Previous Topic: Configure the Web ApplicationNext Topic: Use the Text Editor

Configuring and Installing Optional ComponentsConfiguration Tasks for Optional Base ComponentsHow to Install and Configure OPSLOG WebViewConfigure the Server Application

Configure the Server Application

Perform these steps to configure the OPSLOG WebView server application, including security considerations:

  1. A sample started task procedure, OPSLOGSV, is provided in hlq.OPS.CCLXCNTL. Copy this procedure to a system PROCLIB, and then tailor it with the appropriate HFS or zFS in compatibility mode path name (see Resource 3) for user configuration data storage and CA OPS/MVS data set names (see Resource 1 and Resource 2).

    You can eliminate the STEPLIB DD if these data sets are already in the link or LPA lists.

  2. (Optional) By default, the OPSLOG WebView server communicates with the client program through TCP/IP sockets using port 6001.

    If this port conflicts with another port on your mainframe system or on a target client machine, then you can change the default port as follows:

    1. Using the text editor (see the following section), open the opslog.jnlp file, which is located in the USS/HFS or zFS in compatibility mode destination path (see Resource 3), in your web server and replace 6001 in the line <property name="connPort" value="6001"/> with the new port number.
    2. To apply this change, stop your web server, and then restart it.
    3. Modify the startup PROC OPSLOGSV by replacing 6001 in the PRT=6001 statement with the number of your new port.
    4. To apply this change, stop OPSLOGSV, and then restart it.

    Note: Unlike OSF TSO and USS servers, which CA OPS/MVS manages automatically, external automation, scheduling, or system facilities must be used to manage the OPSLOG server. The CA OPS/MVS System State Manager component can be used to control the starting and stopping of the server.

    Specify security access permissions or restrictions to the OPSBRW and OPSCMD command processors.

  3. If the OPSLOG WebView server is enabled for SSL, use the text editor to customize the opslog.jnlp file by specifying the location where the OPSLOG WebView client can expect to find the private key store. On the OPSLOG WebView client workstation, store the imported keys, certificates, or both, at the location that the opslog.jnlp file specifies.

    Java defines at least two default key stores for storing the keys and certificates. The store that holds commercial trusted certificates defaults to a file named cacerts and is stored in the file node $java_home\lib\security\. $java_home represents the value of environment variable java_home. The fully qualified name of the file might be similar to the following example:

    \Program Files\Java\JRE1.6.0_03\lib\security\cacerts

    You can use the keytool utility that is provided by the Java Runtime Environment to import your own certificate to this file and make it available to all users who log on the PC.

    There is also a private key store for each PC user. This store default location is at $user.home\keystore and is usually called .keystore. The fully qualified name might be similar to the following example:

     \Documents and Settings\username\keystore

    There can be as many such files as there are users of the PC system.

    Your opslog.jnlp file is located in the /sys/opsmvs directory and uses a properties setting to tell SSL where the client should look for the trusted certificate. The sample.jnlp file, property name, javax.net.ssl.trustStore tells the client where to find the private key store.

    The following are some valid settings for the property javax.net.ssl.trustStore:

    *USER stands for PC file node, $user_home\username\ and automatically supplies a file name of .keystore, unless another name is given. For example,

    value="*USER"           ==> \Documents and Settings\username\.keystore
value="*USER\mykeys.kdb ==> \Documents and Settings\username\mykeys.kdb

    *SYSTEM stands for the PC path $java_home"\lib\security\" and automatically supplies a file name of cacerts, unless another name is given. For example:

    value="*SYSTEM"          ==> \Program Files\Java\JRE1.6.0_03\lib\security\cacerts
value="*SYSTEM\OPScert" ==> \Program Files\Java\JRE1.6.0_03\lib\security\OPScert

    A complete path can be supplied:

    value="C:\Program Files\Java\JRE1.6.0_03\lib\security\cacerts"

    Default: *SYSTEM

  4. (Optional) Change the minimum and default refresh interval. These settings apply to all clients.

    Default refresh interval: 30 seconds

    Default minimum refresh interval: 10 seconds. The Options/Settings dialog does not honor any setting less than the minimum interval.

    To set new minimum and default values, the system administrator must add the following lines to the opslog.jnlp file, which is in the HFS or zFS in compatibility mode, either before or after similar “property” lines already in the sample .jnlp file.

    These sample lines set both minimum and default to 15 seconds:

    <property name="GoModeRefresh" value="15"/>

    <property name="GoModeDflt" value="15"/>

    Note: The minimum cannot be set to less than 10, and the default cannot be set to less than the minimum.

  5. To start the server, issue the z/OS start command S OPSLOGSV.
  6. To stop the server, issue the z/OS stop command P OPSLOGSV.

More information:

How Security Affects OPSLOG WebView