How it Works
IBM
Loading...
GC28-1920-01
User Manual
110 pgs486.19 Kb0

IBM GC28-1920-01 User Manual

OS/390
IBM
Security Server (RACF) Planning: Installation and Migration
Place graphic in this
area. Outline is
keyline only. DO NOT PRINT.
GC28-1920-01
OS/390 IBM
Security Server (RACF) Planning: Installation and Migration
GC28-1920-01
Note
Before using this information and the product it supports, be sure to read the general information under “Notices” on page xi.
Second Edition, September 1996
This is a major revision of GC28-1920-00. This edition applies to Version 1 Release 2 of OS/390 (5645-001) and to all subsequent releases and modifications until otherwise
indicated in new editions. Order publications through your IBM representative or the IBM branch office serving your locality. Publications are not stocked at the
address below. IBM welcomes your comments. A form for readers' comments may be provided at the back of this publication, or you may address
your comments to the following address:
International Business Machines Corporation Department 55JA, Mail Station P384 522 South Road
Poughkeepsie, NY 12601-5400
United States of America
FAX (United States & Canada): 1+914+432-9405 FAX (Other Countries):
Your International Access Code +1+914+432-9405
IBMLink (United States customers only): KGNVMC(MHVRCFS) IBM Mail Exchange: USIB6TC9 at IBMMAIL Internet e-mail: mhvrcfs@vnet.ibm.com
World Wide Web: http://www.s390.ibm.com/os390 If you would like a reply, be sure to include your name, address, telephone number, or FAX number. Make sure to include the following in your comment or note:
Title and order number of this bookPage number or topic related to your comment
When you send information to IBM, you grant IBM a nonexclusive right to use or distribute the information in any way it believes appropriate without incurring any obligation to you.
Copyright International Business Machines Corporation 1994, 1996. All rights reserved.
Note to U.S. Government Users — Documentation related to restricted rights — Use, duplication or disclosure is subject to restrictions set forth in GSA ADP Schedule Contract with IBM Corp.
iii
iv OS/390 V1R2.0 Security Server (RACF) Planning: Installation and Migration
Contents
Notices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi
Trademarks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xii
About This Book ................................... xiii
Who Should Use This Book .............................. xiii
How to Use This Book ................................. xiii
Where to Find More Information ........................... xiv
Softcopy Publications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiv
RACF Courses .................................... xv
IBM Systems Center Publications ......................... xv
Other Sources of Information ........................... xvi
To Request Copies of IBM Publications ..................... xvii
Elements and Features in OS/390 ......................... xviii
Summary of Changes ................................ xxi
Chapter 1. Planning for Migration ......................... 1
Migration Planning Considerations ........................... 1
Installation Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
Customization Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
Administration Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
Auditing Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Operational Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Application Development Considerations ....................... 3
General User Considerations .............................. 3
Chapter 2. Release Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
New and Enhanced Support .............................. 5
OS/390 OpenEdition DCE .............................. 6
OS/390 OpenEdition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
SOMobjects for MVS ................................. 8
SystemView for MVS ................................. 8
Multisystem Nodes in an RRSF Network ..................... 9
OS/390 Enable and Disable Functions ...................... 10
Year 2000 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
NetView . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Airline Control System/MVS (ALCS/MVS) .................... 11
Information Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Sharing a RACF Database with a VM System Running RACF 1.10 ..... 11
IRRUT100 Support for the FILE and DIRECTRY classes ........... 11
Enhanced Support for Coupling Facility Structure Rebuild .......... 11
Function Not Upgraded ................................ 12
Chapter 3. Summary of Changes to RACF Components for OS/390
Release 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Class Descriptor Table (CDT) ............................ 13
Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Data Areas . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Exits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Macros . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Copyright IBM Corp. 1994, 1996 v
Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Panels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Publications Library . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Routines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
SYS1.SAMPLIB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Utilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Chapter 4. Planning Considerations . . . . . . . . . . . . . . . . . . . . . . . 23
Migration Strategy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Migration Paths for OS/390 Release 2 Security Server (RACF) ......... 23
Hardware Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Software Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Compatibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Compatibility Considerations for Remote Sharing ................ 25
