This document covers the following topics:
To use Entire Systems Management Adapter, you must start an
Entire Systems Management Adapter node. This happens when you start the Entire
Systems Management Adapter ESAMAIN
task under TSOS. All other
tasks required for an Entire Systems Management Adapter node will then be
automatically started by the ESAMAIN
task. All tasks are running
with the same user ID i.e. TSOS. See also
Step 2: Edit the
Entire Systems Management Adapter Jobs in the
Installation documentation.
There are several ways to terminate an Entire Systems Management Adapter node. The usual method is to issue the console command
/INTR tsn,ESAEND
where tsn is the TSN assigned to the
ESAMAIN
task.
This will automatically end all tasks belonging to that Entire Systems Management Adapter node.
For information on how to terminate Entire Systems Management Adapter via operator command, see Operator Commands in the Administration documentation.
Another way to terminate an Entire Systems Management Adapter
node is to issue FUNCTION= 'XEND'
in the view processor
NATPROC-USERS
.
You can also run the program ESASTOP
to shutdown
Entire Systems Management Adapter. It must be executed with the same user ID as
the Entire Systems Management Adapter, that is, as user TSOS.
The program ESASTOP
is driven by parameters obtained
from SYSDTA
. Job name or TSN of the ESAMAIN
task can
be specified. The following syntax must be used for the parameters:
-J jobname | --JNAME jobname -T tsn | --TSN tsn
The parameter --JNAME
is recommended for a
generic setup of program ESATRACE
.
A sample job is listed in Step 2: Edit the Entire Systems Management Adapter Jobs in the Installation documentation.
Entire Systems Management Adapter under BS2000 consists of several tasks.
The ESAMAIN
task is started manually by the operator
or by a startup script. This main task spawns a number of other tasks according
to the definitions in the startup parameter file.
Problems arise if the JOB-CLASS-LIMIT
of the
operating system is exhausted.
Entire Systems Management Adapter cannot work properly if some ESA tasks are still held in the wait queue. This state must be avoided by appropriate operator interventions.
A timer-controlled routine in the ESAMAIN
task
regularly checks the state of all ESA tasks. For example, the status of the
started ESASERV
tasks and their workload.
Communication between the different ESA tasks is established via Eventing and Common Memory Pools. Forward Eventing is used for performance reasons.
The Natural applications and Entire Systems Management Adapter use the TCP/IP communication for transport of user data and for mutual communication between the different Operating Systems
Modules are link-edited to reduce the ESA startup duration. Apart from that, there is a strict distinction between the delivery library and the user library. While the delivery library contains the original ESA modules only, Customers user exits are kept in the ESA user library.
All ESA startup jobs contain the assignment of the ESA module
library via LINK-NAME 'DDLIB2'
and the assignment of a
customer-specific ESA user library via LINK-NAME 'BLSLIB00'
. This
user library is searched for required modules alternatively, if nothing was
found in the library assigned via LINK-NAME 'DDLIB2'
.
To run different configurations, some modules must be loaded dynamically.
All Entire Systems Management Adapter components run in
AMODE 31
(AMODE
= addressing mode). This is
independent from settings in the job control.
At program termination, the Entire Systems Management Adapter components set a return code, which is transferred to a monitoring job variable.
The status display for successful execution is C' $T
0000'
, the status for abnormal termination is C' $A 0008'
.
The Entire Systems Management Adapter tasks access datasets and other resources as requested by the Natural user on Linux x64. To be able to do this for various users, the Entire Systems Management Adapter must run under BS2000 user ID TSOS. Users' access rights are checked by the Entire Systems Management Adapter in order to provide access to BS2000 objects in the same range as if working under TIAM. Therefore, the Natural user must identify themself to Entire Systems Management Adapter before any view can be accessed.
A logon operation must be performed, specifying the user's system
user ID and password. If SECURITY=BS2
was specified in startup
parameters, user ID and password are checked against the system's user
definition file (TSOSJOIN). If this validation is successful, the user ID will
from then on be used for future validations until it is changed by another
logon operation.
