Recovering from Security File Loss › Reinstating Normal Operation

Previous Topic: Reconstructing the Security File

Next Topic: Alternate Server Start Options

Reinstating Normal Operation

The Backup File, on which your CA Top Secret system is running, should now be an exact duplicate of the Security File that was lost. Before returning CA Top Secret to its normal operational state, the Security File must be recreated. Since the Backup File already contains all of the correct security definitions, this is accomplished simply by a reversal the original backup process. When operating in backup mode, CA Top Secret responds to an explicit backup command by doing just this -- copying the Backup File onto the Security File -- so great caution must be taken in using backup mode and, especially, the TSS MODIFY(BACKUP) command while in backup mode.

Below are the specific steps that should be taken to recreate the Security File:

  1. Ensure that CA Top Secret is operating in Backup mode.
  2. If the Security File was permanently lost or damaged, reallocate and format it at this time. Remember that if the Security file is to be allocated on a real z/OS or VSE-formatted volume, this MUST be done using the CA‑Top Secret z/OS or VSE TSSMAINT utility; if on a VM-only minidisk, re‑execute CA Top Secret VM Installation Task 6, Define Security Data Base Files, and elect to format only the Security File. Be sure to specify the same keywords originally used to create your Security File.
  3. Ensure that the DASD volume on which the Security File resides is online to VM and, if defined as a minidisk to the server, attached to the system. The server automatically LINKs the minidisk if necessary when the backup operation begins. If the Security File is on a full-pack OS volume which is normally dedicated to the server on the VM system, you must verify that it is attached to the server as virtual address 200. Consult your Systems Programmer if you need assistance with this procedure.
  4. Issue the command TSS MODIFY(BACKUP). This triggers an immediate backup that, in backup mode, is performed in the reverse -- building a new Security File as an image of the current, newly updated backup file. When the backup completes, you will have successfully reconstructed your security system. However, CA Top Secret is still running in backup mode, using the Backup File as its active database and with change recording inactive. It is essential to reset CA Top Secret to normal operation as soon as possible after the Security File has been recreated, as described in the next two steps.
  5. Deactivate CA Top Secret by issuing the TSS MODIFY(SHUTDOWN) command. The server terminates backup mode security operation and logs itself off. At this time, you should also shut down any other CA Top Secret system (VM or MVS) that is also running in backup mode.

    Warning: Running multiple CA Top Secret systems simultaneously on separate Security Files but sharing the same Audit and Recovery files circumvents CA Top Secret's locking mechanisms and can result in data base corruption. As noted earlier, you should restrict backup mode operations to a single system, if possible, to avoid accidents.

  6. Re-activate CA Top Secret using a normal AUTOLOG command without the BACKUP keyword. CA Top Secret initializes as usual, using the new Security File.
  7. If you are sharing a security environment, you can now start the remaining CA Top Secret systems as usual.