Recovering from Security File Loss › Reestablishing the System After Loss

Reestablishing the System After Loss

The first step to reestablishing normal operation after the CA Top Secret Security File has become unusable is to get CA Top Secret running again on a Backup Security File. In most cases it is desirable to develop a procedure that lets this task to be performed by data center operations personnel, after obtaining proper authorization, during off-hours so that down time will be minimized.

Note: You should activate only one CA Top Secret Security system for recovery purposes in a shared security environment unless you need to operate using the Backup File for an extended period of time.

If the Backup file is intact and accessible, then this can be accomplished quickly and easily using the special AUTOLOG/XAUTOLOG procedure below.

Note: Use the XAUTOLOG command when running in VM/XA or VM/ESA mode.

If the Backup file is not intact, you need to restore the most recent copy of the Backup file to disk. If your DOWN option is WAIT or FAIL, then you may have some difficulty with this. If so, issue the command and execute the appropriate commands to disable additional terminal logons:

TSS MODIFY(DOWN(VN)) (or VB)

The procedure for restoring the Backup File and/or minidisk will vary depending on your method of backup. Typically, this involves using DDR or a the standalone restore utility supplied with your DASD utility software. You may also wish to include in your procedure the creation of a tape copy of the Backup File before bringing up the server, to insure against incorrect application of changes later on.

Now that you have ensured that the Backup File is online and available, CA Top Secret VM may be initialized in backup mode, as follows:

• Ensure that the server is not logged on. Presumably, it has logged itself off as a result of the failure. If not, use TSS MODIFY(SHUTDOWN) to deactivate security. The server should now log itself off.
• Reactivate security in backup mode, using a special form of the XAUTOLOG command that passes variable data to the server machine. You supply as variable data the keyword BACKUP, which the server recognizes as a command to invoke backup mode. Ask your VM Systems Programmer how the PASSWORDS_ON_CMD suboption AUTOLOG is set. If AUTOLOG YES is set you should use the command:

  XAUTOLOG ServerID BACKUP
  

  where ServerID is the VM userid of the CA Top Secret VM server (typically TSSVM). If AUTOLOG NO is set the command format is:

  XAUTOLOG ServerID password BACKUP

  where ServerID is the VM userid of the CA Top Secret VM server (typically TSSVM), and password is the server's CP directory password.

If AUTOLOG NO, something -- such as 'XXX' -- must be typed in place of the password to satisfy VM's command parser but it is ignored. However, if CP has been IPLed since the last time security was active, then CA Top Secret's CP component does not know the ID of the server, so the correct directory password must be supplied.

If you wish to use XAUTOLOG, you need to have the logical-line-end character precede the console_input_ data in the command, as follows:

XAUTOLOG Server ID #BACKUP

If, however, the issuer of the XAUTOLOG command is using CMS, then CMS will truncate the XAUTOLOG command and the logical-line-end character and not pass the parm BACKUP to the virtual machine. To prevent CMS from interpreting the logical-line-end character in this manner one should either precede the character with the logical-escape character, or preface the entire command with #CP as follows:

XAUTOLOG Serverid "#BACKUP

or

#CP XAUTOLOG Serverid #BACKUP

where '"' is the logical-escape-character and '#' is the logical-line-end-character (see the IBM CP command and Utility Reference).

In addition, clients who have set up their CA Top Secret server to ipl CMS, and then later to issue 'IPL 100' in its profile exec, should note that the XAUTOLOG command described above will cause the server to come up on the Backup File. The only way to achieve this result is to override the IPL statement (and the (MACHINE statement, if MACH ESA is entered) in the server's directory entry, as follows:

Non-CMS issuer:
XAUTOLOG ServerID IPL 100 #BACKUP
CMS issuer:
XAUTOLOG ServerID IPL 100 "#BACKUP
or
#CP XAUTOLOG ServerID IPL 100 #BACKUP

The server should now IPL normally, with the addition of the following actions upon recognizing the BACKUP keyword:

The 200 (Security File) minidisk is detached so that the real device may be varied offline, if necessary, for problem determination or hardware service.

The Backup File data set name and virtual address (500) is used in place of the Security File.

Recovery file logging and automatic backup are disabled regardless of the control options in the Parameter File.

Upon successful initialization, the following message appears on the VM operator's console:

TSS0030I **WARNING** TSS/VM Running on BACKUP File - DSN: dsn

This message confirms successful backup mode initialization and reminds you that the system is running on the Backup File and should be carefully managed until normal operation is restored. If necessary, it should now be possible to re-enable system logons (if previously disabled) and attain a reasonably normal level of system operation.