Installation Options › Support for DirMaint

Support for DirMaint

CA ACF2 for z/VM support for DirMaint is implemented in a series of DirMaint exits. These exits then call our interface module, ACFVMDMI. ACFVMDMI performs various functions, including interfacing with the rest of the CA ACF2 for z/VM system to perform command limiting, logging support, and logging all DirMaint messages. There are basically three pieces to the CA ACF2 for z/VM support for DirMaint:

• Password validation-This is implemented through CA ACF2 for z/VM diagnose A0 support and through DVHDA0 that is supplied with DirMaint.
• Command Limiting-CA ACF2 for z/VM command limits all DirMaint commands the DirMaint service machine executes for users.
• Message logging-CA ACF2 for z/VM logs all DirMaint messages to SMF records. CA ACF2 for z/VM can also run reports on them.

You do not need to implement all of these three pieces. Password validation is a stand alone piece. Command limiting is also a stand alone piece, but is required if you are going to use DirMaint message logging.

Installing Password Validation support.

To enable the DirMaint ESM Password Authentication exit, tailor the CONFIG DATADVH file to include the following line:

ESM_PASSWORD_AUTHENTICATION_EXIT= DVHDA0 MODULE

This line probably exists with a / or // in front of it. If it does, simply remove the / or // to activate the exit.

Be sure the DirMaint machine logonid has the AUDIT, DG84DIR, and VMSAF privileges.

If you are installing DirMaint in a CSE/ISF complex, assign the DG84DIR logonid attribute to each of the satellite server machines.

Installing Command Limiting and Message Logging Support

To install command limiting and message logging support, use the following steps.

1. See the Command and Diagnose Limiting Guide for more information about the DirMaint command limiting feature.
2. CA ACF2 for z/VM supplies the command limiting models for the standard DirMaint commands in sample MODEL files. These files have a filename specific to your release of DirMaint, and a file type of MODEL.

   Compile the DirMaint command models for your release of DirMaint:

   DIRMR500-DirMaint Version 1 Release 5.0
   

   DIRML410-DirMaint Function Level 410
   

   DIRML510-DirMaint Function Level 510
   

3. Write and store command limiting rules for the DirMaint commands or review existing rules and modify them as necessary.
4. Be sure the DirMaint machine logonid has the AUDIT, DG84DIR, and VMSAF privileges.
5. If you are installing DirMaint in a CSE/ISF complex, assign the DG84DIR logonid attribute to each of the satellite server machines.
6. Ensure that the following eight files exist on a disk that DirMaint always accesses:

   ACFCKDMI EXEC
   ACFESMLR EXEC   (only used if message logging is enabled)
   ACFXDN   EXEC
   ACFXRA   EXEC
   ACFXRB   EXEC
   ACFXRC   EXEC
   ACFVMDMI MODULE
   ACFSRF   LOADLIB
   

   You can place these files on the DirMaint 191, or wherever you put local exits, if you have a special disk for local modifications.

7. Tailor the DirMaint CONFIG DATADVH file.

   To enable the DirMaint exits that CA ACF2 for z/VM uses, make sure that the CONFIG DATADVH file contains the following lines:

   DASD_OWNERSHIP_NOTIFICATION_EXIT=    ACFXDN   EXEC
   REQUEST_BEFORE_PARSING_EXIT=         ACFXRC   EXEC
   REQUEST_BEFORE_PROCESSING_EXIT=      ACFXRB   EXEC
   REQUEST_AFTER_PROCESSING_EXIT=       ACFXRA   EXEC
   

   To optionally include message logging, also add the following line:

   ESM_LOG_RECORDING_EXIT=              ACFESMLR EXEC
   

8. These lines probably exist in some form already, specifying DirMaint sample exits with a / or // to comment out the line. You can find these lines and change them as shown above, making sure to remove the / or //. Also, be sure to use the CA‑ACF2 exit names.

   Add the following lines to the CONFIG DATADVH file:

   REQUIRED_SERV_FILE=     ACFCKDMI EXEC
   REQUIRED_SERV_FILE=     ACFESMLR EXEC
   REQUIRED_SERV_FILE=     ACFXDN   EXEC
   REQUIRED_SERV_FILE=     ACFXRA   EXEC
   REQUIRED_SERV_FILE=     ACFXRB   EXEC
   REQUIRED_SERV_FILE=     ACFXRC   EXEC
   REQUIRED_SERV_FILE=     ACFSRF   LOADLIB
   REQUIRED_SERV_FILE=     ACFVMDMI MODULE
   

   Tailor the DirMaint LCLASERV MSGADVH file.

   Add the following lines to your LCLASERV MSGADVH file:

   * Message 395E is for the CA‑ACF2 VM DirMaint support
   

   39510101E _1_ _2_ _3_ _4_ _5_ _6_ _7_ _8_ _9_
   

   If you do not have a LCLASERV MSGADVH file, you can create one and place it on the same disk as your DirMaint 150ASERV MSGADVH file.

   Be aware that CA ACF2 for z/VM messages issued from the DirMaint service machine have the following format:

   ACFmod3951E errn message text
   

   mod

   The module issuing the message

   errn

   The error message number. You use this value to look up the message in the Messages Guide.

9. If you modified DirMaint to autolog the DATAMOVE machine (normally done by AUTOLOG1), make sure the DirMaint machine can autolog the DATAMOVE machine. To do this, write a resource rule that lets DirMaint autolog the DATAMOVE machine.

   $key(datamove) type(alg)
   uid(dirmaint) allow
   

   This example assumes that the default resource type for AUTOLOG commands is ALG, as set by the RESCLASS VMO record.

   You might also consider assigning the AUTONOPW attribute to the DATAMOVE machine. This lets DirMaint autolog DATAMOVE without requiring a password.

10. IPL the DirMaint virtual machine.