This document describes how to install Natural Security (product code NSC) on a mainframe computer under all mainframe operating systems and TP monitors supported by Natural using an Adabas database.
The following topics are covered:
Notation vrs or vr: If used in the following document, the notation vrs or vr stands for the relevant version, release, system maintenance level numbers. For further information on product versions, see Version in the Glossary.
The following software must be installed and running before you can install Natural Security:
Natural for batch mode
TP monitor(s)
You are recommended to install Natural Security after all other subproducts of Natural, as this makes defining the subproducts' system libraries to Natural Security easier.
Warning: If you are using parallel versions of Natural Security it is strongly recommended that you always use the highest version to perform data maintenance. |
For further information, see Application Programming Interfaces in the Natural Security documentation.
In addition to the prerequisites described above, the following software must be installed and running in order to use Natural Security in a heterogeneous environment:
Entire Net-Work *
Natural Security for Mainframes (z/OS, z/VSE, BS2000/OSD and VM/CMS) *
* Version as specified under Natural and Other Software AG Products in the current Natural Release Notes for Mainframes.
The following software must be installed as required:
Natural Security for UNIX
Natural Security for Windows
Natural Security for OpenVMS
For further information, see Using Natural Security on Multiple Platforms in the Natural Security documentation.
The following is required:
INPL of the current Natural Security version.
Enable SYSSEC to maintain Natural Development Server specific profiles.
Add basic application profiles to the FSEC system file which are prerequisites for maintaining Natural Development Server specific profiles.
See also Application Protection, Prerequisites in the Natural Security documentation.
The installation tape contains the datasets listed in the table below. The sequence of the datasets is shown in the Report of Tape Creation which accompanies the installation tape.
Dataset Name | Contents |
---|---|
NSCvrs.SYSL |
Natural Security log file |
NSCvrs.INPL |
Natural Security system objects |
NSCvrs.LDEL |
Instructions to delete Natural Security system objects of Version 4.1 |
NSCvrs.VINI
|
Natural Security FDIC initialization file for VSAM system files |
For instructions on copying the datasets from the installation tape to a disk, see the following sections: Copying the Tape Contents to a z/OS Disk and Copying the Tape Contents to a z/VSE Disk.
The installation tape contains the datasets listed in the table below. The sequence of the datasets is shown in the Report of Tape Creation which accompanies the installation tape.
Dataset Name | Contents |
---|---|
NSCvrs.SYSL |
Natural Security log file |
NSCvrs.INPL |
Natural Security system objects |
NSCvrs.LDEL |
Instructions to delete Natural Security system objects of Version 4.1 |
For instructions on copying the datasets from the installation tape to a disk, see the following sections: Copying the Tape Contents to a BS2000/OSD Disk and Copying the Tape Contents to a VM/CMS Disk.
It is recommended that you install Natural Security after all other subproducts of Natural, as this makes defining the subproducts' system libraries to Natural Security easier.
(Job I050, Step 9900)
Only perform this step if you wish to use a new FSEC system file for Natural Security Version 4.2. If you wish to use an existing Version 4.1 FSEC system file, omit this step.
If you wish to have the FSEC as VSAM system file, please refer to the Natural for VSAM documentation for information on how to install the FSEC system file and details concerning restrictions on the use of the FSEC VSAM system file.
Load the Natural Security system file (FSEC) using the Adabas utility ADALOD (ADALOD is described in the Adabas Utilities documentation). Input for ADALOD is the dataset NATvrs.SYSF. The file number you specify for the FSEC system file must be as yet unused.
This step creates an empty system file for Natural Security.
(Job I050, Step 9901)
This step must only be performed if the Natural Security function "Logging of Maintenance Functions" is to be used. Otherwise, omit this step.
Load the log file using the Adabas utility ADALOD (ADALOD is described in the Adabas Utilities Manual). Input for ADALOD is the dataset NSCvrs.SYSL.
This step creates a log file to be used by the above-mentioned function.
(Jobs I060, I080)
Add the following profile parameter to all your Natural parameter modules:
FSEC=(,file-number)
where file-number represents the number of the Natural Security system file - either the new one loaded in Step 1 or the existing Version 4.1 one. (If required, you can also specify a database ID, password and cipher code with the FSEC profile parameter; refer to FSEC - Natural Security System File in the Natural Parameter Reference documentation.)
Repeat jobs I060 and I080 for all your TP monitors.
(Job I061, Step 0099)
This step is optional but recommended to avoid data inconsistencies.
If you are using a Version 4.1 Natural FNAT
system file,
delete obsolete Version 4.1 Natural Security objects by loading the
NSCvrs.LDEL
data set with the Natural
INPL utility.
See also the corresponding step Delete Natural System Objects in the following sections:
Installation Procedure for
Natural under z/OS
Installation Procedure for
Natural under z/VSE
Installation Procedure for
Natural under BS2000/OSD
Installation Procedure for
Natural under CMS
(Job I061, Step 9900)
Once this step has been performed, it is not possible to remove Natural Security from the Natural system file; to remove Natural Security from the system file again, you would have to delete the entire contents of the system file and re-install all Natural components again.
