It is recommended that you read this section from beginning to end before starting the installation process.
This document covers the following topics:
The installation medium contains the datasets listed in the table below. The sequence of the datasets is shown in the Software AG Product Delivery Report which accompanies the installation tape.
If used in the following document, the notation vrs or vr stands for the relevant version, release, system maintenance level number of the product.
| Dataset Name | Contents |
|---|---|
MLCvrs.JOBS |
Sample job library for Software AG's mainframe license check software Notes:
|
MLCvrs.LOAD |
Load library for Software AG's mainframe license check software including the LICUTIL license utility Notes:
|
NPRvrs.JOBS |
Entire System Server installation jobs |
NPRvrs.LOAD
|
Entire System Server load library |
NPRvrs.SRCE
|
Entire System Server source library |
NPRvrs.INPL
|
Entire System Server DDMs, a tutorial and error messages |
NPRvrs.DATA |
Predict data for the Entire System Server |
NPRvrs.LICS |
Product license file For more information on the license check software, see Software AG Mainframe Product Licensing. |
Copy the data sets from the supplied installation medium to your disk before you perform the individual installation procedure for each component to be installed.
The way you copy the data sets depends on the installation method and the medium used:
If you use System Maintenance Aid (SMA), refer to the copy job instructions provided in the System Maintenance Aid documentation.
If you are not using SMA and want to copy the data sets from CD-ROM, refer to the README.TXT file on the CD-ROM.
If you are not using SMA and want to copy the data sets from tape, follow the instructions in this section.
This section explains how to copy all data sets from tape to disk.
Modify the following sample job according to your requirements:
//SAGTAPE JOB SAG,CLASS=1,MSGCLASS=X //* --------------------------------- //COPY EXEC PGM=IEBGENER //SYSUT1 DD DSN=COPY.JOB, // DISP=(OLD,PASS), // UNIT=(CASS,,DEFER), // VOL=(,RETAIN,SER=tape-volser), // LABEL=(2,SL) //SYSUT2 DD DSN=hilev.COPY.JOB, // DISP=(NEW,CATLG,DELETE), // UNIT=3390,VOL=SER=disk-volser, // SPACE=(TRK,(1,1),RLSE), // DCB=*.SYSUT1 //SYSPRINT DD SYSOUT=* //SYSIN DD DUMMY //
where:
tape-volser is the VOLSER
of the tape, for example: T12345,
hilev is a valid high-level
qualifier, and
disk-volser is the VOLSER
of the disk.
Execute the job to copy the data set COPY.JOB to your
disk.
Modify hilev.COPY.JOB according
to your requirements:
Set EXPDT to a valid expiration date, for example,
99365.
Set HILEV to a valid high-level qualifier, for example,
USERLIB.
Set LOCATION to a storage location, for example,
STORCLAS=ABC or UNIT=3390,VOL=SER=USR123.
Execute hilev.COPY.JOB to copy
single, multiple, or all data sets to your disk.
(Job I051, Step 1100)
If you are upgrading from a previous version of the Entire System
Server, scratch libraries SYSNPE and SYSNPR from your
existing installation. Otherwise, skip this step.
(Job I061, Step 1100)
Use the Natural system command INPL (which
is described in the Natural System Commands documentation) in order to load the
Entire System Server system objects (dataset
NPRvrs.INPL).
This loads the following libraries:
| Library | File | Contents |
|---|---|---|
SYSNPR
|
FNAT
|
Installation aid (define DBIDs and define views to Natural Security) |
SYSNPE
|
FNAT
|
Online tutorial |
SYSNPEH1
|
FNAT
|
Help texts (English) |
SYSNPEH2
|
FNAT
|
Help texts (German) |
Add the ASIZE parameter and the following macro
to the Natural parameter module; then assemble and link it. For information on
how to activate this Natural parameter module for your Natural environment,
refer to the Natural Installation documentation for mainframes.
