CA Top Secret supplies control options that govern the use of CPF and enable distributed security to be maintained efficiently. At least one of the CPF‑related control options described below must be entered at CA Top Secret startup to use the Command Propagation Facility. If it is not, CPF cannot be activated until the next CA Top Secret startup, and no CPF control options are accepted by CA Top Secret until that time. Once you have designated control options, your TSS commands automatically propagate to the default nodes.
The following control options tailor the environment for the Command Propagation Facility:
Indicates whether CPF should be activated at CA Top Secret startup (ON|OFF) and lets you temporarily terminate the CPF subtask (KILL) without bringing down all of CA Top Secret.
TSS commands are transmitted by this node or received from other nodes.
Note: If CPF(ON) has been specified, but CCI is not available or not fully initialized, CPF status is displayed as CPF(INIT). While CPF is in this status, commands are not propagated via CPF and are not logged to the CPF Recovery File. Once CCI completes its initialization, CPF status will display as CPF(ON), and command propagation and logging will take place.
No TSS commands can be transmitted.
Issued with a TSS MODIFY command to temporarily terminate the CPF subtask and automatically take a dump. The subtask can then be reattached by specifying TSS MODIFY(CPF(ON)).
Identifies the remote CA Top Secret nodes from and/or to which CPF can propagate commands.
(S)—Indicates that the local node can only send commands to the designated remote node.
(R)—Indicates that the local node can only receive commands from the designated remote node.
(C)—Specifies that only administrative command changes and DUF updates are sent to a node.
(P)—Specifies that only password changes and suspensions are sent to a node.
(GW)—Allows a CPF node to act as a CPF gateway or CPF server for another CPF node.
(NB)—Indicates that the node is a no‑broadcast node; used when CPFTARGET(LOCAL) is the default.
Note: User‑initiated changes (such as updated passwords or suspension due to access violations) or duf updates are propagated to those nodes identified by the CPFNODES control option.
Indicates whether the local node will receive commands issued from a remote node that hasn't been defined to the CPFNODES list. The default is NO— the local node will not receive commands from undefined remote nodes.
Sets a default value for the TSS command WAIT keyword.
If CPFWAIT is omitted, CA Top Secret chooses a default of YES. This means that commands are processed on a synchronous basis, requiring the user to wait for the commands to complete on all specified nodes before the local command completes.
If NO is selected, processing occurs asynchronously.
Regardless of whether you select YES or NO, the CPFWAIT control option can be overridden by the WAIT value on the individual TSS command.
Sets a default value for the TSS command TARGET keyword.
The security administrator can select one of three options.
Indicates that, if a target node is not explicitly identified on a command, that command will automatically propagate to those nodes identified by the ACID's DEFNODES.
Note: For more information about the connection between CPFTARGET and DEFNODES, see the Control Options Guide.
Indicates all nodes defined as send‑only or send/receive in the CPFNODES control option. Nodes defined as receive‑only are not included.
Indicates a particular local node.
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|