How can the use of CAISEC00 to start ACF2 be implemented one lpar at a time in a sysplex that has a shared SYS1.PARMLIB?

Document ID : KB000053841
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

The ACF2 SYS1.PARMLIB CAISEC00 member can be used in a sysplex environment with a shared PARMLIB and allow for different ACF2 startup options.

Solution:

CAISEC00 is the initial parmlib member processed during CA SAF startup processing. In a shared PARMLIB environment all lpars will load the same CAISEC00 member. A site can use MVS Symbolic Substitution and the SEC(xx) option to point to a unique CAISECxx member for each lpar based on the last two characters of the MVS system ID. THis will allow different startup options to be executed depending on which z/OS system lpar is performing the startup.

To set up MVS Symbolic Substitution for the MVS system ID, the &SYSCLONE symbolic can be used in the SYS1.PARMLIB member IEASYMxx to specify specific characters to be used from the MVS system ID as the symbol. The SYSDEF SYSCLONE statement in IEASYMxx specifies the starting postion and length of the MVS system ID &SYSNAME, syntax: "SYSDEF SYSCLONE(&SYSNAME(start:length))". For example, if the MVS system ID is SY01, the &SYSCLONE can be set to characters "01" of SY01 as follows:

 EDIT       SYS1.PARMLIB(IEASYM00) - 01.01                  Columns 00001 00072 
 Command ===>                                                  Scroll ===> CSR 
 ****** ***************************** Top of Data ****************************** 
 000001 SYSDEF  SYSCLONE(&SYSNAME(3:2))                                         
 ****** **************************** Bottom of Data **************************** 

The CAISEC00 SEC=xx(or SEC(xx)) option can be used to allow a site to maintain multiple CAISECxx parmlib members. CAISEC00 is the initial parmlib member processed during CA SAF startup processing. Within the CAISEC00 member, you might specify any of the valid initialization parameters, including SEC=xx to indicate that an alternate parmlib member should be processed. With MVS Symbolic Substitution you can used the &SYSCLONE symbol to point to a CAISECxx member unique to each lpar based on it's MVS system id. Each CAISECxx member can then use the &SYSCLONE symbol to point to a specific CAIACFxx member for each lpar based on the MVS system id as well.

The following is an example that demonstrates how this can be done for a sysplex containing 4 lpars with MVS system ids SY01, SY02, SY03, and SY04. The CAISEC00 member uses MVS Symbolic Substitution to point to CAISEC01, CAISEC02, CAISEC03 and CAISEC04. Each CAISEC0x (x = 1-4) can point to a corresponding CAIACF0x member with unique startup options. In this example CAISEC02, CAISEC03 and CAISEC04 have NOSTART specified so ACF2 will not be started with CAISECxx and can be started from the command table SYS1.PARMLIB(COMMNDxx).

            4 LPARS: SY01  SY02 SY03 sY04
                       \    |     |    /
                     Shared SYS1.PARMLIB
                          CAISEC00
                             |
               +---------+---------+---------+
               |         |         |         |
            CAISEC01 CAISEC02 CAISEC03 CAISEC04
               |
            CAIACF01 
 
   EDIT ---- SYS1.PARMLIB(CAISEC00) - 01.01 --------------- COLUMNS 001 072
   COMMAND ===> SCROLL ===> CSR
   ************************ TOP OF DATA *************************CAISEC00
   00000001 SEC(&SYSCLONE)
   *********************** BOTTOM OF DATA ***********************
   
   EDIT ---- SYS1.PARMLIB(CAISEC01) - 01.01 --------------- COLUMNS 001 072
   COMMAND ===> SCROLL ===> CSR
   ************************ TOP OF DATA *************************
   00000001 ACF2(&SYSCLONE START)
   *********************** BOTTOM OF DATA ***********************
   
   EDIT ---- SYS1.PARMLIB(CAISEC02) - 01.01 --------------- COLUMNS 001 072
   COMMAND ===> SCROLL ===> CSR
   ************************ TOP OF DATA *************************
   00000001 ACF2(&SYSCLONE NOSTART)
   *********************** BOTTOM OF DATA ***********************
   
   EDIT ---- SYS1.PARMLIB(CAISEC03) - 01.01 --------------- COLUMNS 001 072
   COMMAND ===> SCROLL ===> CSR
   ************************ TOP OF DATA *************************
   00000001 ACF2(&SYSCLONE NOSTART)
   *********************** BOTTOM OF DATA ***********************
   
   EDIT ---- SYS1.PARMLIB(CAISEC04) - 01.01 --------------- COLUMNS 001 072
   COMMAND ===> SCROLL ===> CSR
   ************************ TOP OF DATA *************************
   00000001 ACF2(&SYSCLONE NOSTART)
   *********************** BOTTOM OF DATA ***********************
   
   EDIT ---- SYS1.PARMLIB(CAIACF01) - 01.01 --------------- COLUMNS 001 072
   COMMAND ===> SCROLL ===> CSR
   ************************ TOP OF DATA *************************
   00000001 SYSID(SY01)
   00000002 BACKUP
   *********************** BOTTOM OF DATA ***********************

NOTE: There is no CAIACF02, CAIACF03, or CAIACF04 needed since corresponding CAISEC02, CAISEC03 and CAISEC04 have "NOSTART" specified for ACF2.

For details on ACF2 CAISECxx, CAIACFxx, CAITRCxx and symbolic subtitution see the ACF2 Security for z/OS
Installation Guide, Chapter 3: Installing CA ACF2, section: "Step 11: CA ACF2 System Initialization".

For details on System symbols in PARMLIB see the IBM z/OS System Installation and Management maunal, section "System symbols in PARMLIB".