Previous Topic: Reconstructing the Security FileNext Topic: Alternate Server Start Options

Recovering from Security File LossReinstate Normal Operation

Reinstate Normal Operation

The backup file, on which your CA Top Secret system is running, should now be an exact duplicate of the security file that was lost. Before returning CA Top Secret to its normal operational state, the security file must be recreated. Since the backup file already contains all of the correct security definitions, this is accomplished simply by a reversal the original backup process. When operating in backup mode, CA Top Secret responds to an explicit backup command by doing just this—copying the backup file onto the security file—so great caution must be taken in using backup mode and, especially, the TSS MODIFY(BACKUP) command while in backup mode.

Follow these steps:

  1. Ensure that CA Top Secret is operating in Backup mode.
  2. If the security file was permanently lost or damaged, reallocate and format it. If the security file is to be allocated on a real z/OS or VSE-formatted volume, this must be done by using the CA Top Secret z/OS or VSE TSSMAINT utility; if on a VM-only minidisk, re‑execute the CA Top Secret VM installation task for defining security database files, and elect to format only the security file. Be sure to specify the same keywords originally used to create your security file.
  3. Ensure that the DASD volume on which the security file resides is online to VM and, if defined as a minidisk to the server, attached to the system.

    The server automatically LINKs the minidisk if necessary when the backup operation begins. If the security file is on a full-pack OS volume which is normally dedicated to the server on the VM system, you must verify that it is attached to the server as virtual address 200. Consult your systems programmer if you need assistance with this procedure.

  4. Issue the command TSS MODIFY(BACKUP).

    This triggers an immediate backup that, in backup mode, is performed in the reverse -- building a new security file as an image of the current, newly updated backup file. When the backup completes, you will have successfully reconstructed your security system. However, CA Top Secret is still running in backup mode, using the backup file as its active database and with change recording inactive.

  5. Deactivate CA Top Secret:
    1. Issue the TSS MODIFY(SHUTDOWN) command.

      The server terminates backup mode security operation and logs itself off.

    2. Shut down any other CA Top Secret system (VM or MVS) that is also running in backup mode.

    Important! Running multiple CA Top Secret systems simultaneously on separate security files but sharing the same audit and recovery files circumvents the CA Top Secret locking mechanisms and can result in database corruption. You should restrict backup mode operations to a single system, if possible, to avoid accidents.

  6. Bring the CA Top Secret VM server back onto the primary security file:
    1. From the VMANAGER user ID, enter the following command: 
      VMSERVER name

      The NAMES file modification screen appears.

    2. Specify No for Backupmode, then press PF6.
    3. Shut down the CA Top Secret VM server: 
      TSS MODIFY(SHUTDOWN)
    4. Reactivate security: 
      XAUTOLOG server_ID
      server_ID

      Specifies the VM user ID of the CA Top Secret VM server (typically TSSVM).

  7. If you are sharing a security environment, start the remaining CA Top Secret systems as usual.