The configuration tool lets you configure the following settings:
CA OM Web Viewer uses CA CCI to connect to the CA Output Management product repositories (CA View®, CA Dispatch™, or CA Bundl®). CA OM Web Viewer uses a CA CCI client that you must configure to allow communications with a single CA CCI server. If your repositories reside on different LPARs, your communications can be routed to the CA CCI servers on other LPARs.
Specifies the DNS host name or IP address of the mainframe where the CA CCI server task executes.
Example: mainframe.company.com
Specifies the port number that the CCI server uses.
Example: 1202
Specifies a unique name that identifies the product instance to the CA CCI server. You can use the host name of the system where you deployed the product, unless you deployed the CA OM Web Viewer on the same system where CA ENF/CA CCI is installed and running. This situation can happen when the CA OM Web Viewer is deployed on USS systems.
Important! Never define a Client System ID that matches the host name of the system where the CA CCI Server is installed or the Client System ID for any CCI servers. Matching the Client System ID and the host name can cause CCI failures. Additionally, if you have two instances of CA OM Web Viewer on the same computer they must each have a different Client System ID.
By default, the Client System ID is a modified version of your computer’s host name. If you have two instances of CA OM Web Viewer on the same computer, as an example, the Application Level External Configuration, they must each have a different Client System ID. If you select a CA CCI Client System ID for any reason, we recommend that it is unique among CA OM Web Viewer instances on your network.
Limit: 8 characters
Example: system1
This option specifies whether CA OM Web Viewer can use SSL to connect to the CCI server. You can also defer the decision of whether to use SSL to the host. This setting works with the CCI server’s UNSECON setting.
The SSL encryption protocol can be either SSLv3 or TLSv1.
Important! SSLv3 encryption is provided for legacy support only. SSLv3 is no longer considered secure. If your CCI server uses SSLv3, we recommend changing to a newer protocol.
For more information on updating your CCI server’s PROT, protocols enabled, setting, see CA Common Services for z/OS Release 14.1.00, Installation Guide, Copy CCISSL.
Do not use SSL secured connection. If your CCI server requires SSL connections, connections from CA OM Web Viewer are refused.
Let your CCI server determine if an SSL connection is used. To determine in what cases an SSL connection is used, see the following chart.
Require an SSL connection for communication with the SSL server. If your CCI server does not support SSL connections, connections from CA OM Web Viewer are refused.
In order for CA OM Web Viewer to successfully connect to the CCI server using SSL, the server must have a compatible UNSECON setting.
Use this table to determine whether your CCI connection will use SSL.
|
SSL connection |
UNSECON ONLY |
UNSECON ALLOW |
UNSECON NONSSL |
UNSECON NEVER |
|
No SSL |
Not secured |
Not secured |
Not secured |
No connection |
|
Defer decision |
Not secured |
Not secured |
SSL secured |
SSL secured |
|
Force SSL |
No connection |
SSL secured |
SSL secured |
SSL secured |
For more information, see CA Common Services for z/OS Release 14.1.00, Installation Guide, Copy CCISSL.
Requires that SSL is used across LPARs. By selecting this option, CA OM Web Viewer requires an SSL secure path to each particular DRAS. If CA OM Web Viewer’s CA CCI server resides on a different LPAR than the targeted DRAS task, an SSL link is required between the two LPARs.
If this option is selected and SSL is not enabled between the CA CCI tasks on each LPAR, CCI communications are rejected at runtime.
Without selecting this option, SSL is not required between LPARs. A communication request from CA OM Web Viewer to a DRAS task on another LPAR is permitted whether or not a secured SSL link connects the CCI Server and DRAS LPARs.
You can either choose to use the current KeyStore or use a new KeyStore.
If you have not previously added a KeyStore to CA OM Web Viewer, a sample KeyStore is used. The sample KeyStore comes with a sample certificate that matches the sample certificate that comes with the CCI server. The sample KeyStore is for testing purposes, and not intended for production use.
The KeyStore file must be in jks format. The required Trust Certificate (CA Root Certificate) must be a base64 encoded certificate file containing the CCI server’s public key in X.509 format. If you wish to use client authentication, your KeyStore must contain a client end-user certificate.
