z/OS Common Information Model User's Guide
Previous topic | Next topic | Contents | Index | Contact z/OS | Library | PDF


Setting up the CIM server for RMF monitoring

z/OS Common Information Model User's Guide
SC34-2671-00

Setting up the CIM server for RMF monitoring

If you have installed RMF™, you should consider the following setup for the connection of your RMF CIM providers to the RMF Distributed Data Server (DDS).

  1. The CIM monitoring providers can automatically locate an active RMF DDS in the sysplex. When the DDS is restarted on different systems through RMF management, or through manual action, the CIM monitoring providers can connect to an active DDS without additional configuration. To enable this option, comment out or omit the RMF_CIM_HOST environment variable from your cimserver.env file.

    For more information on the RMF-managed DDS refer to "Starting the Distributed Data Server" in the z/OS® RMF Users Guide.

  2. The CIM monitoring providers support PassTicket authentication to the DDS. In this case the HTTP_NOAUTH option must be disabled. Secure signon through PassTickets needs to be enabled in your security manager.

    If you are using z/OS Security Server (RACF®), the following commands can be used (for more information about configuring RACF to use PassTicket services, refer to z/OS Security Server RACF Security Administrator's Guide):

    • Activate the PTKTDATA class and the SETROPTS RACLIST processing:
      Example for RACF: 
      SETROPTS CLASSACT(PTKTDATA) RACLIST(PTKTDATA) GENERIC(PTKTDATA)
    • Define the application GPMSERVE to your security product.

      The application is defined through the SAF profile GPMSERVE in class PTKTDATA. <keymask>is the secret passkey shared with the application.

      Example for RACF: 
      RDEFINE PTKTDATA GPMSERVE SSIGNON(KEYMASKED(<keymask>))
SETROPTS RACLIST(PTKTDATA) REFRESH
    • Define an access profile for the PassTicket service.
      Example for RACF: 
      RDEFINE PTKTDATA IRRPTAUTH.GPMSERVE.* UACC(NONE)
    • Grant the CIM server UPDATE access to the generic profile IRRPTAUTH.GPMSERVE.* in class PTKTDATA.

      This enables the CIM server user to create PassTickets on behalf of other users for authentication with GPMSERVE.

      Example for RACF: 
      PERMIT IRRPTAUTH.GPMSERVE.* CL(PTKTDATA) ID(CFZSRV) ACCESS(UPDATE)
    • Activate the changes.
      Example for RACF: 
      SETROPTS RACLIST(PTKTDATA) REFRESH

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014