Recovering from Security File Loss › Reestablish the System after a Loss

Reestablish the System after a Loss

After the security file has become unusable, you can reestablish normal operation by running the product on a backup security file.

Note: To minimize downtime, this task can be performed by data center operations personnel (after obtaining proper authorization) during off-hours.

Follow these steps:

1. Ensure that the backup file is online and available.

   Note: Unless you need to operate by using the backup file for an extended period of time, you should activate only one CA Top Secret security system for recovery purposes in a shared security environment.

2. Perform one of the following actions:
   • (Backup file is intact and available) From the VMANAGER user ID, enter the following command and then specify Yes for Backupmode on the NAMES file modification screen:

     VMSERVER name
     

     Note: Use the XAUTOLOG command when running in VM/XA or VM/ESA mode.

   • (Backup file is not intact) Restore the most recent copy of the backup file to disk.

     If your DOWN option is WAIT or FAIL, and you have difficulty, issue the command and execute the appropriate commands to disable additional terminal logons:

     TSS MODIFY(DOWN(VN)) (or VB)
     

     The procedure for restoring the backup file and/or minidisk varies, depending on your backup method. Typically, restoration involves using DDR or the standalone restore utility that is supplied with your DASD utility software. You might also want to include in your procedure the creation of a tape copy of the backup file before bringing up the server, to help prevent incorrect application of changes later.

3. Initialize CA Top Secret in backup mode, as follows:
   1. Ensure that the server is not logged on.

      Presumably, the server has logged itself off because of the failure. If not, use TSS MODIFY(SHUTDOWN) to deactivate security.

   2. Determine how the PASSWORDS_ON_CMD suboption AUTOLOG is set.

      You can ask your VM systems programmer how this suboption is set.

   3. Reactivate security in backup mode by entering the following command:

      XAUTOLOG server_ID
      

      server_ID

      Specifies the VM user ID of the CA Top Secret for z/VM server (typically TSSVM).

The server should now IPL normally, with the addition of the following actions upon recognizing the BACKUP keyword:

• The 200 (security file) minidisk is detached so that the real device may be varied offline, if necessary, for problem determination or hardware service.
• The backup file data set name and virtual address (500) are used in place of the security file.
• Recovery file logging and automatic backup are disabled regardless of the control options in the parameter file.

Upon successful initialization, a message appears on the VM operator's console to confirm successful backup mode initialization. If necessary, you can now re-enable system logons (if previously disabled) and attain a reasonably normal level of system operation.