Load the Natural Security modules using the Natural system command INPL described in the in the Natural System Commands documentation.
This step loads the Natural Security modules into your Natural system file (FNAT) under the library ID "SYSSEC" and the logon-processing programs under the library ID "SYSLIB".
This step also results in the creation of the following security profiles and relationships:
A library security profile with library ID "SYSSEC". The library is people-protected ("People-protected" set to "Y" and "Terminal-protected" set to "N").
A user security profile with user ID "DBA", user type ADMINISTRATOR, and password set to "DBA".
User "DBA" is linked to library "SYSSEC" (ordinary link, no special link).
If INPL is executed again for Natural Security, the Natural Security modules will be newly loaded without affecting any objects and relationships already defined after the initial execution of INPL.
If you execute INPL with the option "RECOVER", the user "DBA", the library "SYSSEC", and the link between the two will be redefined as after the initial installation, while all other links to "SYSSEC" will be cancelled.
Invoke Natural.
On the Natural Security logon screen, type in library ID "SYSSEC", user ID "DBA", password "DBA", and a new password, and press ENTER.
Type in the new password again and press ENTER to confirm the password change.
This step must only be performed if Version 4.2 is your first version of Natural Security; that is, if you have not used any previous version of Natural Security. Otherwise, omit this step.
Create a user security profile for each person who is to be a Natural Security administrator; and then link each Natural Security administrator to the library SYSSEC. The following is an example of how to do this.
On the logon screen, type in library ID "SYSSEC", user ID "DBA" and the password as established in Step 5.
The Natural Security Main Menu will be displayed. On this, enter code "M".
A window will be displayed. In this window, mark object type "User" with a character or with the cursor.
The User Maintenance selection list will be displayed. In the command line of the User Maintenance selection list, enter the command "ADD".
A window will be displayed. Choose a user ID for your Natural Security administrator (for example, if the administrator's name were Arthur Dent, you may choose "AD" as his user ID; the following steps will take this as an example). In the window, type in user ID "AD" and user type "A".
The Add User screen will be displayed. Enter the user name "Arthur Dent" and set Private Library to "N" (and press ENTER).
Press PF3. User Arthur Dent is now defined to Natural Security under the user ID "AD".
The User Maintenance selection list will be displayed again. In the "Co" column of the selection list, mark user "AD" with function code "LL".
A window will be displayed. In the window, enter library ID "SYSSEC".
The Link User To Libraries selection list will be displayed. In the "Co" column of the selection list, mark library "SYSSEC" with function code "LK". User Arthur Dent is now linked to library SYSSEC.
In the command line, enter the direct command "LOGOFF". The Natural Security logon screen will be displayed.
Now you can log on to SYSSEC with user ID "AD" and password "AD". When you log on with the new user ID for the first time, you must change the password (by typing in a new password in addition to the user ID and password).
Once you have successfully defined administrators, it may be advisable to delete user DBA to make sure that the user ID "DBA" cannot be used by unauthorized users to gain access to SYSSEC.
Log on to SYSSEC with user ID "AD".
Go to the User Maintenance selection list as described above.
On the list, mark user "DBA" with function code "DE". A window will be displayed, in which you enter and confirm user ID "DBA".
The user DBA is now deleted.
Only perform this step if Version 4.2 is your first version of Natural Security; that is, if you have not used any previous version of Natural Security. Otherwise, omit this step.
Create security profiles for all system libraries of Natural and Natural subproducts installed at your site; see also Adding a New Library in the Natural Security documentation. Refer to the installation instructions for other Software AG products for the corresponding security definitions to be performed.
To automatically create security profiles for system libraries (that is, all libraries whose IDs begin with "SYS"), proceed as follows:
Log on to library "SYSSEC".
On the Natural Security Main Menu, select "Administrator Services".
On the Administrator Services Menu, select the function "Definition of System Libraries".
When you invoke the function, a list of the system libraries of Natural and all Natural subproducts installed at your site will be displayed. For each system library, a library-specific security profile is provided in which all the necessary components are already defined appropriately.
On the list, you can either mark with "AD" individual libraries to which you wish their pre-defined profiles to be applied one by one, or you can choose to have the pre-defined profiles applied to all product system libraries simultaneously by marking the corresponding product with "AD".
Note:
This step should not be performed for SYS libraries containing
Natural utilities, as it is recommended that these utilities be protected as
described in the section Protecting
Utilities in the Natural Security
documentation.
If you use the function "System Libraries Definition" in an initial
installation, you have to set the Natural profile parameter
MADIO
to a
value of at least "2000".
After Step 5 of the installation procedure has been completed successfully, Natural Security is operational.
Repeat the Installation Verification procedure for all Natural subproducts installed at your site.