of the message.eTrust CA-Top Secret and the SYSPLEX XES FunctionThe XES data-sharing feature lets you define a primary and an alternate Liststructure in the Coupling Facility.If this feature is enabled, eTrust CA-Top Secret attempts to obtain the requesteddata from the Coupling Facility before any physical I/O is performed. If therequested data is obtained from the Coupling Facility no I/O is performed. Thussaving the time from having to do the actual I/O to the database. If you areusing the CACHE facility with eTrust CA-Top Secret, the cache call is performedprior to any call to the Coupling Facility. If the data is found in the CACHE, nocalls to the Coupling Facility or the I/O to the database are performed.Whenever direct physical I/O is requested to the eTrust CA-Top Secret database,a number of decisions must be made. It is important that any updating of anyrecord is reflected on the database prior to the Coupling Facility. Most importantis the need to obtain the data from the Coupling Facility when a direct READ of arecord is requested. If any record is being updated, a lock to the CouplingFacility is issued to prevent the same record from being updated in the CouplingFacility by another eTrust CA-Top Secret system. The Security File ENQ recordshows which system is currently holding the lock and a time stamp indicates thetime the lock was placed.A List structure allows eTrust CA-Top Secret to optimally control what is placedin the Coupling Facility and the maintenance of the data once it is there. Theprimary List structure, defined by the systems programmer, is used to hold allthe data for the eTrust CA-Top Secret database. The optional alternate Liststructure is used in the case that something happens to the primary list structure.If no alternate is defined, and the primary is unavailable, eTrust CA-Top Secretdefaults to its current I/O processing.Using the Sysplex Coupling Facility 3–3
- Page 93 and 94: KerberosThe command syntax for this
- Page 95 and 96: KerberosThe following command creat
- Page 97 and 98: Mapping of Foreign EnvironmentsMapp
- Page 99 and 100: Mapping of Foreign EnvironmentsMapp
- Page 101 and 102: Distributed File Server SMB SUPPORT
- Page 103 and 104: NFS (Network File System)The first
- Page 105 and 106: z/OS and OS/390 Security Server Sup
- Page 107 and 108: z/OS and OS/390 Security Server Sup
- Page 109 and 110: z/OS and OS/390 Security Server Sup
- Page 111 and 112: Chapter2Controlling Access to theHi
- Page 113 and 114: Controlling HFS Using the Native UN
- Page 115 and 116: Controlling HFS Using CA SAF HFS Se
- Page 117 and 118: Securing HFS FunctionsKeywordALLCON
- Page 119 and 120: Securing HFS FunctionsFile Function
- Page 121 and 122: Implementing CA SAF HFS SecurityImp
- Page 123 and 124: HFSSEC Control Option+12—The addr
- Page 125 and 126: HFSSEC Control OptionDiagnosticsThe
- Page 127 and 128: HFSSEC Control OptionUNIX CMDCHMOD(
- Page 129 and 130: HFSSEC Control OptionTSSSUTIL EQUIV
- Page 131 and 132: HFSSEC Control OptionUNIX CMDS ACCE
- Page 133 and 134: HFSSEC Control OptionExample 1// JO
- Page 135 and 136: HFSSEC Control OptionExample 2// JO
- Page 137 and 138: MessagesMessagesCAS2301EEVENT PROCE
- Page 139 and 140: MessagesCAS2306Wxxxxxxxxxxxxxxx EVE
- Page 141: MessagesCAS2319ITRACEID=aaaaaaaa US
- Page 146 and 147: eTrust CA-Top Secret and the SYSPLE
- Page 148 and 149: Defining the Sysplex to eTrust CA-T
- Page 150 and 151: Managing the Coupling FacilityWhen
- Page 152 and 153: Defining SYSTEM LOGGER to eTrust CA
- Page 154 and 155: IMVSECUR/*=========================
- Page 156 and 157: IMVSECUR/*=========================
- Page 158 and 159: IMVSECURFeature RACF eTrust CA-Top
- Page 160 and 161: PERMITIn eTrust CA-Top Secret, all
- Page 163 and 164: Indexcomponent names for z/OS and O
- Page 165 and 166: OpenEdition MVS supportACIDs needed
The SYSPLEX XES FunctionThere are three types of structures that can be defined to the Coupling Facility,these include the List, Cache, <strong>and</strong> Lock structures. <strong>eTrust</strong> <strong>CA</strong>-<strong>Top</strong> <strong>Secret</strong> uses theList structure to "hold" the <strong>Security</strong> File. With a List structure, numerousfunctions can be per<strong>for</strong>med against the <strong>Security</strong> File. For example, reads, writes,deletes, or multiple deletes can be per<strong>for</strong>med. A connection between eachsystem in the sysplex <strong>and</strong> the structure in the Coupling Facility must be createdto establish communication. This connection must be established prior to anyother function <strong>and</strong> indicates to the Coupling Facility which structure is to containthe data <strong>for</strong> future processing. When <strong>eTrust</strong> <strong>CA</strong>-<strong>Top</strong> <strong>Secret</strong> is donecommunicating with the structure in the Coupling Facility, a disconnect must beper<strong>for</strong>med. A List structure can be redefined while systems are connected to it.A redefining of the structure can take place if, <strong>for</strong> example, it becomes full <strong>and</strong> itis necessary to increase its size.A List structure is made up of headers <strong>and</strong> data elements. Each header can beused to break up different types of in<strong>for</strong>mation in the structure. There is amaximum of sixteen headers that any one structure can have. With each header,data elements contain the data that is stored in the structure. The number ofheaders <strong>and</strong> the size of each data element are defined to the Coupling Facilitywhen <strong>eTrust</strong> <strong>CA</strong>-<strong>Top</strong> <strong>Secret</strong> "connects" to the structure. <strong>eTrust</strong> <strong>CA</strong>-<strong>Top</strong> <strong>Secret</strong>only requires the use of one header. Multiple data elements can exist under thatone header.The total size of the structure is dependent on how the structure is defined to theCoupling Facility. The required size of the Coupling Facility structure can bedetermined using the TSSFAR utility. This is done when the systemsprogrammer defines the name of the structure. Next, the amount of data isdependent on how the structure is defined at connection time. The first systemto connect to a structure supplies in<strong>for</strong>mation on how the structure is set up. Forexample, the number of headers <strong>and</strong> the maximum data element size, are two ofmany factors determining the amount of data that can be placed in a structure.These factors are supplied at connection time <strong>and</strong> are used in a calculation that isdone during the connection.Once a List structure is full, no more data can be added to it. However, thesystem programmer can increase the size of the Coupling Facility structure withno disruption to the system, or rebuilt the structure characteristics with minimaldisruption to the system.The Coupling Facility design h<strong>and</strong>les any failure in it or its connections bydisconnecting <strong>and</strong> reverting to normal I/O processing. After the problem isresolved, the user must reactivate the Coupling Facility by reactivating thesysplex connection.3–2 Cookbook
Change language