Chapter 5. Installation Considerations . . . . . . . . . . . . . . . . . . . . . . 27
Enabling RACF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Considerations for RRSF Networks ......................... 27
RACF Storage Considerations ............................ 32
Virtual Storage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Customer Additions to the CDT ........................... 33
Templates for RACF on OS/390 Release 2 ..................... 34
Chapter 6. Customization Considerations . . . . . . . . . . . . . . . . . . . 35
Customer Additions to the CDT ........................... 35
Exit Processing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Effects of OS/390 OpenEdition DCE Support on ICHRCX01, ICHRCX02, and
IRRSXT00 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
RACROUTE REQUEST=DEFINE Preprocessing Exit (ICHRDX01) ..... 36
Chapter 7. Administration Considerations . . . . . . . . . . . . . . . . . . . 37
OS/390 OpenEdition DCE ............................... 37
Cross-Linking Between RACF Users and DCE Principals ........... 37
Single Signon to DCE ............................... 38
OS/390 OpenEdition DCE Application Considerations ............. 39
Enhancements to the Remove ID Utility ..................... 42
SOMobjects for MVS .................................. 42
SystemView for MVS ................................. 43
Chapter 8. Auditing Considerations . . . . . . . . . . . . . . . . . . . . . . . 45
SMF Records . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Auditing New OS/390 OpenEdition MVS Services ................. 46
Auditing OS/390 OpenEdition DCE Support .................... 47
Auditing SystemView for MVS Support ....................... 47
Report Writer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
SMF Data Unload Utility ................................ 47
vi OS/390 V1R2.0 Security Server (RACF) Planning: Installation and Migration
Chapter 9. Operational Considerations . . . . . . . . . . . . . . . . . . . . . 49
Enhancements to the RESTART Command .................... 49
Enabling and Disabling RACF ............................ 49
Chapter 10. Application Development Considerations ............ 51
Year 2000 Support ................................... 51
OS/390 OpenEdition DCE Application Servers ................... 51
New Application Services and Security ...................... 52
New Application Authorization Service ...................... 53
Changes to the Class Descriptor Table ....................... 53
Programming Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Chapter 11. General User Considerations .................... 55
OS/390 OpenEdition DCE ............................... 55
Chapter 12. NJE Considerations . . . . . . . . . . . . . . . . . . . . . . . . . 57
APAR OW14451 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Before Applying the PTF for APAR OW08457 ................. 57
After Applying the PTF for APAR OW08457 ................... 57
Actions Required . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
APAR OW15408 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Chapter 13. Scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Migrating an Existing RRSF Network to Use Multisystem Nodes ........ 61
Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Contents vii
viii OS/390 V1R2.0 Security Server (RACF) Planning: Installation and Migration
Figures
1. Function Shipped In OS/390 Release 1 Security Server (RACF) ...... 5
2. Function Introduced After the Availability of OS/390 Release 1 Security
Server (RACF) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
3. Function Introduced In OS/390 Release 2 Security Server (RACF) ..... 6
4. Function Not Shipped In OS/390 Release 2 Security Server (RACF) ... 6
5. Function Not Upgraded ............................. 12
6. New Classes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
7. Changed Classes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
8. Changes to RACF Commands ......................... 15
9. Changes to SAF GUPI Data Areas ...................... 16
10. Changes to PSPI Data Areas ......................... 16
11. Changed Exits for RACF ............................ 17
12. Changed Macros for RACF ........................... 17
13. Changed Panels for RACF ........................... 19
14. Changes to the RACF Publications Library .................. 19
15. Changes to Routines .............................. 19
16. Changes to SYS1.SAMPLIB .......................... 20
17. Changes to Templates ............................. 21
18. Changes to Utilities ............................... 22
19. Software Requirements for New Function .................. 25
20. JCL to Rename the Workspace Data Sets .................. 30
21. RACF Estimated Storage Usage ....................... 32
22. New Event Codes ................................ 45
23. Changes to SMF Records ........................... 45
24. An RRSF Network Where Two Single System Nodes Share a RACF
Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Copyright IBM Corp. 1994, 1996 ix
x OS/390 V1R2.0 Security Server (RACF) Planning: Installation and Migration
Notices
References in this publication to IBM products, programs, or services do not imply that IBM intends to make these available in all countries in which IBM operates.
Any reference to an IBM product, program, or service is not intended to state or imply that only IBM's product, program or service may be used. A functionally equivalent product, program, or service which does not infringe on any of IBM's intellectual property rights may be used instead of the IBM product, program or service. Evaluation and verification of operation in conjunction with other products, programs, or services, except those expressly designated by IBM, is the user's responsibility.