If the user attempts to access a view before logging on, Response
Code 510
(LOGON REQUIRED
) is returned. However, if
the startup parameter AUTOLOG
is set to
YES
, an implicit logon is performed as part of the first user
request.
If the Natural user ID is not defined in BS2000, Response Code
510
(LOGON REQUIRED
) is returned.
The Entire Systems Management Adapter online tutorial contains a
sample logon program that uses view NATPROC-LOGON
.
If SECURITY=USER
is specified in the startup
parameters, exit USERLSEC
is called to check the user ID and
password as required at your site, and not against the system's user definition
file (TSOSJOIN
). For a sample exit USERLSEC
, see the
supplied Source Library.
If no security system interface is requested (startup parameter
SECURITY=NONE
), no security check is performed and all logon
attempts will be successful. If in this case the Natural user ID is not defined
in BS2000, only functions which do not require a BS2000 user ID are available
(such as EVENTING
).
If the Siemens software product SECOS is installed at your site, please note that the Entire Systems Management Adapter must be authorized to access any object that any of its users should be able to access.
This means that the Entire Systems Management Adapter user ID
(TSOS) has to be defined in every access control list (ACL) of those objects.
For SECOS V2 it is sufficient to define the program ESASERV
from
the Entire Systems Management Adapter Module Library in any GUARD concerned, if
GUARDs are used.
The Entire Systems Management Adapter can run without the
UCON
interface. However, it is required if you wish to use views
SEND-MESSAGE
or CONSOLE
.
The UCON
interface of Entire Systems Management
Adapter is activated by a separate task which opens a DCAM application and
connects to UCON
($CONSOLE
).
To enable the UCON
interface task to connect to
UCON
, you must define an authorization name for Entire Systems
Management Adapter in BS2000 generation and you must define this name as BS2000
user ID. You must specify this user ID, as well as the password defined for it,
as parameter of program ESACONS in the JCL to start the Console Task of Entire
Systems Management Adapter. See also
Step 2: Edit the
Entire Systems Management Adapter Jobs in the
Installation documentation.
You must authorize the user ID to issue certain operator commands.
ESA does not require operator command authorization keys, but the ESM monitors
do. Therefore, you must authorize the user ID to issue all operator commands
needed by the ESM monitors to support full functionality. For example, Entire
Output Management needs the authorization key of operator command
/CANCEL-JOB
.
The required authorization keys for the UCON
user ID
are listed in the documentation of the various ESM products.
If your application issues operator commands, the Administrator
must authorize the UCON
user ID to execute that command.
With startup parameter CONACCESS
, the use of
console functions can be restricted for all users on the respective node.
If WRITE
is specified for CONACCESS
, an
exit can be used to further restrict the use of the OP-CMD
function of the CONSOLE
view. Whenever the CONSOLE
view is called with FUNCTION=OP-CMD
, the USERCSEC
module in the Entire Systems Management Adapter User Module Library gets
control (if it exists). The caller's user ID, as well as the command string, is
passed to the exit as input parameters, and the exit checks whether the user is
authorized to issue the command. If the user exit USERCSEC
does
not exist, all operator commands are accepted.
For a sample exit USERCSEC
, see the supplied Source
library. See CONACCESS
for a
description of this parameter.
The SYSTEM-COMMAND
view allows to issue a BS2000
command in a Natural program. The view passes the data to the macro command
language processor and returns the result to the calling Natural application.
An exit must be activated to restrict the use of system commands.
Whenever the SYSTEM-COMMAND
view is called, the
USERSSEC
module in the Entire Systems Management Adapter User
Module Library gets control (if it exists). The caller's user ID, as well as
the command string, are passed to the exit as input parameters, and the exit
checks whether the user is authorized to issue the command. If user exit
USERSSEC
does not exist, view SYSTEM-COMMAND
is
completely disabled.