Virtual machines running CA Top Secret are under the z/VM facility. CA Top Secret controls access to the z/VM facility by requiring that the user be authorized to use the virtual machine. By default, only the MSCA is authorized to use z/VM when CA Top Secret is first installed. Everyone else must be explicitly authorized to use the z/VM facility through a TSS CREATE or TSS ADDTO.
To segregate your z/VM CPUs into different facilities, use the FACILITY control option to rename one of the USERnn entries in the Facility Matrix Table.
Use the VMFAC control option to associate your CA Top Secret facility to the DMKSYSID of the CPU.
Examples: secure z/VM
This example designates the USER1 entry as VMTEST:
FACILITY(USER1=NAME=VMTEST)
This example sets the mode for this facility to WARN:
FACILITY(VMTEST=MODE=WARN)
In this example, SYSTEMC identifies the SYSID for DMKSYSID:
VMFAC(SYSTEMC=VMTEST)
Security administrators with the proper authority can activate or deactivate the z/VM facility by using TSS MODIFY(temporarily) or the FACILITY control option (permanently).
To activate the facility, use the ACTIVE sub-option of FACILITY.
To deactivate the facility, specify the INACT (inactive) sub-option.
Examples: z/VM activation
This example activates z/VM:
TSS MODIFY FACILITY(VMTEST=ACTIVE)
This example allows users to sign on to the VMTEST facility:
TSS MODIFY FACILITY(VMTEST=INACT)
Due to VSAM file requirement for r15, z/OS can no longer share secfiles with z/VM or z/VSE.
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|