IBM may have patents or pending patent applications covering subject matter in this document. The furnishing of this document does not give you any license to these patents. You can send license inquiries, in writing, to:
IBM Director of Licensing
IBM Corporation
500 Columbus Avenue Thornwood, NY 10594
USA Licensees of this program who wish to have information about it for the purpose of
enabling: (i) the exchange of information between independently created programs and other programs (including this one) and (ii) the mutual use of the information which has been exchanged, should contact:
IBM Corporation Mail Station P300 522 South Road Poughkeepsie, NY 12601-5400 USA Attention: Information Request
Such information may be available, subject to appropriate terms and conditions, including in some cases, payment of a fee.
Copyright IBM Corp. 1994, 1996 xi
Trademarks
The following terms are trademarks of the IBM Corporation in the United States or other countries or both:
AS/400 BookManager CICS CICS/ESA DB2 DFSMS DFSMS/MVS IBM IBMLink IMS Library Reader MVS MVS/ESA MVS/XA NetView OpenEdition OS/2 OS/390 Parallel Sysplex RACF RETAIN SOM SOMobjects SystemView S/390 System/390 TalkLink VM/ESA VM/XA
UNIX is a registered trademark in the United States and other countries licensed exclusively through X/Open Company Limited.
Windows is a trademark of Microsoft Corporation. Other company, product, and service names, which may be denoted by a double
asterisk (**), may be trademarks or service marks of others.
xii OS/390 V1R2.0 Security Server (RACF) Planning: Installation and Migration
About This Book
This book contains information about the Resource Access Control Facility (RACF), which is part of the OS/390 Security Server. The Security Server has two components:
RACF
OpenEdition DCE Security Server
For information about the OpenEdition DCE Security Server, see the publications related to that component.
This book provides information to guide you through the migration process from OS/390 Release 1 Security Server (RACF) or RACF 2.2 to OS/390 Release 2 Security Server (RACF).
The purpose of this book is to ensure an orderly transition to a new RACF release. It is release prior to Security Server (RACF) Release 2. First-time RACF customers should read directory shipped with the product when they are ready to install the product.
not
intended for customers installing RACF for the first time or installing a
OS/390 Security Server (RACF) Introduction
and use the program
Who Should Use This Book
This book is intended for experienced system programmers responsible for migrating from OS/390 Release 1 Security Server (RACF) or RACF 2.2 to OS/390 Release 2 Security Server (RACF). This book assumes you have knowledge of OS/390 Release 1 Security Server (RACF) or RACF 2.2.
If you are migrating from a RACF release prior to 2.2, you should also read previous versions of this book, as described in “Migration Paths for OS/390 Release 2 Security Server (RACF)” on page 23.
How to Use This Book
This book is organized in the following order:
Chapter 1, “Planning for Migration” on page 1, provides information to help you
plan your installation's migration to the new release of RACF.
Chapter 2, “Release Overview” on page 5, provides an overview of support in
the new release.
Chapter 3, “Summary of Changes to RACF Components for OS/390 Release
2” on page 13, lists specific new and changed support for the new release.
Chapter 4, “Planning Considerations” on page 23, describes high-level
migration considerations for customers upgrading to the new release of RACF from previous levels of RACF.
Chapter 5, “Installation Considerations” on page 27, highlights information
about installing the new release of RACF.
Chapter 6, “Customization Considerations” on page 35, highlights information
about customizing function to take advantage of new support after the new release of RACF is installed.
Copyright IBM Corp. 1994, 1996 xiii
Chapter 7, “Administration Considerations” on page 37, summarizes changes
to administration procedures for the new release of RACF.
Chapter 8, “Auditing Considerations” on page 45, summarizes changes to
auditing procedures for the new release of RACF.
Chapter 9, “Operational Considerations” on page 49, summarizes changes to
operating procedures for the new release of RACF.
Chapter 10, “Application Development Considerations” on page 51, identifies
changes in the new release of RACF that might require changes to an installation's existing programs.
Chapter 11, “General User Considerations” on page 55, summarizes new
support that may affect general user procedures.
Chapter 13, “Scenarios” on page 61, contains migration scenarios illustrating
steps customers might take in migrating to the new release of RACF in different situations.
