This document describes installation topics for NETSAF.
The Entire Net-Work SAF Security Interface (NETSAF) installation media contains the following libraries:
Note:
The complete list of libraries provided with Entire Net-Work can be found
in the full Entire Net-Work documentation.
| Library | Contents |
|---|---|
| WAFvrs.JOBS | The sample z/OS job library for Entire Net-Work SAF Security. The vrs in the library name represents the version of Entire Net-Work SAF Security. Jobs SAGI010, SAGI020, and SAGI021, which are used to assemble the NA2PPRM, NA2PSEC, and NA2POS modules, can be found here. |
| WAFvrs.LOAD | The z/OS load library for Entire Net-Work SAF Security. The vrs in the library name represents the version of Entire Net-Work SAF Security. The NETSAF and WAFNUC load modules, which will be copied into one of the Entire Net-Work STEP libraries, can be found here. |
| WAFvrs.SRCE | The z/OS source library for Entire Net-Work SAF Security. The vrs in the library name represents the version of Entire Net-Work SAF Security. Modules NA2PPRM, NA2PSEC, and NA2POS, with the associated macros and the sample parameter module WAFPARM can be found here. |
A sample job is provided for each step in the installation procedure. Sample jobs are contained in the WAFvrs.JOBS library.
Use IEBCOPY to unload the libraries from the NETSAF installation media.
Assemble the system parameter module NA2PPRM to define the required installation options. You may use the sample job SAGI010. The different parameters are summarized below:
The following general parameters influence the operation of the Entire Net-Work SAF Security Interface:
The following parameters are contained in the NA2PPRM macro that is supplied with NETSAF. These parameters are used to secure requests received by Entire Net-Work.
| Parameter | Description |
|---|---|
| NWUNI = {Y|N} | Allow access to undefined resources |
| NWCLASS = ADASEC | Name of general resource class or type |
| NWFLEN = {0|1|2} | DBID/Fnr character string: 0 = 3 digit resource profiles with leading zeros 1 = 5 digit resource profiles with leading zeros 2 = 3 and 5 digit resource profiles, no leading zeros |
| NWCPUID = xxxxxx | CPU ID of the machine considered local |
| NWSUPER = {N|Y} | LPARs are considered local access |
| NWUIDH = x | User ID determination (mainframe) |
| NWUIDU = x | User ID determination (UNIX) |
| NWUIDW = x | User ID determination (Windows) |
| FAILMODE = {F|W} | Reaction to violation: F = Failure W = Warning |
The SAF (RACROUTE) macros used by Entire Net-Work SAF Security Interface must be at the same version as those used at your site. You may use the sample job SAGI020 to assemble NA2PSEC, the module containing these macros.
The parameter STY should be assigned one of the following values: RACF, TSS, or ACF2
Ensure that the REL parameter is set correctly:
For RACF, it should be set to the correct RACF version number.
For CA-TOP SECRET and ACF2, it should be set to the corresponding value for the equivalent level of RACF and not the version of ACF2 or TOP SECRET itself. For example: REL=2.2
You may use the sample job SAGI021 to assemble operating system services module NA2POS.
You have now installed the Entire Net-Work SAF Security Interface (NETSAF).
To verify the installation, activate Entire Net-Work SAF Security Interface on a test node link with FAILMODE initially set to 'W'. When a database access call is received on that link, the following message will be displayed in the console output of the Entire Net-Work job:
SEFM210* SAF GATEWAY IS ACTIVE FOR ENTIRE NET-WORK
Various diagnostic messages will follow, depending on the message level specified for the GWMSGL parameter when the parameter module was assembled in Step 2 of the NETSAF installation procedure.