Quick Steps To CA Top Secret Mirroring Implementation.

book

Article ID: 17392

calendar_today

Updated On:

Products

CA Cleanup CA Datacom - DB CA Datacom CA Datacom - AD CA Datacom - Server CA CIS CA Common Services for z/OS CA 90s Services CA Database Management Solutions for DB2 for z/OS CA Common Product Services Component CA Common Services CA Datacom/AD CA ecoMeter Server Component FOC CA Easytrieve Report Generator for Common Services CA Infocai Maintenance CA IPC Unicenter CA-JCLCheck Common Component CA Mainframe VM Product Manager CA Chorus Software Manager CA On Demand Portal CA Service Desk Manager - Unified Self Service CA PAM Client for Linux for zSeries CA Mainframe Connector for Linux on System z CA Graphical Management Interface CA Web Administrator for Top Secret CA CA- Xpertware CA Top Secret CA Top Secret - LDAP CA Top Secret - VSE

Issue/Introduction

Description:

CA Top Secret r15 fix RO68239 introduces a new mirrored security file enhancement.
This enhancement can only be leveraged if SHRFILE(NO) is set.
As noted above, the mirror option can only be leveraged when SHRFILE is set to NO.
If SHRFILE(YES) is set, and the MIRROR parameter is set to MIRROR(ON), the following messages will result at startup:

TSS9247E Mirror File not supported with Shared Secfile
TSS9248I Security file Mirroring is Disabled

Solution:

RO68239 will not only introduce the necessary TSS code to deal with this new brand feature, it will also modify and/or add some members to CAKOJCL0installation library: TSS, TSSB, TSSM, TSSMAINM and VSAMDEFM.

Here are the go to the quick steps:

  1. Edit CAKOJCL0(VSAMDEFM), update it to comply with your standards.

    Submit it. It will allocate your VSAM MIRROR file.
    Note: It's important that the REUSE attribute is set.

  2. Edit CAKOJCL0(TSSMAIM), update it to comply with your standards.

    Submit it. It will allocate your MIRROR BDAM file and initialize your MIRROR BDAM and VSAM files.
    Note: The MIRROR BDAM file definition must identical to your PRIMARY BDAM file definition.

  3. Modify your CA Top Secret STC procedure to add the required DD cards to take in account your MIRROR files.

    For example:

    //SECMIRR DD DISP=SHR,DSN=&HLSEC..SECFILE.MIRROR
    //VSAMIRR DD DISP=SHR,DSN=&HLSEC..VSAMFILE.MIRROR

  4. Modify your CA Top Secret parameter file to set the new CA Top Secret control option MIRROR to ON.

    MIRROR(ON)

  5. Recycle your CA Top Secret address space.

    P TSS in temporary and restart it.
    S TSS,,,REINIT

    Note: ",,,REINIT" must be specified on the start.

  6. The first time you start mirroring, you will receive the following CA Top Secret messages: 
            TSS9237I SECMIRR out of sync with SECFILE          TSS9242I Mirror Synchronization Started            TSS9243I Mirror Synchronization Ended              TSS9240I Security file mirroring is active          On the next CA Top Secret restart, you will receive only:                TSS9107I VSAMFILE Successfully Opened             TSS9240I Security file mirroring is active         Here it an excerpt of the TSS MODI output to show the new TSS control option.         TSS9660I VERSION=15.0 KO                                                            TSS9661I        CA Top Secret BASE     Status                                         AUTH(OVERRIDE,ALLOVER)    ADMINBY(YES)                 CACHE(ON)                    Audit File(010%)          Recovery File(000%)          Security File(092%)          Vsam File(OPEN)           MIRROR(ON)                                                Id=PRIMARY                SHRFILE(NO)                  RCACHE(NO

    Also, please read the entire comment with RO68239, it will give some additional tips.

Environment

Release: TOPSEC00200-15-Top Secret-Security
Component:
Powered by Wolken Software