search cancel

Configuring Top Secret Security in a SYSPLEX

book

Article ID: 213716

calendar_today

Updated On:

Products

Top Secret

Issue/Introduction

What needs to be done to share Top Secret's security file in a SYSPLEX? 

Environment

Release : 16.0

Component : CA Top Secret for z/OS

Resolution

Top Secret supports two features of sysplex: XES and XCF.

1. XES is the z/OS Coupling Facility service that allows sharing of data across the SYSPLEX. CA Top Secret uses an XES list structure to share file blocks between all connected systems. XES enables CA Top Secret to share data between systems joined to the Coupling Facility sharing the same Security File.

2. XCF is a message routing facility, used by CA Top Secret to propagate commands issued on one system to all the other connected systems. XCF enables CA Top Secret to send TSS MODIFY commands to other systems in the sysplex joined to the sending-systems' group. XCF can be active even when XES is not used. This is the case when the CONNECT command only has a group-name but no structure-name.

~

There are two steps to share the security file in a structure.  
1. Define the structure to the SYSPLEX.
    SETXCF START,ALTER,STRNAME=strname,SIZE=nnn]

2. Set the SYSPLEX control option to tell Top Secret the name of the structure:
    SYSPLEX(connect-name,group-name,structure-name)
          |(DISCONNECT[XES])
          |(TRACE(ON|OFF))

Which steps are documented here (step 1):
Coupling Facility Management

and here (step 2): 
SYSPLEX—Control XES and XCF Availability

There are two steps to setup the SYSPLEX XCF function:
1. Set the XCF control option
    F TSS,SYSPLEX(SYSTEM1,GROUP1)
    or
    F TSS,SYSPLEX(,GROUP1)

2. Own and PERMIT
    TSS ADDTO(dept) IBMFAC(MVSADMIN)
    TSS PERMIT(user) IBMFAC(MVSADMIN.XCF.ARM) ACCESS(READ | UPDATE)
    TSS PERMIT(user) IBMFAC(MVSADMIN.XCF.CFRM) ACCESS(READ | UPDATE)
    TSS PERMIT(user) IBMFAC(MVSADMIN.XCF.LOGR) ACCESS(READ | UPDATE)
    TSS PERMIT(user) IBMFAC(MVSADMIN.XCF.SFM) ACCESS(READ | UPDATE)

Which steps are documented here (step 1): SYSPLEX—Control XES and XCF Availability 

and here (step 2): SYSPLEX XCF Function