6 easy steps to implementing Concurrent Action Processing.

Document ID : KB000009964
Last Modified Date : 14/02/2018
Show Technical Document Details
Introduction:

This document gives way to implementing Concurrent Action Processing in a few step.

It can be used as a checklist in complement of the implementation guide.

 

Background:

Description:

To Set-up and use Concurrent Action Processing, there are 6 tasks you need to complete.

  1. Update your C1DEFLTS table
  2. Define your Concurrent Action Processing procedure to CAICCI
  3. Create a cataloged procedure in a PROCLIB defined to JES
  4. Define the spawned task and default USER-ID to Security Package
  5. Activating Concurrent Action Processing
  6. Optionally modify ESI rules to limit who can submit concurrent processing jobs.
Environment:
z/OSCA Endevor from 15.0
Instructions:

1 - Update your C1DEFLTS table

The Concurrent Action Processing option requires that your site enable Global Type Sequencing. Update your C1DEFLTS table to include the PARMLIB and TYPESEQMBR.
For more information on how to set up Global Type Sequencing, please see the CA SCM for Mainframe Administrators Guide.

            PARMLIB='UPRFX.UQUAL.PARMLIB',     ENDVR PARMLIB        X             TYPESEQMBR=,             ENDEVOR TYPE SEQ MBR           X
PARMLIB indicates the Parmlib data set name, which is required to implement the Global Type Sequencing option, because it contains the Type Sequence member.

TYPESEQMBR Indicates the name of the Type Sequence member, which enables Global Type Sequencing. The Type Sequence member defines the type sequence order in which element actions are processed at your site, regardless of the action's inventory location. If you specify this parameter, you must also specify the Parmlib data set parameter. An empty Type Sequence member will force type sequencing by type name order.

To activate Concurrent Action Processing in your C1DEFLTS table, you need to ensure that SPAWN= Y is specified.

            SPAWN=Y                  ACTIVATE THE SPAWN FACILITY             SPAWNCNT=8,              SPAWN COUNT                             SPAWNMAX=99,             MAXIMUM SPAWN COUNT                     SPAWNPROC=ENDEVOR,       NAME OF SPAWN PROC
SPAWNCNT is the default number of spawned regions that will be started when Concurrent Action Processing is used. This value can be overridden by the EN$CAP nn DD card in your JCL. Testing has shown 8 to 12 provides the best performance.

SPAWNMAX is the maximum number of tasks that can be spawned by a single job. Specify a value that makes sense to you.

SPAWNPROC is t he one to eight-character name of the Concurrent Action Processing server. This name must be a CA CCI SERVICE definition service_name and a started task procedure name. A name is only required if the SPAWN indicator is set to a value of Y.

 

2 - Define your Concurrent Action Processing procedure to CAICCI

Append the Concurrent Action Processing spawn parameter file definition name SPNPARMS DD to the ENF procedure. You can use iprfx.iqual.CSIQOPTN(CAPCCI) as a model. If your site chooses to use a procname other than ENDEVOR, ensure that the SPAWNPROC parameter in the C1DEFLTS table, CCI SERVICE name and CCI PROC in the proclib member all contain the same value. For more information on how to perform this task, see the CA SCM for Mainframe Implementation Guide? How to enable Concurrent Action Processing.

            ********************************************************************            * CCI SERVICE STATEMENTS FOR ENDEVOR            ********************************************************************            ENDEVOR      SERVICE SERVER_NAME=MVS_START_SERVER,                               DEALLOCATE=TERMINATE,                               LOST_CLIENT=DEALLOCATE,                               MAX#_SERVICES=100,                               MAX#_CLIENTS=1,                               MAX#_PROCESSES=100,                               SERVICE_UNAVAILABLE=START_SERVICE,                               START=SPAWN_ONLY,                               SIGNON/NOPASSCHK=SERVICE            ********************************************************************            * CCI PROCESS STATEMENTS FOR ENDEVOR            ********************************************************************                               PROCESS PROCESS_TYPE=MVS_STC,                                                    PROCNAME=ENDEVOR,                               PARM='BC1PCPS0'

Note: This definition will not take effect immediately. It will take effect after CCI is recycled, or an IPL occurs. To see if your definitions are active, go to SYSVIEW/SDSF and list the ENF started task. Browse the SPNPRINT DDNAME. Look for ENDEVOR. If it is there, then the definition is active. For more information on the CAI-CCI Parameters, contact your local CCS390 Support Team.



3 - Create a cataloged procedure ENDEVOR in a PROCLIB defined to JES

You can use iprfx.iqual.CSIQJCL(ENDEVOR ) as a model. If your site chooses to use a procname other than ENDEVOR, ensure that the SPAWNPROC parameter in the C1DEFLTS table, CCI SERVICE name and CCI PROC in the PROCLIB member all contain the same value. (This is also the same as the PROCNAME= value specified in the CCI definitions.)