Where to Find More Information
Where necessary, this book references information in other books. For complete titles and order numbers for all products that are part of OS/390, see
Information Roadmap
Softcopy Publications
The OS/390 Security Server (RACF) library is available on the following CD-ROMs. The CD-ROM collections include the IBM Library Reader, a program that enables customers to read the softcopy books.
The
This softcopy collection kit contains the OS/390 Security Server (RACF) library. It also contains the RACF/MVS Version 2 product libraries, the RACF/VM 1.10 product library, product books from the OS/390 and VM collections, International Technical Support Organization (ITSO) books, and Washington System Center (WSC) books that contain substantial amounts of information related to RACF. The kit does not contain any licensed publications. By using this CD-ROM, you have access to RACF-related information from IBM products such as OS/390, VM, CICS, and NetView without maintaining shelves of hardcopy documentation or handling multiple CD-ROMs. To get more information on the the advertisement at the back of the book.
The
, GC28-1727.
OS/390 Security Server (RACF) Information Package
OS/390 Security Server (RACF) Information Package
OS/390 Collection Kit
, SK2T-6700
OS/390
, SK2T-2180
, see
This softcopy collection contains a set of OS/390 and related product books. This kit contains both unlicensed and licensed books.
The
Online Library Omnibus Edition MVS Collection Kit,
This softcopy collection contains a set of key MVS and MVS-related product books. It also includes the RACF Version 2 product libraries.
Server (RACF) Messages and Codes
is also available as part of
Productivity Edition Messages and Codes Collection,
SK2T-0710
OS/390 Security
Online Library
SK2T-2068.
xiv OS/390 V1R2.0 Security Server (RACF) Planning: Installation and Migration
RACF Courses
The following RACF classroom courses are also available:
Effective RACF Administration,
MVS/ESA RACF Security Topics,
Implementing RACF Security for CICS/ESA,
IBM provides a variety of educational offerings for RACF. For more information on classroom courses and other offerings, see your IBM representative,
Mainframe Training Solutions
(1-800-426-8322).
IBM Systems Center Publications
IBM systems centers produce “red” and “orange” books that can be helpful in setting up and using RACF.
These books have not been subjected to any formal review nor have they been checked for technical accuracy, but they represent current product understanding (at the time of their publication) and provide valuable information on a wide range of RACF topics. They are not shipped with RACF. You must order them separately. A selected list of these books follows:
H3927
H3918
H3992
IBM
, GR28-5467, or call 1-800-IBM-TEACH
Systems Security Publications Bibliography,
Elements of Security: RACF Overview - Student Notes,
Elements of Security: RACF Installation - Student Notes,
Elements of Security: RACF Advanced Topics - Student Notes,
RACF Version 2 Release 2 Technical Presentation Guide,
RACF Version 2 Release 2 Installation and Implementation Guide
Enhanced Auditing Using the RACF SMF Data Unload Utility,
RACF Macros and Exit Coding,
RACF Support for Open Systems Technical Presentation Guide,
DFSMS and RACF Usage Considerations,
Introduction to System and Network Security: Considerations, Options, and Techniques,
Network Security Involving the NetView Family of Products,
System/390 MVS Sysplex Hardware and Software Migration,
Secured Single Signon in a Client/Server Environment,
Tutorial: Options for Tuning RACF,
GG24-3451
GG24-3984
GG22-9396
G320-9279
GG24-3970
GG24-3971
GG24-3972
GG24-2539
, SG24-4580
GG24-4453
GG26-2005
GG24-3378
GG24-3524
GC28-1210
GG24-4282
Other books are available, but they are not included in this list either because the information they present has been incorporated into IBM product manuals or because their technical content is outdated.
About This Book xv
Other Sources of Information
IBM provides customer-accessible discussion areas where RACF may be discussed by customer and IBM participants. Other information is available through the Internet.
IBM Discussion Areas
Two discussion areas provided by IBM are the MVSRACF discussion and the SECURITY discussion.
MVSRACF
MVSRACF is available to customers through IBM's TalkLink offering. To access MVSRACF from TalkLink:
1. Select S390 (the S/390 Developers' Association)
2. Use the fastpath keyword: MVSRACF
SECURITY
SECURITY is available to customers through IBM's DialIBM offering, which may be known by other names in various countries. To access SECURITY:
1. Use the CONFER fastpath option
2. Select the SECURITY CFORUM
Contact your IBM representative for information on TalkLink, DialIBM, or equivalent offerings for your country, and for more information on the availability of the MVSRACF and SECURITY discussions.
