Throughout nearly every working day, changes are being made to the records in the Security File, whether explicitly by security administrators using the CP command, implicitly by users' changing their passwords, or automatically by CA Top Secret as through suspension or expiration of ACIDS. Therefore, proper backup and recoverability is a perpetual concern, because at no time can a backup CA Top Secret Security File be guaranteed to be truly current. Fortunately, each Security File change is also written as a change record to the CA Top Secret Recovery File. By combining the change records with the most current CA Top Secret Backup File, you can easily recreate your Security File with no loss of information.
In order for this recovery mechanism to function, both the Recovery File itself and a good backup obviously must be available in the absence of the Security File. This means that the keys to recoverability are placement of data sets and timing of disk-to-tape backups; both of these must be addressed in your recovery planning. In doing so, you should consider two possible recovery scenarios: the first is loss of only the Security File, and the second, loss of the entire Security Data Base.
The first scenario is partially an engineered situation; that is, it is the easiest from which to recover and the ideal to which you should strive in allocating your CA Top Secret security data sets. Since catastrophic loss of access to data is most commonly associated with a single DASD unit or actuator (whether due to DASD hardware or media failure, accidental scratch, loss of a path to the device, or some other cause), you naturally want to ensure that such a failure will not take out both the Security file and the components needed to rebuild it. Placing the Backup and Recovery files on a separate physical DASD unit (ideally on a string attached to a different storage director or, if possible, a different channel) from that of the Security File reduces the likelihood of such a multiple loss. In this case, if access to the Security File is lost, you can bring CA Top Secret up on the Backup File, apply the changes from the Recovery File that is already online, and quickly resume full security system operation while you work to resolve the problem.
You must also prepare for the second scenario, in which you do not have immediate access to a valid Backup File and/or Recovery File, or the Backup File is not usable. In such a case, you need to restore one or both from tape before you can attempt to restart CA Top Secret. Your recovery implementation plans need to include specific procedures for the backup and offsite storage of all CA Top Secret data sets. The best time to back up these data sets is immediately following CA Top Secret's automatic disk-to-disk daily backup. CA Top Secret quiesces all updates to the Security File for the duration of the automatic backup to prevent propagation of partial updates and ensures that the backup copy is usable. This backup copy is the preferred data set to restore from tape should the need arise, although it is recommended that you back up the Security File as well, just to be safe.
Whatever method or product you use to back up these files, you must be sure that all the necessary tools are available when the time comes to restore it. For instance, if you use an MVS-based utility to produce the backups and need to restore them on a VM system, be sure that you have a standalone version of the utility for use in a virtual machine.
It should also be noted that, if the current online Recovery File is unavailable, you probably are not able to fully reproduce the lost Security file. Assuming that you have access to the most recent backup file, or to a backup of the Recovery File, your data should be no more than twenty-four hours out of date.
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|