For more information on KeyStore requirements, and on how to produce a KeyStore, see How to Create Keystore Files for Using SSL.
If you are attempting to use client authentication, no further setting changes are required in CA OM Web Viewer. CA OM Web Viewer automatically finds the relevant certificate in the KeyStore and uses it. However, your CCI server must have the appropriate CLAUTH, client authentication, setting, to enable client authentication. The appropriate trust certificate that authenticates the client certificate must also be installed in the key database or external security keyring that the CA CCI server uses.
For more information on the CLAUTH setting, see CA Common Services for z/OS Release 14.1.00, Installation Guide, topic Copy CCISSL.
Your KeyStore password must be at least six characters. If you are using client authentication, your KeyStore password must match the password on your client end-user certificate.
You can choose either SSLv3 or TLSv1. TLSv1 is recommended.
Important! SSLv3 encryption is provided for legacy support only. It is no longer considered secure. If your CCI server uses SSLv3, we recommand upgrading to a newer protocol.
The CCI server must have the appropriate PROT, protocols enabled, setting, in order for CA OM Web Viewer to connect with a particular protocol.
For more information on the PROT setting, see CA Common Services for z/OS Release 14.1.00, Installation Guide, topic Copy CCISSL.
CA Distributed Repository Access System (CA DRAS) acts as the License Management Program (LMP) license check server and the mainframe external security interface for web login.
Specifies the domain of the DRAS server. The configuration tool discovers the available DRAS servers. Select the server by its listed number.
Example: 1 - ENFID1:DRASSVR1
You can select one of the following security configurations:
Important! Selecting external security causes all users, except System Admins, to be validated through external security only. The System Admin group members can only be authenticated through mainframe security.
If you select to use an External Security Exit, provide a path to a folder that has the files that comprise your External Security EXIT and needed libraries. The files will then be copied for CA OM Web Viewer to be used by the configuration tool.
The location of your exit jars.
Example: C:\WV_Exit\dist
The files in the supplied folder are copied to either of two locations depending on your configuration type:
The deployable (WAR or EAR)
Your external configuration location.
Notes:
If you have mainframe security first, these settings are not required.
Specifies the host name of the LDAP system.
Example: ldap.company.com
Specifies the port number of the LDAP system.
Example: 389
Specifies the attribute in your LDAP directory that represents the user ID of your users. Common examples include cn (common name) and uid.
Example: sAMAccountName
You must add these attributes to the login attribute of a user to provide that distinguished name that you desire.
Example: OU=Users,OU=North America,DC=company,DC=com
(Optional) Specifies the user login and base distinguished name of an account that can bind to the LDAP server and authentic other users.
Example: cn=Jim,ou=west,ou=admin,dc=company,dc=com
(Optional) Specifies the password for the Bind DN account.
The product requires the userid for its primary administrator.
Important! This userid must be a mainframe user.
The product uses an external database to store administrative and user settings. Multiple database applications are supported in addition to generic JDBC-compliant database applications.
Lists the supported database types. Select the number matching your database application.
Example: 1
DB2 Only. For more information about the db2 license file see, Database Prerequisites, External Database
Local JDBC driver Only.
Specifies the name of the computer where the database server executes.
Example: dbserver.company.com
Specifies the port number that the database server uses.
Example: 1433
Specifies the name of the database that CA OM Web Viewer uses.
Important! You must create the database prior to testing or starting the product successfully.
Example: dvweb_adminDB
Specifies the database user name with access to the CA OM Web Viewer database.
Example: sa
Specifies the password of the database user name.
If no, create the tables before you start CA OM Web Viewer using the DDL SQL provided with the installation media.
Example: Enter 1 for Yes, 0 for No
Example: 100
Example: 100
Specifies the JDBC URL based on the values provided. If additional parameters or changes are required, enter the correct URL.
Example: jdbc:sqlserver://dbserver.company.com:1433;databaseName=dvweb_adminDB
Note: If you do not have this information, consult your Database Administrator.
|
Copyright © 2013 CA Technologies.
All rights reserved.
|
|