Internet Sources
The following resources are available through the Internet:
RACF home page
You can visit the RACF home page on the World Wide Web using this address:
http://www.s39ð.ibm.com/products/racf/racfhp.html
RACF-L discussion list
Customers and IBM participants may also discuss RACF on the RACF-L discussion list. RACF-L is not operated or sponsored by IBM; it is run by the University of Georgia.
To subscribe to the RACF-L discussion, so you can receive postings, send a note to:
listserv@uga.cc.uga.edu
Include the following line in the body of the note, substituting your first name and last name as indicated:
subscribe racf-l first_name last_name
To post a question or response to RACF-L, send a note to:
racf-l@uga.cc.uga.edu
Include an appropriate Subject: line.
Sample code
xvi OS/390 V1R2.0 Security Server (RACF) Planning: Installation and Migration
You can get sample code, internally-developed tools, and exits to help you use RACF. All this code works1, but is not officially supported. Each tool or sample has a README file that describes the tool or sample and any restrictions on its use.
The simplest way to reach this code is through the RACF home page. From the home page, click on System/390 FTP Servers under the topic, “RACF Sample Materials.”
The code is also available from lscftp.pok.ibm.com through anonymous ftp. To get access:
1. Log in as user anonymous
2. Change the directory (cd) to /pub/racf/mvs to find the subdirectories that contain the sample code. We'll post an announcement on RACF-L, MVSRACF, and SECURITY CFORUM whenever we add anything.
Restrictions
Because the sample code and tools are not officially supported,
There are no guaranteed enhancementsNo APARs can be accepted
The name and availability of the ftp server may change in the future. We'll post an announcement on RACF-L, MVSRACF, and SECURITY CFORUM if this happens.
However, even with these restrictions, it should be useful for you to have access to this code.
To Request Copies of IBM Publications
Direct your request for copies of any IBM publication to your IBM representative or to the IBM branch office serving your locality.
There is also a toll-free customer support number (1-800-879-2755) available Monday through Friday from 6:30 a.m. through 5:00 p.m. Mountain time. You can use this number to:
Order or inquire about IBM publicationsResolve any Software Manufacturing or delivery concernsActivate the Program Reorder Form to provide faster and more convenient
ordering of software updates
See the advertisement at the back of the book for information about the
Security Server (RACF) Information Package
OS/390
.
1
In our environment, at the time we make it available
About This Book
xvii
Elements and Features in OS/390
You can use the following table to see the relationship of a product you are familiar with and how it is referred to in OS/390 Release 2. OS/390 Release 2 is made up of elements and features that contain function at or beyond the release level of the products listed in the following table. The table gives the name and level of each product on which an OS/390 element or feature is based, identifies the OS/390 name of the element or feature, and indicates whether it is part of the base or optional. For more compatibility information about OS/390 elements see
Product Name and Level Name in OS/390 Base or
BookManager BUILD/MVS V1R3 BookManager BUILD optional BookManager READ/MVS V1R3 BookManager READ base MVS/Bulk Data Transfer V2 Bulk Data Transfer (BDT) base MVS/Bulk Data Transfer File-to-File V2 Bulk Data Transfer (BDT) File-to-File optional MVS/Bulk Data Transfer SNA NJE V2 Bulk Data Transfer (BDT) SNA NJE optional IBM OS/390 C/C++ V1R2 C/C++ optional DFSMSdfp V1R3 DFSMSdfp base DFSMSdss DFSMSdss optional DFSMShsm DFSMShsm optional
DFSMSrmm DFSMSrmm optional | DFSMS/MVS Network File System V1R3 DFSMS/MVS Network File System base | DFSORT R13| DFSORT| optional
EREP MVS V3R5 EREP base | FFST/MVS V1R2| FFST/MVS| base | GDDM/MVS V3R2
GDDM-OS/2 LINK
GDDM-PCLK | GDDM-PGF V2R1.3| GDDM-PGF| optional | GDDM-REXX/MVS V3R2 GDDM-REXX optional
IBM High Level Assembler for MVS & VM &
VSE V1R2
IBM High Level Assembler Toolkit High Level Assembler Toolkit optional
ICKDSF R16 ICKDSF base
ISPF V4R2 ISPF base
Language Environment for MVS & VM V1R5 Language Environment base
Language Environment V1R5 Data Decryption Language Environment Data Decryption optional
MVS/ESA SP V5R2.2
BCP BCP or MVS base
ESCON Director Support ESCON Director Support baseHardware Configuration Definition (HCD) Hardware Configuration Definition (HCD) base
JES2 V5R2.0 JES2 base
JES3 V5R2.1 JES3 optional
LANRES/MVS V1R3.1 LANRES base
IBM LAN Server for MVS V1R1 LAN Server base
MICR/OCR Support MICR/OCR Support base
OpenEdition System Services OpenEdition System Services base
OS/390 Up and Running!