ASIZE=64 NTDB PROCESS,148
ASIZE specifies the size of the auxiliary
buffer. The range of possible values for this parameter depends on the version
of Natural. For example, for version 4.2 and below the minimum value is 36 KB
and the maximum value is 64 KB (but you are recommended to specify a value of
at least 48 KB). For version 8.2 the minimum value is 64 KB and the maximum
value is 512 KB. For other versions, see section ASIZE - Entire System
Server Auxiliary Buffer in the Parameter Reference
chapter of the current Natural for Mainframes documentation.
148 is the database ID with which the Entire System
Server DDMs are cataloged. This does not affect the use of additional Entire
System Server nodes with different node IDs, since these can be addressed via
the NODE field in each Entire System Server view. See also
Multiple
Entire System Server Node Support in the section
Using the Entire System
Server of the Entire System Server
Administration
documentation.
Note:
If you are upgrading from a previous version of Entire System
Server, use the startup parameter NODE to assign
different node IDs to different versions of Entire System Server running on the
same system. You may, for instance, have an earlier Entire System Server
version running in production using node ID 148, and specify
NODE=199 in the startup parameter for the current version during
installation and test.
Ensure the Natural profile/session parameter LE
is set to OFF, otherwise you may experience problems with the
Online Tutorial.
If you want to change default values, edit modules
NATPNIP and ESYNODTB.
Assemble both and link them as described in the section Installing the Entire System Server Interface in the Natural Installation documentation for mainframes.
NATPNIP contains the following parameters and
defaults:
BUFLEN=8192
|
Length of all Adabas buffers. |
NUMREQ=5
|
Number of parallel requests. |
MAXCBL=3000
|
Complex FIND buffer length.
|
MAXEDL=3000
|
Editor session buffer length. |
EXTUSER=INIT-USER
|
When running under CICS or IMS, which user ID should be
fetched to be shipped to RACF/ACF2/TSS (*INIT-USER
or *USER in Natural).
|
ESYNODTB contains the following parameters and
defaults:
This module contains mnemonic names for Entire System Server
nodes. In the DDMs, there are fields called NODE and
NODE-NAME. The field NODE directs a call directly to
this Entire System Server. The field NODE-NAME is translated into
a node number depending on the contents of this table. We recommend, that you
use your system ID as name.
The macro NAMXNOD generates table entries. The last
macro call must be used with parameter LAST=Y to set end-of-table
identifier.
Example:
NAMXNOD ID=148,NAME=PRODUCTION-1 NAMXNOD ID=149,NAME=PRODUCTION-2,LAST=Y
The module ESYNODTB must also be linked to module
XCOMV026 into the Entire System Server target library. (SMA Job
I055, Step 1108).
If default values are changed, relink Natural as described in the section Installing the Entire System Server Interface in the Natural Installation documentation for mainframes.
(Job I200, Step 1100)
This step is optional.
All Entire System Server views have been documented in Software AG's
repository Predict. The NPRvrs.DATA
dataset on the installation tape contains these Predict view descriptions that
can be loaded with the MIGRATE/COORDINATOR utility in Predict (Job
I200, Step 1100).
The MIGRATE/COORDINATOR utility is described in the
Predict Reference documentation.
If, however, you have already loaded these descriptions from any
previous of the Entire System Server (or Natural Process), you must also logon
to Predict's online system to check the database name of DBID 148,
to which the views are linked. Its name must be
ENTIRE-SYSTEM-SERVER. If it is not, change the database name
before running Job I200, Step 1100 to load the dataset
NPRvrs.DATA.
If Natural Security is installed, define libraries
SYSNPE, SYSNPR, SYSNPEH1 and
SYSNPEH2 to Natural Security. If these applications are to be
people-protected, link to them those user IDs that require authorization.
Define libraries without XREF = YES to load all objects.
