Previous Topic: Special ConsiderationsNext Topic: TSSXTEND JCL

Creating, Converting or Extending The Security FileCreate the New Security File

Create the New Security File

If the Security File is to be shared with CA Top Secret for z/OS then the file must be created and extended using the z/OS product and not CA Top Secret for z/VM. If sharing with VSE, then extend on the VSE system.

Note: If you are sharing the security file between MVS and VM and the security file under MVS has been created with the AESENCRYPT option, the security file can no longer be shared between MVS and VM.

To create a new Security File

  1. Define the minidisk that will contain the new Security File to the CA Top Secret server directory as the 201 disk.
  2. Define new backup security file to the CA Top Secret server as 501 disk.

    Note: Make this the same size as the new 201 disk.

  3. Place the directory online.
  4. Enter the command: 
    TSS MODIFY(SHUTDOWN)
  5. (X)AUTOLOG the server.

    The server is refreshed with new 201 and 501 mini disks.

  6. From the CA-Activator machine:
    1. Issue CP DETACH 200.

      You will normally receive a message that it does not exist.

    2. Issue CP LINK serverid 201 200 MW
    serverid

    The name of your CA Top Secret server.

    1. Issue TSSCATDK 200 SECFIL.
    2. Create file SECURITY MAIDATA A as needed for your new Security File. For information on the control statements, see the chapter “Generating the Test System” .

      The is a sample of SECURITY MAIDATA:

      	CREATE SECURITY
	DSN=CAI.TOP.SECRET.SECURITY.FILE
	VOLUMES=1000
	BLOCKSIZE=8192
	SDTBLOCKS=2
	ACCESSORS=5000
	SCA=mscaacid/mscapass
	id=PRIMARY
    3. Issue TSSMAINT SECURITY
    4. Issue CP DETACH 200
  7. Have the MSCA submit the TSSXTEND batch job using the JCL described in TSSXTEND JCL.
  8. (Optional) If the Security File encryption key has been changed, rerun the KVC0I050 and KVC0I061 installation tasks.
  9. Create a new Backup File on the CA-Activator machine:
    1. Issue CP DETACH 500.

      You will most likely get a message that it does not exist.

    2. Issue CP LINK serverid 501 500 MW
    serverid

    The name of your CA Top Secret server.

    1. Issue TSSCATDK 500 BCKFIL.
    2. Create file BACKUP MAIDATA A as needed for your Backup File. Use the same parameters used to create the current Security File, with the exception of CREATE (CREATE BACKUP), DSN= (select a new data set name) and (ID=BACKUP).
    3. Issue TSSMAINT BACKUP.
    4. Issue CP DETACH 500.
  10. (Optional) If the new Security File has a different data set name update the data set name in the Parameter File on the CA Top Secret server's 100 disk.

    If the new backup file has a different data set name update the data set name in the Parameter File on the CA Top Secret server's 100 disk.

  11. Change the CA Top Secret service machine directory
    1. Change the 200 disk to another value (old security file).
    2. Change the 500 disk to another value (old backup security file).
    3. Change 201 disk to the 200 disk.
    4. Change 501 disk to the 500 disk.
    5. Place the directory online.

    Note: Do not delete your old Security and backup files until you have verified that the extend function has successfully completed.

  12. Issue a TSS MODIFY(SHUTDOWN)
  13. Re‑(X)AUTOLOG the server

    The directory is refreshed and comes up on the new Security File.

  14. Issue a TSS MODIFY(BACKUP).

    A current copy of the Security File is created on the new backup file.