GDDM base
High Level Assembler base
, GC28-1726.
Optional
xviii OS/390 V1R2.0 Security Server (RACF) Planning: Installation and Migration
Product Name and Level Name in OS/390 Base or
Optional
OpenEdition Application Services OpenEdition Application Services baseOpenEdition DCE Base Services (OSF
DCE level 1.1)
OpenEdition DCE Distributed File Service
(DFS) (OSF DCE level 1.1)
OpenEdition DCE User Data Privacy OpenEdition DCE User Data Privacy optionalSOMobjects Application Development
Environment (ADE) V1R1
SOMobjects Runtime Library (RTL) SOMobjects Runtime Library (RTL) baseSOMobjects service classes SOMobjects service classes base
OpenEdition DCE Base Services base
OpenEdition DCE Distributed File Service
(DFS)
SOMobjects Application Development
Environment (ADE)
base
optional
Open Systems Adapter Support Facility (OSA/SF) R1
MVS/ESA RMF V5R2 RMF optional RACF V2R2 Security Server
| SDSF V1R6| SDSF| optional
SMP/E SMP/E base
| Softcopy Print base
SystemView for MVS Base SystemView for MVS Base base
| IBM TCP/IP V3R1 TCP/IP base
TCP/IP CICS Sockets TCP/IP CICS Sockets optionalTCP/IP IMS Sockets TCP/IP IMS Sockets optional
 TCP/IP Kerberos  TCP/IP Kerberos optional
TCP/IP Network Print Facility (NPF) TCP/IP Network Print Facility (NPF) optionalTCP/IP OpenEdition Applications TCP/IP OpenEdition Applications optionalTCP/IP OS/2 Offload TCP/IP OS/2 Offload optional
TIOC R1 TIOC base Time Sharing Option Extensions (TSO/E) V2R5 TSO/E base VisualLift for MVS V1R1.1 VisualLift Run-Time Environment (RTE) base
Open Systems Adapter Support Facility (OSA/SF)
RACF
OpenEdition DCE Security Server
VisualLift Application Development
Environment (ADE)
base
optional
optional
VTAM V4R3 with the AnyNet feature VTAM base
| 3270 PC File Transfer Program V1R1.1| 3270 PC File Transfer Program base
About This Book xix
xx OS/390 V1R2.0 Security Server (RACF) Planning: Installation and Migration
Summary of Changes
Summary of Changes for GC28-1920-01 OS/390 Release 2
This book contains new information for OS/390 Release 2 Security Server (RACF).
Summary of Changes for GC28-1920-00 OS/390 Release 1
This book contains information previously presented in
and Migration
This book includes terminology, maintenance, and editorial changes.
, GC23-3736, which supports RACF Version 2 Release 2.
RACF Planning: Installation
Copyright IBM Corp. 1994, 1996 xxi
xxii OS/390 V1R2.0 Security Server (RACF) Planning: Installation and Migration
Chapter 1. Planning for Migration
This chapter provides information to help you plan your installation's migration to the new release of RACF. Before attempting to migrate, you should define a plan to ensure a smooth and orderly transition. A well thought-out and documented migration plan can help minimize any interruption of service. Your migration plan should address such topics as:
Identifying which required and optional products are neededEvaluating new and changed functionsEvaluating how incompatibilities affect your installationDefining necessary changes to:
– Installation-written code – Operational procedures – Application programs
– Other related products
Defining education requirements for operators and end usersPreparing your staff and end users for migration, if necessaryAcquiring and installing the latest service level of RACF for maintenance
The content and extent of a migration plan can vary significantly from installation to installation. To successfully migrate to a new release of RACF, you should start by installing and stabilizing the new RACF release without activating the new functions provided. Installing the new RACF release without initially exploiting new functions allows you to maintain a stable RACF environment. The program directory shipped with the new RACF release gives detailed information about the correct software required for installation.