SYSNPE contains the online tutorial;
SYSNPEH1 and SYSNPEH2 contain online help
information;
the installation aid in library SYSNPR can be used to
apply initial security definitions for the Entire System Server views.
Define APF authorization for the Entire System Server load library by
updating the member IEAAPFxx in library
SYS1.PARMLIB. You may also use the APF statement in a
PROGxx parmlib member to define the Load Library in
the APF-authorized list.
Ensure that all libraries in the STEPLIB concatenation of
the Entire System Server started task in Step 12 are APF-authorized.
Note:
If the library is not authorized, certain Entire System Server
functions return an appropriate response code, and at startup time the
following message appears on the console:
ESY0050W ENTIRE SYSTEM SERVER IS N O T APF AUTHORIZED
(Job I070, Step 1100)
Edit the parameter module XCOMPARM to set the correct
startup parameters. This member is created with Job I070, Step 1100 and
contains some default values.
For a description of the parameters and an example, see the section Startup Parameters of the Entire System Server Administration documentation.
(Job I070, Step 1101)
Edit the example member XCOMSTC (Entire System Server's
started task). This member is created with Job I070, Step 1101.
The following is an example of Entire System Server subtask JCL. Note that the load libraries must be concatenated and APF-authorized:
//NATPROCS PROC //********************************************************************** //* Entire System Server Start-up Procedure //* //* Make the following substitutions //* //* &NPRSRCE - Entire System Server source library //* &NPRLOAD - Entire System Server load library //* &ADALOAD - Adabas load library //* &MLCLOAD - Mainframe license check load library //* &NPRLICS - License Key File //* //* Define the libraries in the steplib as APF authorized. //* Adapt all necessary parameters (see DD-CARD 'PARMS'). //* //* //********************************************************************** // EXEC PGM=NPRINIT,REGION=3M,TIME=1440 //STEPLIB DD DSN=&NPRLOAD,DISP=SHR // DD DSN=&ADALOAD,DISP=SHR // DD DSN=&MLCLOAD,DISP=SHR //LICENSE DD DSN=&NPRLICS,DISP=SHR //LICREP DD SYSOUT=X //SYSPRINT DD SYSOUT=* //SYSUDUMP DD SYSOUT=* //* //PARMS DD DSN=&NPRSRCE(XCOMPARM),DISP=SHR //*
In the above example, member XCOMPARM in the Source
Library referenced by the PARMS DD statement contains the Entire
System Server startup parameters. For a description, see the section
Startup
Parameters of the Entire System Server
Administration
documentation.
Also, the license necessary to run the Entire System Server is verified.
This started task starts the Entire System Server.
//JOB card //ESYTRACE EXEC PGM=ESYTRACE,PARM='199 --DISPL --NTROUT --POLL' //STEPLIB DD DSN=your.load.library,DISP=SHR //SYSPRINT DD SYSOUT=* //
Create the JCL to execute the program ESYTRACE. It
analyzes the TRACE data of Entire System Server, if the startup
parameter TRACE=YES is defined.
In order to start ESYTRACE in Monitor mode, the
parameter 199 --POLL is specified. The assignment of
DDNAME TRACEIN is not needed here, because all data is read from
the memory pool only. The analyzed and edited TRACE data will be
written to SYSPRINT due the --DISPL
parameter. It may also optionally be written to a file identified by the DDNAME
TRACEOUT, however, in the above example this is suppressed by the
--NTROUT parameter.
This task must be stopped explicitly with the operator command
F jobname,QUIT
due to the argument --POLL.
For more information, see Creating Trace Data in the Entire System Server in the section Common Entire System Server Features of the Entire System Server Administration documentation.
Edit member VTAMNATP and save it in VTAM's online Source
Library SYS1.VTAMLST.
The name specified in the ACBNAME parameter
should be identical to Entire System Server's VTAMACB
startup parameter. (This can be skipped if VTAMACB=NONE is
specified.)
