How to implement RULELONG with the ACF2 databases
search cancel

How to implement RULELONG with the ACF2 databases

book

Article ID: 237359

calendar_today

Updated On:

Products

ACF2 - z/OS

Issue/Introduction

Details on how to implement RULELONG for the ACF2 databases.

RULELONG is required for pervasive Encryption support. Resource rules for key labels must specify a new resource rule parameter of "WHEN(CRITERIA(SMS(DSENCRYPTION)))". To specify the WHEN parameter in resource rules, you must have the RULELONG parameter that is configured in the GSO RULEOPTS record. If the RULELONG parameter is not enabled on your system, the rules that specify the WHEN parameter will not compile.

RULELONG is required for the rule entry 'ACTIVE' parameter. The ACTIVE parameter is valid only when the GSO RULEOPTS RULELONG parameter is set.

Environment

Release : 16.0

Component : ACF2 for z/OS

Resolution

To implement ACF2 RULELONG reverify the record size in the Rules and Infostorage databases of the DEFINE job. 
The size is initially set to 4KB. To increase the size, review the notes in the DEFINE 
job, and the following information regarding the RULELONG option:

■ Determine if you must increase the size of the rules. If you have only three to 
six rules that are larger than 4KB, do not increase the size, but make these rules 
and their NEXTKEYs resident in RESRULES or INFODIR, depending on their type.

■ Determine the size to make the rules. A RULELONG database typically increases 
the rule size 40 to 80 percent, but this could be as much as 100 percent. This is 
because the size of the index used in each rule doubles, from 1 to 2 bytes. 
Therefore, an increase from 4KB to 8KB does not gain much space.

Also, you should not just increase the database to 32KB. When a rule validation 
is performed, the CA ACF2 SVC GETMAINs a buffer equal to the largest possible 
rule size. If the database is defined as 32KB, the size of the buffer will also be 
32KB. As an example, assume there is one 30KB rule in the RULELONG 
databases and all others are 7KB or less. To avoid wasting storage, increase the 
size of the rules to 10 or 12KB, and NEXTKEY the one 30KB rule.

Determine the values for RECORDSIZE and CISIZE. The first RECORDSIZE value is 
an average size and should not be changed. The second value is the maximum 
value. CISIZE should be +8 or higher. For example:

12K RECORDSIZE(400,12280)
 CISIZE(12288)

16K RECORDSIZE(400,16376)
 CISIZE(16384)

32K RECORDSIZE(400,32760)
 CISIZE(32768)

■ Back up the databases with the BACKUP command. This updates the backup 
file and the alternate databases.

■ Make an extra copy of the backup on tape.

■ Stop CA ACF2 and restart it using the alternate database.

■ Delete the primary Rule and Infostorage databases and recreate them, 
specifying the new size.

■ REPRO from the backup sequential file into the Rule and Infostorage databases.

■ Stop CA ACF2 and restart it using the primary databases.

■ Change the GSO record RULEOPTS to RULELONG.

■ Refresh the GSO RULEOPTS record with the REFRESH command.

Powered by Wolken Software