IBM Support

VM65931: NICDEF SECURITY CONTROLS - RPIDIRCT UPDATE

A fix is available

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as new function.

Error description

  • RACF NICDEF Security Controls Support
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED: Users of the VMLAN class in RACF for z/VM;   *
    *                 Users of RPIDIRCT                            *
    ****************************************************************
    * PROBLEM DESCRIPTION:                                         *
    ****************************************************************
    * RECOMMENDATION: APPLY PTF                                    *
    ****************************************************************
    With the PTFs for APARs VM65925, VM65926 and VM65931, the
    NICDEF user directory statement is enhanced to provide a set
    of new operands referred to as Directory Network Authorization
    (DNA). With DNA, a system administrator can configure and
    consolidate a virtual NIC device and its network properties in
    a secure, centralized location - z/VM's User Directory.
    
    The PTF for this APAR VM65931 updates z/VM 6.4 RACF so that
    the RPIDIRCT utility can accommodate the new NICDEF statement
    keywords which influence network configuration.  With the new
    RPIDIRCT utility, these new keywords are automatically
    translated into VMLAN security permissions as part of
    building a new RACF database.
    
    This new RPIDIRCT utility is backwards-compatible
    with older versions of z/VM.
    
    New keywords supported include:
    * VLAN -- creates VLAN-specific VMLAN profiles
    * PROMISCUOUS -- adds ACCESS(CONTROL) to the VMLAN profile
    
    Refer to SC24-6218-06, z/VM V6.4 RACF Security Server Security
    Administrator's Guide (Chapter 10, section 'Protecting Guest
    LANs and Virtual Switches') for more information.  Refer to
    APAR VM65925 for more information about the new Directory
    Network Authorization functionality.
    

Problem conclusion

Temporary fix

Comments

  • RPIDIRCT is backwards-compatible with older releases of z/VM.
    Applying this PTF to a member of a Single System Image will not
    cause a functionality change when some or none of the member
    nodes have VM65925 applied.
    

APAR Information

  • APAR number

    VM65931

  • Reported component name

    RACF/VM SUPPORT

  • Reported component ID

    576700201

  • Reported release

    640

  • Status

    CLOSED UR1

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    YesSpecatt / New Function / Xsystem

  • Submitted date

    2016-11-03

  • Closed date

    2017-07-27

  • Last modified date

    2017-11-24

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

    UV61339

Modules/Macros

  • RPIDIRCT
    

Publications Referenced
SC24621806        

Fix information

  • Fixed component name

    RACF/VM SUPPORT

  • Fixed component ID

    576700201

Applicable component levels

  • R640 PSY UV61339

       UP17/08/02 P 1701  

Fix is available

  • Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.



Document information

More support for: z/VM family

Software version: 640

Operating system(s): VM/ESA, z/VM

Reference #: VM65931

Modified date: 24 November 2017