The VTAM interface is used in the view NET-OPER to
enable VTAM commands. By means of the view NET-OPER, you may send
any VTAM command to VTAM without using the system console.
Another VTAM interface is used inside Entire System Server, which prints data to any VTAM printer; this feature is available with Entire Output Management.
Ensure that the major name is different from the minor name.
To simplify installation, the sample security exits from the distributed source library have already been assembled and linked into the distributed load library. If no modifications to these exits are needed to satisfy special security requirements, this step can be skipped.
(Job I055, Steps 1110-1116)
Steps 1110-1116 delete the pre-linked load-modules with the suffix RACF and are necessary if you want to execute steps 1120-1126. Note that you must edit steps 1110-1116 specifying the volume where the Entire System Server load lib is allocated, and the volume type (3380, 3390, ...).
(Job I055, Steps 1120-1126)
Steps 1120-1126 assemble and link all exits with suffix RACF for RACF, CA-ACF2, or CA-TOP SECRET.
When assembling the LOGVRACF exit, be sure to include
your current Adabas source library in the Assembler SYSLIB DD
statements.
Security exit modules are loaded at Entire System Server startup and
are used by various view processors. The names of the security modules loaded
are determined by the specification of the Entire System Server
SECURITY parameter which consists of a 4-byte suffix
(see the section Startup
Parameters of the Entire System Server
Administration
documentation).
Sample security exits for CA-ACF2, CA-TOP SECRET and RACF installations are contained in the distributed Source Library. You may assemble and link these using Job I055 as described above. These exits are intended as examples and may require modification to meet your site requirements. The following table lists the sample security exits provided together with the relevant view names:
| Exit Name | Views |
|---|---|
DSNVRACF
|
ACCOUNTING, CATALOG-UPDATE,
CHECK-SECURITY, COPY-FILE,
FILE-ALLOCATE, FILE-MAINTENANCE,
IEBCOPY, LIB-DIRECTORY, LIB-UPDATE,
LIB-ZAP, LIST-VTOC, READ-FILE,
SUBMIT, VTOC-UPDATE, WRITE-FILE
|
IDCVRACF
|
IDCAMS
|
JESVRACF
|
CONSOLE-LOG, READ-SPOOL,
SPOOL-UPDATE, SPOOL-FILES, SPOOL-UPDATE
|
LOGVRACF
|
NATPROC-LOGON
|
OPRVRACF
|
ALLOCATIONS, CONSOLE,
LOADED-MODULES, MAIN-STORAGE,
SPOOL-UPDATE, TCB
|
SUBVRACF
|
SUBMIT
|
VTMVRACF
|
NET-OPER
|
The following table shows the register settings on entry:
| Register | Convention |
|---|---|
R1
|
Exit parameter list (see below for examples) |
R13
|
18-full word save area |
R14
|
Return address |
R15
|
Entry point address |
Below are parameter lists of the example user exits provided in source form in the distributed Source Library. They can be changed to suit your site requirements:
| Exit Name | Description | Parameters | Upon Return: |
|---|---|---|---|
DSNVRACF
|
Dataset verification |
|
If R15=0, access allowed.Else, R15 ==> error text.
|
IDCVRACF
|
IDCAMS verification
|
|
If R15=0, access allowed.Else, R15 ==> error text.
|
JESVRACF
|
Spool interface |
|
If R15=0, access allowed.Else, access denied. |
LOGVRACF
|
Logon/logoff procedure |
|
If R15=0, logon OK.Else, R15 ==> error text.
|
OPRVRACF
|
|
|
If R15=0, logon OK.Else, R15 ==> error text.
|
SUBVRACF
|
Submit exit |
|
If R15=0, logon OK.Else, R15 ==> error text.
|
VTMVRACF
|
VTAM command validation |
|
If R15=0, logon OK.Else, R15 ==> error text.
|
Note:
All user exits must be reentrant. The Entire System Server dynamic
work area is accessible by all user exits. A copybook containing the layout of
this work area is also contained in the distributed Source Library under the
name VIEWWK. The task table is in XCOMTSDS.
