Perform these steps to configure the OPSLOG WebView server application, including security considerations:
You can eliminate the STEPLIB DD if these data sets are already in the link or LPA lists.
If this port conflicts with another port on your mainframe system or on a target client machine, then you can change the default port as follows:
Note: Unlike OSF TSO and USS servers, which CA OPS/MVS manages automatically, external automation, scheduling, or system facilities must be used to manage the OPSLOG server. The CA OPS/MVS System State Manager component can be used to control the starting and stopping of the server.
Specify security access permissions or restrictions to the OPSBRW and OPSCMD command processors.
Java defines at least two default key stores for storing the keys and certificates. The store that holds commercial trusted certificates defaults to a file named cacerts and is stored in the file node $java_home\lib\security\. $java_home represents the value of environment variable java_home. The fully qualified name of the file might be similar to the following example:
\Program Files\Java\JRE1.6.0_03\lib\security\cacerts
You can use the keytool utility that is provided by the Java Runtime Environment to import your own certificate to this file and make it available to all users who log on the PC.
There is also a private key store for each PC user. This store default location is at $user.home\keystore and is usually called .keystore. The fully qualified name might be similar to the following example:
\Documents and Settings\username\keystore
There can be as many such files as there are users of the PC system.
Your opslog.jnlp file is located in the /sys/opsmvs directory and uses a properties setting to tell SSL where the client should look for the trusted certificate. The sample.jnlp file, property name, javax.net.ssl.trustStore tells the client where to find the private key store.
The following are some valid settings for the property javax.net.ssl.trustStore:
*USER stands for PC file node, $user_home\username\ and automatically supplies a file name of .keystore, unless another name is given. For example,
value="*USER" ==> \Documents and Settings\username\.keystore value="*USER\mykeys.kdb ==> \Documents and Settings\username\mykeys.kdb
*SYSTEM stands for the PC path $java_home"\lib\security\" and automatically supplies a file name of cacerts, unless another name is given. For example:
value="*SYSTEM" ==> \Program Files\Java\JRE1.6.0_03\lib\security\cacerts value="*SYSTEM\OPScert" ==> \Program Files\Java\JRE1.6.0_03\lib\security\OPScert
A complete path can be supplied:
value="C:\Program Files\Java\JRE1.6.0_03\lib\security\cacerts"
Default: *SYSTEM
Default refresh interval: 30 seconds
Default minimum refresh interval: 10 seconds. The Options/Settings dialog does not honor any setting less than the minimum interval.
To set new minimum and default values, the system administrator must add the following lines to the opslog.jnlp file, which is in the HFS or zFS in compatibility mode, either before or after similar “property” lines already in the sample .jnlp file.
These sample lines set both minimum and default to 15 seconds:
<property name="GoModeRefresh" value="15"/>
<property name="GoModeDflt" value="15"/>
Note: The minimum cannot be set to less than 10, and the default cannot be set to less than the minimum.
Copyright © 2014 CA Technologies.
All rights reserved.
|
|