Create a Backup Security File on DASD

Starting Your Product › How to Complete Configuration With CA CSM › Create a Backup Security File on DASD

Create a Backup Security File on DASD

If you commented or deleted the BACKUP DD in the TSS started task procedure, skip this procedure.

Follow these steps:

Edit the CAKOJCL0 member TSSMAINB:
- The parameters CYLS and BLOCKS must be identical to those employed by TSSMAINS to create the security file.
- The backup security file must be the same BLKSIZE as the primary security file.
- Consider using a VOLSER on a separate channel and string, so if a failure occurs on the security file volume, the backup security file remains available.
- The SECPARMS contents must remain unchanged from the values used in TSSMAINS.
- The SECBACK member referenced in the TSSMAINB contains the ID=parameter and the default is ID=BACKUP. You can edit the ID= to contain up to eight characters, but the ID=parameter should clearly indicate that this is the backup security file.
- For the VSAM file, use IDCAMS to create a separate backup VSAM file. Sample JCL is provided in CAKOJCL0 member VSAMDEF6. Specify the backup VSAM file on the VSAMFILE DD statement.
The member is updated.
Run TSSMAINB.
The backup security file is allocated. If the VSAMFILE DD was specified, some header fields are initialized in the VSAM file.
Use the built‑in automatic backup feature to back up the security file. The backup file should not be shared between CPUs. Place the backup file on a DASD that is not the same volume, unit, channel path as the security file.
You have obtained a security file backup.

Important! When a security file is shared by multiple CPUs, only one system should be configured for BACKUP.

(Optional) Define the Mirror Security File (BDAM and VSAM Components)

If you are not sharing the security file on multiple systems, you can maintain a mirror copy of the security file and VSAM file (to use them as backups in a recovery situation). To have these copies available for use, define a mirror security file (including the BDAM and VSAM components).

Important! Mirror files are supported only on systems that do not share the security file (SHRFILE(NO) control option setting). In this environment, the VSAM file should not be defined with an alternate index. If your current VSAM file is defined with an alternate index, copy the file to a VSAM file without an alternate index before performing this procedure.

Follow these steps:

Use the IDCAMS utility to allocate the VSAM mirror file.
The product provides a VSAMDEFM model in CAI.CAKOJCL0.
Edit the sample JCL in CAKOJCL0 member TSSMAINM to meet your site's needs.
Run the TSSMAINT utility job to allocate a mirror security file (ensuring that your VSAMFILE DD statement points to the defined VSAM mirror file).
Note: TSSMAINT resides in the CA Top Secret CAKOJCL0 data set.

CA Top Secret allocates the mirror security file.
Edit the product started task procedure in SYS1.PROCLIB.
Note: You can use the model that is provided in CAI.CAKOJCL0(TSS).
1. Specify the BDAM file name on the SECMIRR DD statement.
2. Specify the VSAM file name on the VSAMIRR DD statement.
  The following requirements apply to the BDAM and VSAM components:
  - These files must not be on the same volume of the primary security file. We recommend placing the files on separate channels and separate strings. This way, any physical failure of these devices leaves the other set of files available when the product is restarted.
  - The BDAM mirror data set block size must match the block size of the primary security file (SECFILE) data set.
  - The VSAM mirror data set must have a maximum record size that matches or exceeds the size of the primary VSAM data set.
  - The space allocation and record count for the mirror BDAM data set must match the allocation of the primary BDAM data set.
  - The space allocation and record count for the mirror VSAM data set must match the allocation of the primary VSAM data set.
Your new file is now in place. When you activate mirroring, you can begin using the mirror security file.