|
|
|
Use the RELOAD=SECURITY command to reload and rebuild the CA Tape Encryption security environment provided by the SAF Interface. Depending on which external security manager is running, different steps will be performed. Common to all external security managers, RELOAD=SECURITY will first fetch, load, and begin using a new version of the SAF Interface nucleus, TBESAF00, process the BES.SECURITY control parameter, and update the CA@BES local and global resources. Certain steps are unique to each external security manager. For CA ACF2, additional edits are performed on each CA@BES entity to enforce global rules. For CA Top Secret, the BES processing ACID is replaced and security storage profiles refreshed. For IBM Security Server RACF, the status of CA@BES is examined.
Important! Use caution when issuing this command. It impacts every BES task on the system where you issue it. The best practice is to test new versions of the SAF Interface on a separate test system. Additional CA@BES scope resource profiles should be defined to enforce LOCAL PERMIT processing.
This command has the following format:
BESn RELOAD=SECURITY
Indicates the BES task number.
Limits: If you are using your security system to control access to commands, all forms of this command can be controlled by a command protection profile.
EXAMPLE: RELOAD=SECURITY command
The following example shows the results of running the RELOAD=SECURITY command on BES2 to reload the security information successfully.
BES2X0103I Command Accepted BES2D0446I SAF Interface module (TBESAF00) reloaded BES2SS110I SAF Interface reload/restart in progress BES2SS102I z/OS Security: CA Top Secret BES2SS108I SAF Interface anchor addresses: Module(0605B000) Global(061AA000) Local(01C10700) BES2SS105I Global/Local security parameters loaded BES2SS121I CA@BES default encryption parameter (BES.DEFAULT) not defined BES2SS103I SAF Interface active; all security functions are now active BES2SS116I SAF Interface reload/restart completed normally BES2X0100I Command Complete
The following is an example of a rejected reload request. The line BES2SS111I SAF Interface request ignored; current environment maintained indicates that the reload request was (ignored and ultimately) rejected. A SAF Interface processing parameter was found in error and the current CA Tape Encryption SAF Environment was kept and no changes were applied other than the SAF Interface module being reloaded.
BES2X0103I Command Accepted BES2D0446I SAF Interface module (TBESAF00) reloaded BES2SS110I SAF Interface reload/restart in progress BES2SS102I z/OS Security: IBM Security Server RACF BES2SS108I SAF Interface anchor addresses: Module(0605B000) Global(061AA000) Local(01C10700) BES2SS802W BES.SECURITY not defined or cannot be extracted from CA@BES BES2SS105I Global/Local security parameters loaded BES2SS120I SAF Interface default dataset encryption parameter (BES.DEFAULT) located and extracted BES2SS103I SAF Interface active; all security functions are now active BES2SS111I SAF Interface request ignored; current environment maintained BES2SS116I SAF Interface reload/restart completed normally BES2X0100I Command Complete
| Copyright © 2011 CA. All rights reserved. | Tell Technical Publications how we can improve this information |