When defining your installation's migration plan, you should consider the following: Migration
Installation Customization Administration Auditing Operation Application development General users
Chapter 13, “Scenarios” on page 61 contains scenarios that might help you in defining your migration plan.
Migration Planning Considerations
Installations planning to migrate to a new release of RACF must consider high-level support requirements such as machine and programming restrictions, migration paths, and program compatibility.
For more information, see Chapter 4, “Planning Considerations” on page 23.
Copyright IBM Corp. 1994, 1996 1
Installation Considerations
Before installing a new release of RACF, you must determine what updates are needed for IBM-supplied products, system libraries, and non-IBM products. (Procedures for installing RACF are described in the program directory shipped with the product, not in this book.)
Be sure you include the following steps when planning your pre-installation activities:
Obtain and install any required program temporary fixes (PTFs) or updated
versions of the operating system. Call the IBM Software Support Center to obtain the preventive service planning
(PSP) upgrade for RACF. This provides the most current information on PTFs for RACF. Have RETAIN checked again just before testing RACF. Information for requesting the PSP upgrade can be found in the program directory. Although the program directory provided with the product tape contains a list of the required PTFs, the most current information is available from the support center.
Contact programmers responsible for updating programs.
Verify that your installation's programs will continue to run and, if necessary, make changes to ensure compatibility with the new release.
For more information, see Chapter 5, “Installation Considerations” on page 27.
Customization Considerations
In order for RACF to meet the specific requirements of your installation, you can customize function to take advantage of new support after the product is installed. For example, you can tailor RACF through the use of installation exit routines, class descriptor table (CDT) support, or options to improve performance. This book lists changes to RACF that might require the installation to tailor the product either to ensure that RACF runs as before or to accommodate new security controls that an installation requires.
For more information, see Chapter 6, “Customization Considerations” on page 35.
Administration Considerations
Security administrators must be aware of how changes introduced by a new product release can affect an installation's data processing resources. Changes to real and virtual storage requirements, performance, security, and integrity are of interest to security administrators or to system programmers who are responsible for making decisions about the computing system resources used with a program.
For more information, see Chapter 7, “Administration Considerations” on page 37.
2 OS/390 V1R2.0 Security Server (RACF) Planning: Installation and Migration
Auditing Considerations
Auditors who are responsible for ensuring proper access control and accountability for their installation are interested in changes to security options, audit records, and report generation utilities.
For more information, see Chapter 8, “Auditing Considerations” on page 45.
Operational Considerations
The installation of a new product release might introduce changes to the operating characteristics. These changes can be in the form of changed commands, new or changed messages, or methods of implementing new functions. This book identifies those changes for which you should provide user education before running this release of the product.
For more information, see Chapter 9, “Operational Considerations” on page 49.
Application Development Considerations
Application development programmers must be aware of new functions introduced in a new release of RACF. To implement a new function, the application development personnel should read this book and the following books:
OS/390 Security Server External Security Interface (RACROUTE) Macro Reference
OS/390 Security Server (RACF) Data Areas
OS/390 Security Server (RACF) Macros and Interfaces
To ensure that existing programs run as before, the application programmers should be aware of any changes in data areas and processing requirements. This book provides an overview of the changes that might affect existing application programs.
For more information, see Chapter 10, “Application Development Considerations” on page 51.
,
General User Considerations
RACF general users use a RACF-protected system to:
Log on to the systemAccess resources on the systemProtect their own resources and any group resources to which they have
administrative authority
, and
.
This book provides an overview of the changes that might affect existing procedures for general users. For more information, see Chapter 11, “General User Considerations” on page 55.
Chapter 1. Planning for Migration 3
4 OS/390 V1R2.0 Security Server (RACF) Planning: Installation and Migration
Chapter 2. Release Overview
This chapter lists the new and enhanced features of RACF for OS/390 Release 2. It also lists the support that has not been updated in the new release.
