Can I share the same SMP/E zones or CSI for both CA-ACF2 and CA-Top Secret?

Document ID : KB000026324
Last Modified Date : 14/02/2018
Show Technical Document Details

Question:

My site has both CA-ACF2 and CA-Top Secret. Since they share a common CA-SAF FMID  can the same SMP/E zones be used for both ACF2 and Top Secret?

Answer:

No, you should not share the same target and distribution zones when ACF2 and Top Secret are at the same release level. Even though the SAF FMID and modules are the same, the internal code has differences specific to each security product (ACF2 and Top Secret), so you should not share the same zones.

Although it is technically possible to share the same SMP/E global zone, we still do not recommend this. The SMPMCS statements for the SAF FMID have differences between ACF2 and Top Secret (e.g. prerequisites), and the associated relfiles contain code differences that could cause product maintenance problems. Even if you diligently ensure that one product is completely installed and the associated FMIDs are purged from the global zone, the consequences of forgetting to single thread these installs far outweigh the minimal benefit of trying to share the same global zone.

You can share the same global SMP/E zone when CA-ACF2 and CA-Top Secret are at different release levels (the SAF FMID would be different) but we still recommend that you do not share the global zone, because future upgrades could result with both ACF2 and Top Secret being at the same level.

CA recommends that CA ACF2 and CA Top Secret be installed into separate SMP/E environments.