Previous Topic: Create a Backup Security File on DASDNext Topic: Enable Automatic Backup for the Security File

Backup and RestoreHow to Implement a Security File Backup and Recovery PlanCreate the Recovery File

Create the Recovery File

The recovery file contains an encrypted record of all changes made to the security file. If the security file becomes damaged or unusable, use the recovery file to help recreate the security file.

The recovery file stores recent administrative commands. The size of the allocated file determines the number of commands that can be stored.

Note: We recommend allocating a file that can store a minimum of 30 days worth of data.

The recovery file is a wraparound file. When the file is full, recording continues at the beginning of the file, overwriting existing data. By default, the recovery file can hold approximately 2,000 changes before a wraparound occurs. The recovery file does not support DFSMS Extended Sequential data sets (multi-volume data sets).

We recommend placing the recovery file on a volume that other systems do not use heavily and that is not subject to extensive I/O.

Important! Do not allocate the recovery file on the same volume as the security file (in case of loss due to hardware malfunction).

Follow these steps:

  1. Edit the utility job in member TSSMAINR of data set CAKOJCL0 to conform to your site standards:
    1. Edit the recovery file parameters, starting in column 1:
      CREATE RECOVERY

      Requests recovery file initialization.

      BLOCKS=????

      Specifies the number of blocks to use for the recovery file. A large recovery file delays initialization of the CA Top Secret address space every time it is started. The size of the recovery file depends on the interval between security file backups. Make the file large enough to record two or three days of changes for every day in the security file backup period. For example, if the security file is backed up at the end of each day, the recovery file should be large enough to accommodate at least two days of changes.

      Default: 250

      Minimum: 250

      Maximum: N/A

    2. Replace lowercase type in the JCL with the appropriate parameters for your site.

      Note: The file block size should provide efficient utilization of the track capacity for the device on which the file resides. An exact value is not necessary because TSSMAINT rounds the block size down to a multiple of its logical record length. The actual block size may be less than specified on the JCL, but it should be approximate.

  2. Submit the job.

    CA Top Secret creates the recovery file.

  3. Add the following JCL statement to TSS started task procedure: 
    //RECFILE    DD     DISP=SHR,DSN=recovery_file
    recovery_file

    Specifies the name of the recovery file.

You have successfully created the recovery file.