IBM Support

VM65926: DirMaint support for NICDEF Security Controls

A fix is available

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as new function.

Error description

  • DirMaint NICDEF Security Controls support
    

Local fix

  • N/A
    

Problem summary

  • ****************************************************************
    * USERS AFFECTED: All DirMaint users exploiting the new NICDEF *
    *                 Security Support.                            *
    ****************************************************************
    * PROBLEM DESCRIPTION:                                         *
    ****************************************************************
    * RECOMMENDATION: APPLY PTF                                    *
    ****************************************************************
    With the PTFs for APARs VM65925, VM65926 and VM65931, the
    NICDEF user directory statement is enhanced to provide a
    set of new operands referred to as Directory Network
    Authorization (DNA). With DNA, a system administrator can
    configure and consolidate a virtual NIC device and its
    network properties in a secure, centralized loccation - a z/VM
    User Diretory.
    
    The following new NICDEF operands are supported by DNA:
    
       o PORTNUMBER <portnum>
       o PORTTYPE ACCESS|TRUNK
       o VLAN <vidset>
       o PROMISCUOUS|NOPROMISCUOUS
    
    This APAR, VM65926, specifically adds the Directory
    Maintenance Facility (DirMaint) support to
    accept and process the new operands on the NICDEF user
    directory statement and allows them to be specified through
    either the DirMaint command line or menu interface.
    
    In addition, both the VLAN <vidset> and
    PROMISCUOUS/NOPROMISCUOUS values will now be passed
    to the NICDEF Notification user exit (DVHXNN) and/or
    the RACF Connector Exit (DVHRVN) when the exit(s) are enabled
    and the operands are specified.
    

Problem conclusion

Temporary fix

Comments

  • - For information on the syntax and values of the new
      operands for the DirMaint NICDEF command see:
    
      SC24-6188-06 z/VM: Directory Maintenance Facility Commands
                         Reference
    
    - For information on the new parameters passed to the NICDEF
      Notification exit (DVHXNN) and/or the RACF Connector exit
      (DVHRVN) see:
    
      SC24-6190-06 z/VM: Directory Maintenance Facility Tailoring
                         and Administration Guide
    
    - The default authorization for the NICDEF command has been
      changed from G (General) to A (Administration,
      non-DASD related). If you wish to change the default you
      will need to follow the instructions in the
      z/VM: Directory Maintenance Facility Tailoring and
      Administration Guide, Chapter 3. 'Tailoring the DIRMAINT
      Service Machine' under the heading: 'Overriding and
      Supplementing the DirMaint Commands'.
    
    - A new configuration option, RACF_RDEFINE_VSWITCH_LAN,
      determines whether or not a RACF profile (via RDEFINE)
      should be added for a virtual switch or guest LAN if one does
      not currently exist during an 'add' operation. The default
      is YES. To change the default you will need to update your
      CONFIGxx DATADVH or CONFIGRC DATADVH file specifying:
    
             RACF_RDEFINE_VSWITCH_LAN=             NO
    
      For information on updating your CONFIGxx DATADVH or
      or CONFIGRC DATADVH file see the z/VM: Directory Maintenance
      Tailoring and Administration Guide, Chapter 3. 'Tailoring
      the DIRMAINT Service Machine' under the heading 'CONFIG
      DATADVH'.
    
    - Message DVH2209E has been updated and message DVH3898E has
      been added. For details see the
      z/VM: Directory Maintenance Facility Messages book.
    &#215;**** PE17/08/24 FIX IN ERROR. SEE APAR VM66065  FOR DESCRIPTION
    &#215;**** PE17/11/27 FIX IN ERROR. SEE APAR VM66097  FOR DESCRIPTION
    &#215;**** PE18/05/17 FIX IN ERROR. SEE APAR VM66163  FOR DESCRIPTION
    &#215;**** PE18/11/15 FIX IN ERROR. SEE APAR VM66227  FOR DESCRIPTION
    

APAR Information

  • APAR number

    VM65926

  • Reported component name

    IBM DIRMAINT-VM

  • Reported component ID

    5749DVH00

  • Reported release

    640

  • Status

    CLOSED UR1

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    YesSpecatt / New Function / Xsystem

  • Submitted date

    2016-10-28

  • Closed date

    2017-07-27

  • Last modified date

    2018-11-27

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

    UV61338

Modules/Macros

  • CONFIG   CONFIGRC DVHADD   DVHADZ   DVHAEZ   DVHBBXED DVHCHGID
    DVHGSDEV DVHMENUS DVHPURGE DVHREP   DVHRLDD  DVHRLN   DVHRUN
    DVHRVN   DVHUPDIR DVH2209  DVH3898  NICDEF   150ASERV 150AUSER
    150CMDS
    

Publications Referenced
SC24618806 GC24618905 SC24619006    

Fix information

  • Fixed component name

    IBM DIRMAINT-VM

  • Fixed component ID

    5749DVH00

Applicable component levels

  • R640 PSY UV61338

       UP17/08/02 P 1701  

Fix is available

  • Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.



Document information

More support for: z/VM family

Software version: 640

Operating system(s): z/VM

Reference #: VM65926

Modified date: 27 November 2018