Previous Topic: Enable Automatic Backup for the Security FileNext Topic: How to Run the Product with a Mirror File as Primary Security File

Backup and RestoreHow to Create a Mirror Copy of Your Security File

How to Create a Mirror Copy of Your Security File

The security file contains all security-related information about users, profiles, departments, divisions, zones, and resources. You need to protect your site from loss of data that could occur if your primary security file is damaged, corrupted, or lost. Additionally, you need increased availability of the security file to allow frequent user access. To address these needs, this scenario shows how a security administrator creates a mirror copy of the security file.

The security file is locked anytime a backup is initiated. Users attempting to sign on or perform other security validation checks during a lock can encounter delays, failures, or timeouts. Having a mirror file available allows greater flexibility for when to schedule backup processing (for example, less frequently). Additionally, the mirror file is an exact duplicate of the primary security file and provides up-to-the-minute data in the event of a sudden problem with the primary file.

The following illustration shows how a security administrator creates a mirror copy of the security file:

The flowchart diagram shows the process steps for creating a mirror copy of your security file

Perform the following tasks to create a mirror copy of your security file:

  1. Define the mirror security file (BDAM and VSAM components).
  2. Activate mirroring.

Define the Mirror Security File (BDAM and VSAM Components)

If you are not sharing the security file on multiple systems, you can maintain a mirror copy of the security file and VSAM file (to use them as backups in a recovery situation). To have these copies available for use, define a mirror security file (including the BDAM and VSAM components).

Important! Mirror files are supported only on systems that do not share the security file (SHRFILE(NO) control option setting). In this environment, the VSAM file should not be defined with an alternate index. If your current VSAM file is defined with an alternate index, copy the file to a VSAM file without an alternate index before performing this procedure.

Follow these steps:

  1. Use the IDCAMS utility to allocate the VSAM mirror file.

    The product provides a VSAMDEFM model in CAI.CAKOJCL0.

  2. Edit the sample JCL in CAKOJCL0 member TSSMAINM to meet your site's needs.
  3. Run the TSSMAINT utility job to allocate a mirror security file (ensuring that your VSAMFILE DD statement points to the defined VSAM mirror file).

    Note: TSSMAINT resides in the CA Top Secret CAKOJCL0 data set.

    CA Top Secret allocates the mirror security file.

  4. Edit the product started task procedure in SYS1.PROCLIB.

    Note: You can use the model that is provided in CAI.CAKOJCL0(TSS).

    1. Specify the BDAM file name on the SECMIRR DD statement.
    2. Specify the VSAM file name on the VSAMIRR DD statement.

      The following requirements apply to the BDAM and VSAM components:

      • These files must not be on the same volume of the primary security file. We recommend placing the files on separate channels and separate strings. This way, any physical failure of these devices leaves the other set of files available when the product is restarted.
      • The BDAM mirror data set block size must match the block size of the primary security file (SECFILE) data set.
      • The VSAM mirror data set must have a maximum record size that matches or exceeds the size of the primary VSAM data set.
      • The space allocation and record count for the mirror BDAM data set must match the allocation of the primary BDAM data set.
      • The space allocation and record count for the mirror VSAM data set must match the allocation of the primary VSAM data set.

    Your new file is now in place. When you activate mirroring, you can begin using the mirror security file.

Activate Mirroring

Activating the MIRROR control option lets you start maintaining a mirror copy of the security file. This exact duplicate will capture the same information as the primary security file as updates are made throughout the day.

Important! Even if you use mirroring, you should still perform regular backups. If you do not want to manually back up at specific times (through the TSS BACKUP command), we recommend, at a minimum, backing up weekly. The backup should include the DASD containing the active security file and the mirror file.

Follow these steps:

  1. Include the following control option specification in the CA Top Secret parameter file: 
    MIRROR(ON)

    Note: The MIRROR option is supported only with a non-shared security file.

    The option takes effect at the next product startup.

  2. Ensure that that the SHRFILE(NO) control option specification is in place.
  3. Restart the product:
    1. Shut down the product: 
      P TSS
    2. Start the product: 
      START TSS

    Mirroring is now active, and an exact duplicate of the security file now exists.

    Note: When started for the first time with a new mirror file, CA Top Secret synchronizes the mirror file and primary security file.

    With mirroring in place, you can implement a security file backup and recovery plan that backs up less often (to allow greater security file availability for user access).