            //*-------------------------------------------------------------------*             //*                                                                   *             //*   COPYRIGHT (C) 1986-2013 CA. ALL RIGHTS RESERVED.                *             //*                                                                   *             //* NAME: ENDEVOR                                                     *             //*-------------------------------------------------------------------*             //*                                                                                 //ENDEVOR  PROC PKGID=                                                              //*                                                                                 // INCLUDE MEMBER=SCMM@SYM                                                          //NDVRBAT  EXEC PGM=NDVRC1,DYNAMNBR=1500,REGION=0M,                                 //  PARM=('C1BM3000,,&PKGID')                                                       // INCLUDE MEMBER=SCMM@LIB                                                          //*********************************************************************             //*             SORT WORK FILES                                       *             //*********************************************************************             //SORTWK01 DD UNIT=&T@DISK,SPACE=(CYL,(2,1))                                        //SORTWK02 DD UNIT=&T@DISK,SPACE=(CYL,(2,1))                                        //SORTWK03 DD UNIT=&T@DISK,SPACE=(CYL,(2,1))                                        //SORTWK04 DD UNIT=&T@DISK,SPACE=(CYL,(2,1))                                        //*********************************************************************             //*             PANVALET SUPPORT                                      *             //*********************************************************************             //C1TPDD01 DD UNIT=&T@DISK,SPACE=(CYL,3),                                           //            DCB=(RECFM=VB,LRECL=260)                                              //C1TPDD02 DD UNIT=&T@DISK,SPACE=(CYL,5),                                           //            DCB=(RECFM=VB,LRECL=260)                                              //C1TPLSIN DD UNIT=&T@DISK,SPACE=(CYL,3),                                           //            DCB=(RECFM=FB,LRECL=80)                                               //C1TPLSOU DD UNIT=&T@DISK,SPACE=(CYL,5)                                            //C1PLMSGS DD SYSOUT=*                                                              //*********************************************************************             //*  OUTPUT DATA SETS                                                 *             //*********************************************************************            //C1MSGS1  DD SYSOUT=*                                                               //C1PRINT  DD SYSOUT=*,DCB=(RECFM=FBA,LRECL=133)                                     //C1PRINTZ DD SYSOUT=*,DCB=(RECFM=FBA,LRECL=121)                                     //SYSUDUMP DD SYSOUT=*                                                               //SYMDUMP  DD DUMMY                                                                  //SYSOUT   DD SYSOUT=*                                                               //*********************************************************************              //*  REQUEST DATA SET                                                 *              //*********************************************************************              //BSTIPT01 DD UNIT=&T@DISK,SPACE=(TRK,(5,1),RLSE),                                   //            DCB=(RECFM=FB,LRECL=80)                                                //         PEND

 


4 - Define the spawned task and default USER-ID to your site Security Package

In order for ENF to spawn the SPAWNPROC defined to the C1DEFLTS table the task must be defined to your security package with a corresponding default userid. ENF will start the spawned task. The task will start under the security context of the default userid, but will then switch security context to that of the user submitting the Endevor job.

Review the following section that discusses the security software used at your site:

•CA Top Secret
•CA ACF2
•IBM RACF

In the examples that follow, 'ENDEVOR' is used as both the SPAWNPROC started task name and its corresponding userid.

If your site already has userid 'ENDEVOR' defined as the alternate userid (aka ALTID; C1DEFLTS RACFUID=ENDEVOR), do not use this for your task name or task userid, choose a different value.

4.1 - Configuring CA Top Secret Security

a) Define a new facility name ENDEVOR for CA Endevor SCM for Mainframe Concurrent Action Processing by adding the following definitions to the Top Secret Security parameter file (specified by the PARMFIELD DD statement):

 * USERnn FACILITY FOR
 *
 FAC(USERnn=NAME=ENDEVOR)
 FAC(ENDEVOR=xxxx)

Where 'xxxx' is any other facility control option(s) to be set other than the default(s). The facility can be defined dynamically using the TSS MODIFY command.

For example:TSS MODIFY(FAC(USERnn=NAME=ENDEVOR))

 TSS MODIFY(FAC(ENDEVOR=xxxx))
 The TSS MODIFY command is only valid until the next recycle of CA Top Secret.

b) Define a new ACID named ENDEVOR by entering the following command:

 TSS CRE(ENDEVOR) NAME(endevor user-id?) TYPE(USER) FAC(STC,ENDEVOR) PAS(xxxx,0)
 TSS ADD(ENDEVOR) FAC(STC)

CA Top Secret recommends all started task (STC) acids be given a password and OPTIONS(4) be set in the CA Top Secret parameter file. OPTIONS(4) will eliminate the prompt for a password when the STC starts, but if someone tries to sign on with the STC acid, that person will need to know the password.

The NODSNCHK, NORESCHK, and NOSUBCHK bypass attributes on the ENDEVOR ACID may be required. If not, make sure that the ACID is authorized to access all the files and resources it requires.

c) Give the ENDEVOR ACID a MASTFAC definition by entering the following command:

 TSS ADD(ENDEVOR) MASTFAC(ENDEV0R)

d) Assign userid ENDEVOR as the default ACID for the CAICCI spawned task ENDEVOR by entering the following command:

 TSS ADD(STC) PROCNAME(ENDEVOR) ACID(ENDEVOR)

e) Grant each user of CA SCM for Mainframe access to the ENDEVOR facility by entering the following command:

 TSS ADD(USER-ID) FAC(ENDEVOR

NOTE : For more information about defining a new facility, see your Top Secret Security Control Options guide. For more information about the CRE and ADD commands, see the Top-Secret Security command functions guide.