See also Setting Up RACF Security for Operator Commands on z/OS in the section z/OS Considerations of the Entire System Server Administration documentation.
If you intend to use the Entire System Server under Com-plete, you
may have to adjust the setting of the ADAROLL,
ADACALLS and ADASVC5 parameters
(see the Com-plete System Programmer's Manual).
In order to use the SEND-MESSAGE function to users of
Com-plete, the Entire System Server must be treated as a batch job from
Com-plete's point of view. The subsection Batch in the
section Software Interfaces in the Com-plete
System Programmer's Manual applies here. Note the
following:
Link the COMPBTCH module to the Entire System Server
library and link the module XCOMV019 to COMPBTCH
using Job I055, Step 1105.
The following DD card must be added to the Entire System Server JCL:
COMBTCH DD DSN=NODEvrs.SVCsss,DISP=SHR
where vrs is the Com-plete
node number given by the (Com-plete) ACCESS-ID sysparm, and
sss is the Adabas SVC number given by
the ACCESS-SVC sysparm.
The TUBATCH module must be included in the
STEPLIB concatenation of the Entire System Server JCL.
The Entire System Server logs on to Com-plete with the name of its started task and sends the message(s).
Note:
One Entire System Server can send to only one Com-plete.
SEND-EMAIL view requires
Domain Naming Services to resolve the local host name and the E-Mail target
host. In order to get the required Domain Naming Service running properly, a
SYSTCPD DD card may be required in the Entire System Server
started task to specify your installation TCPIP.DATA data set.
Contact your network administrator to determine if and how the
SYSTCPD DD statement should be coded in order to run DNS properly.
The Entire System Server Started Task and all users requesting
SEND-EMAIL view must be defined with a proper user ID for z/OS
UNIX. Error message ESY5897 Mailer response: errno 0156 in EZASMI
INITAPI reporting errno 156 (EMVSINITIAL) is
returned as ERROR-TEXT if the requesting user ID is not properly
defined for z/OS UNIX. This error message is also issued if the
MAXPROCUSER limit of z/OS Unix has been exceeded. In this case a
higher value for MAXPROCUSER needs to be specified in the
BPXPRMxx parmlib member.
For more information about E-Mail administration, see the Run E-Mail Client in the section Common Entire System Server Features in the Entire System Server Administration documentation.
TSO/E commands issued by the SYSTEM-COMMAND view are now
executed in an APPC/MVS transaction outside the Entire System Server address
space. This transaction, its associated resources and their properties must be
defined to APPC/MVS and VTAM.
For details of the required APPC/MVS definitions, see APPC/MVS Definitions for the SYSTEM-COMMAND View in the section z/OS Considerations in the Entire System Server Administration documentation.
An installation aid is contained in library SYSNPR. This
installation aid can be used to change the DBIDs (node numbers) of Entire
System Server views, and to define views to Natural Security.
For sites running Software AG's data center products: for all users
running as subtask in Entire System Server address space who logon to Adabas,
ETID=' ' (blank) must be set in the Natural Security
profile. This also applies to standard users NOPMON,
NOMMON, NCLMON, NOMARC,
NOMREV, NOMPRT.
If you experience a security message during startup like:
ICH408I USER(SAG2 ) GROUP(SAGTEST ) NAME(TEST ID )
MVS.MCSOPER.ESY148CO CL(OPERCMDS)
WARNING: INSUFFICIENT AUTHORITY - TEMPORARY ACCESS ALLOWED
FROM MVS.MCSOPER.* (G)
ACCESS INTENT(READ ) ACCESS ALLOWED(NONE )
then you have to give READ access to the MCS console
for the task started by the Entire System Server in your
Security system. Contact your RACF/ACF2/TOP-SECRET administrator for assistance.