New and Enhanced Support
For OS/390 Release 2, RACF provides new and enhanced support for:
OS/390 OpenEdition DCEOS/390 OpenEdition MVSSOMobjects for MVS, Version 1 Release 2SystemView for MVSMultisystem nodes in an RRSF networkOS/390 enable and disable functions
Year 2000 NetView
Airline Control System/MVS (ALCS/MVS)
Information Management
Sharing a RACF database with a VM system running RACF 1.10IRRUT100 support for FILE and DIRECTRY classesEnhanced support for coupling facility structure rebuild
OS/390 Release 2 Security Server (RACF) consists of the base code shipped with both RACF 2.2 and OS/390 Release 1 Security Server (RACF), together with PTFs that provide function enhancements. Similarly, OS/390 Release 1 Security Server (RACF) consisted of the base code shipped with RACF 2.2, together with PTFs that provided function enhancements. Therefore, the three releases differ only in the set of PTFs shipped with each. Furthermore, any PTF shipped with one of these releases can be applied to any of these releases that it was not shipped with. As a result, when you migrate to Release 2 of the OS/390 Security Server (RACF) from Release 1 of the OS/390 Security Server (RACF) or from RACF 2.2, your migration considerations depend on which PTFs are already applied on your system. If, for example, you have applied a PTF on a RACF 2.2 system for one of the functions described in this book, and you are now installing OS/390 Release 2 Security Server (RACF) on that system, you do not need to repeat migration actions you have already taken.
Figure 1 identifies function introduced after the availability of RACF 2.2 and shipped in OS/390 Release 1 Security Server (RACF).
Figure 1. Function Shipped In OS/390 Release 1 Security Server (RACF). These PTFs are also shipped in OS/390 Release 2 Security Server (RACF).
RACF Function APAR PTF
Support for OS/390 OpenEdition DCE OW13895 UW90233
OW15238 (SAF) UW24233
Support for SOMobjects for MVS, Version 1 Release 2
Support for SystemView for MVS OW18866 UW23599 SystemView panels OW15239 UW90242
OW15720 UW90266
Copyright IBM Corp. 1994, 1996 5
Figure 2 on page 6 identifies function introduced after the availability of OS/390 Release 1 Security Server (RACF).
Figure 2. Function Introduced After the Availability of OS/390 Release 1 Security Server (RACF). These PTFs are shipped with OS/390 Release 2 Security Server (RACF).
RACF Function APAR PTF
Multisystem Nodes in an RRSF Network OW13567 UW90235 Year 2000 support OW19251 UW90245 Enhanced support for NetView OW19165 UW90248 Support for Airline Control System/MVS OW19475 UW90266 Support for Information Management OW19475 UW90266 Support for sharing a RACF database
with a VM system running RACF 1.10
OW18980 UW90268
Figure 3 identifies function introduced in OS/390 Release 2 Security Server (RACF).
Figure 3. Function Introduced In OS/390 Release 2 Security Server (RACF). These PTFs are shipped with OS/390 Release 2 Security Server (RACF).
RACF Function APAR PTF
Support for OS/390 enable and disable functions
Support for OS/390 OpenEdition MVS OW19376 UW90247
Figure 4 identifies function not shipped in OS/390 Release 2 Security Server (RACF), but available via PTF.
Figure 4. Function Not Shipped In OS/390 Release 2 Security Server (RACF). This function is available via PTF on RACF 2.2, OS/390 Release 1 Security Server (RACF), and OS/390 Release 2 Security Server (RACF)
RACF Function APAR PTF
IRRUT100 updates for FILE and DIRECTRY classes
Enhanced support for coupling facility structure rebuild
OS/390 OpenEdition DCE
The OS/390 OpenEdition DCE feature integrates the Open Software Foundation Distributed Computing Environment technologies with the MVS/ESA operating system. DCE technology on MVS/ESA enables MVS participation in a heterogeneous distributed computing environment. The OS/390 OpenEdition DCE feature provides support for industry-standard mechanisms for application distribution while considering the current host application development environment.
OW19377 UW90250
OW20759 UW90296
OW19407 UW90293
RACF establishes a user identity
(principal)
cross-linking
of identity between a RACF user ID and a DCE
. This cross-linking allows DCE application servers that reside on MVS to use the access control and auditing mechanisms provided by RACF in the MVS environment. The cross-linking also provides information that
6 OS/390 V1R2.0 Security Server (RACF) Planning: Installation and Migration
Loading...
+ 80 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use