4.2 - Configuring CA ACF2 Security

a) Create an STC logon ID named ENDEVOR for the Concurrent Action Processing Started task by entering the following commands:
 ACF
 INSERT ENDEVOR NAME(ENDEVOR) STC

b) Verify that the ENDEVOR logon ID is defined with site-specific logon ID fields such as those fields used to create the UID string.

c) Verify that the ENDEVOR logon ID has access to all the datasets in the ENDEVOR task by writing CA-ACF2 security ACCESS rules for the logon id.

NOTE: For more information on any of the above information, please see the ACF2 Security Administration Guide and/or contact CA-ACF2 Technical Support.

 

4.3 - Configuring IBM RACF

This section provides basic instructions for customizing IBM RACF to allow the Concurrent Action Processing started task to initialize correctly. According to the RACF Security Administrator Guide, you can use either of the following methods to define a started task to RACF:

a) Define a new profile to the STARTED class (recommended by IBM)

b) Add a new entry in the started procedures table (ICHRIN03)

Additionally, you must assign a RACF user ID to the started task xxxxxxxx and assign the user ID to a RACF group authorized to initiate started procedures.
To define a RACF user ID for xxxxxxxx, use the ADDUSER command and associate it with your existing started task RACF group, as follows:

ADDUSER user_name DFLTGRP(default_group) OWNER(default_group) NOPASSWORD

Where:
user_name: Specifies the name of the new RACF user ID. This name should be the same as the name of the started task member in your PROCLIB that CA Endevor SCM feature Concurrent Action Processing uses.
default_group: Specifies the default group that contains all system started tasks; for example, STCGROUP.

Note: If you do not know the name of the default group, ask your RACF administrator.
For detailed information to implement the RACF STARTED class or to modify the started task table (ICHRIN03), see the RACF documentation.

Note: This command is only an example. For more information on using the ADDUSER command, ask your RACF administrator.

 

5 - Activating Concurrent Action Processing

If you create your own JCL:
In the JCL for the Endevor element actions job, include //EN$CAPnn DD SYSOUT=*.
nn specifies the number of Concurrent Action Processing started tasks that will be spawned. nn overrides SPAWNCNT but cannot exceed SPAWNMAX.
To use your SPAWNCNT default value, specify //EN$CAP DD SYSOUT=*.

If you use Endevor ISPF to generate your batch job:
You can have Endevor automatically add the EN$CAPnn DD card. For example, on the batch options menu, displayed below, you can set Concurrent Action Processing to 'Y' and set the Concurrent Number (which defaults to SPAWNCNT) to a value less than or equal to the SPAWNMAX. The generated JCL will include the EN$CAPnn DD card.

    1. OPTION===>                                                                                                                                                    1 BUILD SCL - Build batch SCL actions                              2 EDIT      - Edit request data set                                 3 SUBMIT    - Submit job for batch processing                        4 VALIDATE  - Check request data set for syntax errors                                                                                             Request Data Set:                                                                 Project ===> uprfx            Append     ===>  N (Y/N)                  Group   ===> uqual            Include JCL===>  N (Y/N)                   Type    ===> mylib            STOPRC     ===> 16 RC to stop processing     Member  ===> member           Concurrent Action Processing===> Y (Y/N)                                   Concurrent Number===> 08 Max 99   Other Partitioned or Sequential Data Set:                                DSNAME===>                                                                                                                                       Job Statement Information:                                       ===>//ENTER JOBCARD INFORMATION HERE    ===>           ===>

 

6 - Optionally modify ESI rules to limit who can submit concurrent processing jobs

Prior to initiating/spawning concurrent batch actions, ESI requests a ruling to determine whether the user is authorized to uses this facility. If the requestor does not have CAP access, an error message is issued and processing is terminated.

The Concurrent Action Processing security control point occurs at the following places:

- Prior to dispatching actions in an Endevor Batch job
- Prior to dispatching actions in a batch package execution
- Prior to dispatching actions in an Endevor API execution

If Concurrent Action Processing is requested for an Endevor Batch job, a batch package execution or API execution, Endevor ESI issues a RACROUTE request using the NAMEQU Format, CONCURRENT_ACT_PROC, to determine if the user has authority to invoke Concurrent Action Processing.

Define a rule for your site security package based on the CONCURRENT_ACT_PROC dataset name. This rule determines if the Concurrent Action Processing option is accessible to the user. A user must have READ authority for the pseudo-dataset name to be able to request CAP processing.

A sample CONCURRENT_ACT_PROC rule:
      NAMEQU CONCURRENT_ACT_PROC.
            L1=('C1'),
            L2=('CAP')

This becomes: C1.CAP at execution.

Additional Information:

For more information on the Concurrent Action Processing, please see the CA Endevor SCM Administrators Guide and Implementation Guide.

For Versions before 14.0, see TEC444243