Security in a host-to-host multi-CPU environment

Overview

If you intend to allow online users access to Beta product subsystems on remote CPUs, you must initialize the remote security environment on the local CPU.

To do this, you must perform the same Beta product subsystem initialization (via the program BST01ARI, during IPL or in batch) on the local CPU as on the remote CPU where the Beta product subsystem actually resides.

Definitions

For example, if your local OCF node subsystem ID is B09P, and the remote Beta product subsystem ID your local online users require access to is B92P, then the following IEFSSNxx definitions must be accessible to the local z/OS system:

+------------------------------------------------------------------------+
|B09P,BST01ARI,'BETA.PARMLIB(B09SSI00)' |
|B92P,BST01ARI,'BETA.PARMLIB(B92SSI00)' |
+------------------------------------------------------------------------+

You can also define and initialize the subsystems dynamically. For each subsystem, enter the command SETSSI ADD,SUB=ssid and then run B09INIT/B92INIT on the local CPU.

SVC number

In addition, the SVC number specified in B92SSI00 (using the SVC= parameter) must be initialized on the local z/OS system. If the Beta SVC number in use on the remote system is different from the one in use on the local system, you must change B92SSI00 (by copying it to a new member such as B92SSI01) so that it contains the Beta SVC number in use on the local system, and use the following IEFSSNxx entries instead:

+------------------------------------------------------------------------+
|B09P,BST01ARI,'BETA.PARMLIB(B09SSI00)' |
|B92P,BST01ARI,'BETA.PARMLIB(B92SSI01)' |
+------------------------------------------------------------------------+

Security exits

Finally, the security exits and security environment used for online users working on the remote CPU must also be available on the local CPU. This is because security checking (logon and access validation) is always performed on the local CPU, even if access is to a remote Beta product subsystem.

For more information on defining the Beta product subsystems and security environments to z/OS, please refer to the appropriate Beta product Installation and System Guide.