Quick Steps To CA Top Secret Mirroring Implementation.

Article Id: 17392
Status: Published
Updated On: 14-02-2018 08:06
Legacy Id: TEC618253
Products:
CA Cleanup , CA Datacom , CA CIS , CA Common Services for z/OS , CA 90s Services , CA Database Management Solutions for DB2 for z/OS , CA Common Product Services Component , CA Common Services , CA Datacom/AD , CA ecoMeter Server Component FOC , CA Easytrieve Report Generator for Common Services , CA Infocai Maintenance , CA IPC , Unicenter CA-JCLCheck Common Component , CA Mainframe VM Product Manager , CA Chorus Software Manager , CA On Demand Portal , CA Service Desk Manager - Unified Self Service , CA PAM Client for Linux for zSeries , CA Mainframe Connector for Linux on System z , CA Graphical Management Interface , CA Web Administrator for Top Secret , CA CA- Xpertware , CA Top Secret , CA Top Secret - LDAP , CA Top Secret - VSE
Issue/Introduction:

Description:

CA Top Secret r15 fix RO68239 introduces a new mirrored security file enhancement.
This enhancement can only be leveraged if SHRFILE(NO) is set.
As noted above, the mirror option can only be leveraged when SHRFILE is set to NO.
If SHRFILE(YES) is set, and the MIRROR parameter is set to MIRROR(ON), the following messages will result at startup:

TSS9247E Mirror File not supported with Shared Secfile
TSS9248I Security file Mirroring is Disabled

Solution:

RO68239 will not only introduce the necessary TSS code to deal with this new brand feature, it will also modify and/or add some members to CAKOJCL0installation library: TSS, TSSB, TSSM, TSSMAINM and VSAMDEFM.

Here are the go to the quick steps:

  1. Edit CAKOJCL0(VSAMDEFM), update it to comply with your standards.

    Submit it. It will allocate your VSAM MIRROR file.
    Note: It's important that the REUSE attribute is set.

  2. Edit CAKOJCL0(TSSMAIM), update it to comply with your standards.

    Submit it. It will allocate your MIRROR BDAM file and initialize your MIRROR BDAM and VSAM files.
    Note: The MIRROR BDAM file definition must identical to your PRIMARY BDAM file definition.

  3. Modify your CA Top Secret STC procedure to add the required DD cards to take in account your MIRROR files.

    For example:

    //SECMIRR DD DISP=SHR,DSN=&HLSEC..SECFILE.MIRROR
    //VSAMIRR DD DISP=SHR,DSN=&HLSEC..VSAMFILE.MIRROR

  4. Modify your CA Top Secret parameter file to set the new CA Top Secret control option MIRROR to ON.

    MIRROR(ON)

  5. Recycle your CA Top Secret address space.

    P TSS in temporary and restart it.
    S TSS,,,REINIT

    Note: ",,,REINIT" must be specified on the start.

  6. The first time you start mirroring, you will receive the following CA Top Secret messages: 
            TSS9237I SECMIRR out of sync with SECFILE          TSS9242I Mirror Synchronization Started            TSS9243I Mirror Synchronization Ended              TSS9240I Security file mirroring is active          On the next CA Top Secret restart, you will receive only:                TSS9107I VSAMFILE Successfully Opened             TSS9240I Security file mirroring is active         Here it an excerpt of the TSS MODI output to show the new TSS control option.         TSS9660I VERSION=15.0 KO                                                            TSS9661I        CA Top Secret BASE     Status                                         AUTH(OVERRIDE,ALLOVER)    ADMINBY(YES)                 CACHE(ON)                    Audit File(010%)          Recovery File(000%)          Security File(092%)          Vsam File(OPEN)           MIRROR(ON)                                                Id=PRIMARY                SHRFILE(NO)                  RCACHE(NO

    Also, please read the entire comment with RO68239, it will give some additional tips.

Environment:

Release: TOPSEC00200-15-Top Secret-Security
Component: