Identifying Your Local Operating Environment

Planning the Implementation › Identifying Your Local Operating Environment

Identifying Your Local Operating Environment

To select the most appropriate options and to effectively use CA ACF2 for z/VM controls, you must identify local conditions.

Local Naming Conventions: Determine existing naming conventions for:

User identification for the CMS online system and any other software products used locally
MVS and VSE data set names, VM minidisks, CMS file IDs
Volume serial names (for example, DASD and tape volumes)
Physical device names for terminals
Program names
Procedure names for CMS EXEC procedures.

The significance of naming conventions depends on which CA ACF2 for z/VM options you choose. Conversely, the options you select can depend on your naming conventions. CA ACF2 for z/VM provides methods of controlling resource access, based on all of the fields listed above. It also lets you write global rules that reference name patterns for each of these fields. Rules are much easier to write if you use consistent naming conventions for minidisks, CMS file IDs, and MVS and VSE data sets. After you write access rules, CA ACF2 for z/VM forces you to comply with your naming conventions.

Standard Security Mechanisms

Identify current security mechanisms and decide which ones to replace and which to use. Before CA ACF2 for z/VM is in ABORT mode, you may want to keep all current security mechanisms active because it does not deny data or resource access while in QUIET, LOG, or WARN mode. If you implement the MODE=RULE option, you can phase in ABORT mode protection on a rule set basis.

Uniqueness of User Identifications

Identify whether each system user is uniquely defined to the system. Identify all users and any existing individual or group IDs. Establish plans to positively identify each system user with a unique logonid and unexpired password. Another significant consideration in planning is the selection of a User Identification string (UID) format, based on your individual ID patterns and organizational groupings.

Dependencies on Job Names and Account Numbers

Determine whether your site is currently using batch job names, account numbers, or similar fields for any controls. Decide whether you should replace these functions with CA ACF2 for z/VM features, discontinue them, or they should coexist. You should also ensure that these controls will not interfere with CA ACF2 for z/VM.

Other Security Controls

Identify other automated or manual security procedures that exist or are required at your site. Consider controls on:

Physical devices (terminals)
Test versus production work
Systems programming activity.

Operating System Configuration

Identify other subsystems and software packages used (or that you plan to use). Review them to determine whether there will be any impact on CA ACF2 for z/VM or the other systems. Particularly important are:

Disk management systems
Archiving systems
Library maintenance systems
Interactive or online systems
EXEC file procedures
VM directory maintenance systems.

Backup and Recovery Procedures

Because the three CA ACF2 for z/VM databases (Rule, Logonid, and Infostorage) are critical to the smooth operation and security of the system, you should plan for their backup and recovery early in the implementation process. We provide an automatic database backup facility. The BACKUP VMO record lets you take up to 16 daily backups of the databases. See the Administrator Guide for detailed information about this record.