Command Propagation Facility › About CPF

About CPF

The Command Propagation Facility (CPF) lets sites administer multiple Security Files across VTAM‑networked systems by propagating TSS commands, as well as user‑initiated changes (such as updated passwords, permissions, maintenance, and suspensions) to all or selected nodes within that network. This process is referred to as distributed security processing because it allows the security administrator to distribute any change in a user’s authorization rights and restrictions to any node to which that user is defined.

The Command Propagation Facility provides the security environment with:

• Routing of security administration to all or selected nodes within the z/VM, VSE, and z/OS security network.
• Optional synchronous or asynchronous remote command execution.
• TSS command execution with most CA‑Top Secret commands— except MODIFY, LOCK, UNLOCK, HELP, and WHOAMI.
• Automatic update of passwords on all connected systems if changed by the user during logon.
• Propagation of user‑initiated suspensions for exceeding password and violation limits.
• Optional Journal Files to log commands transmitted to, and responses received from, remote nodes.
• Collecting asynchronous commands in an optional Recovery File so that they can be retransmitted in case of network outage.