Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
Setting up your system to use APPC/MVS and VTAM z/OS Security Server RACF System Programmer's Guide SA23-2287-00 |
|
This document assumes that you have a basic understanding of VTAM® and APPC/MVS. For information about configuring VTAM and implementing APPC/MVS, see z/OS MVS Initialization and Tuning Guide and z/OS MVS Planning: APPC/MVS Management. See also RACF Version 2 Release 2 Technical Presentation Guide and RACF Version 2 Release 2 Installation and Implementation Guide. When you define an RRSF node that uses the APPC protocol, you specify the LU name of the node on the TARGET command. The LU must be defined to VTAM on the node being TARGETed. LUs are defined through the LUADD statement in the APPCPMxx member of SYS1.PARMLIB. The LUs that you define for RRSF must be NOSCHED LUs. Guideline: Protect the information flowing between RRSF nodes by specifying VERIFY=REQUIRED on the APPC LU (ACB) definitions in the SYS1.VTAMLST library concatenation. If you specify VERIFY=REQUIRED, then to obtain
proper RACF® protection you
must activate the APPCLU class and must code the parameter CONVSEC(ALREADYV)
on the profiles in this class. The SETROPTS command issued to activate
the APPCLU class should specify:
You must create RACF profiles
to protect the APPC resources. Assume a network with two nodes MVS1
and MVS2, for example. Node MVS1 needs a profile similar to the following
for completion of the VERIFY=REQUIRED setup:
or,
if you have VTAM configured
with network-qualified names on (NQNAMES=YES):
You
get the netid or localnetid value
in the RDEFINE command from the NETID keyword in the VTAM ATCSTRxx SYS1.VTAMLST
member. The profile for node MVS1 might look like this:
Node
MVS2 needs a profile similar to the following to define the LU-LU
relationship from its perspective:
The
SESSKEY value in the RDEFINE commands for MVS1 and MVS2 must be identical.For RRSF, you must specify CONVSEC(ALREADYV) on the RDEFINE for the APPCLU resources. The RACF subsystem address space becomes an APPC/MVS server. It does this by registering through the Register_For_Allocates service of the APPC/MVS API. During the registration process, APPC/MVS uses RACF to determine if the caller is authorized to assume the server role for the requested transaction program. If the registration is successful, then APPC/MVS creates an allocate queue for the RRSF APPC server, which is a task within the RACF subsystem address space. The RRSF APPC server then becomes responsible for processing the allocate requests for which it has registered. |
Copyright IBM Corporation 1990, 2014
|