This document covers the following topics:
All modules required to perform an Entire System Server function
are dynamically loaded into the caller's address space at request. You must
therefore assign the Entire System Server Module Library to link name
DDLIB2 before the Natural session is started.
A startup parameter file should be assigned to link name
PARMS. If not, the default values for all startup parameters are
used as far as they exist. For example, the parameter
PRODUCT has no default and therefore no LMS functions
can be performed if no startup parameter file is assigned.
The Entire System Server session is terminated when the Natural session is terminated.
To use Entire System Server in multi-user mode, an Entire System
Server node must have been started, that is, the Entire System Server
ESYMAIN task must have been started under TSOS. All other tasks
required for an Entire System Server node will then be automatically started by
the ESYMAIN task. All tasks are running with the same user ID i.e.
TSOS. See also Step 8: Edit the Entire
System Server Jobs in the
Installation for
BS2000 documentation.
This mode is a variation of the existing Multi-User Mode.
Therefore, parameter SERVER-PER-USER was introduced with NPR361.
SERVER-PER-USER=YES is used to start ESYSERV tasks as jobs under
the user ID of the requesting user but not as privileged TSOS tasks. This
simplifies the request processing in the Entire System Server. The Operating
System performs all the necessary security checks. There is no need to do such
a check in ESY anymore. Features like Coowner-Support are supported with the
Server-per-User Mode.
The Server-per-User Mode is based on the privileged /ENTER and the dynamic server feature.
The initialization of NPR361 modifies the following parameter
settings internally if SERVER-PER-USER=YES was specified:
AUTOLOG = NO
JOBENT = YES
SDF-P = NO
SECURITY = BS2
SERVER-DYN = NO
The job control E.ESYSERV must not contain a user ID
for the assignment of the SYSLST files because all users are using
this job control. The module libraries NPR361.MOD and
NPR361.USER.MOD must be cataloged as shareable and must reside on
a pubset accessible by all users.
Only one ESYSERV task is started under TSOS during
initialization to handle requests like SYSTEM-INFO and
NATPROC-USERS. These views do not require a user being logged
on.
Parameter NUMTASK is ignored at startup.
NPR361 starts an ESYSERV task whenever a user issues
a NATPROC-LOGON. LOGON-ID, ACCOUNTING
and PASSWORD of the NATPROC-LOGON request are used
for the /ENTER command and an error is returned if there was a
problem with the supplied credentials. This procedure does not require a
privileged /ENTER.
The user specific ESYSERV task is stopped after elapsed SERVER-NONACT. The next user request will not find a running ESYSERV task. In order to avoid an extra NATPROC-LOGON, a privileged /ENTER has to be used since the password is not known at that time
There are several ways to terminate an Entire System Server node. The usual method is to issue the console command
/INTR tsn,ADAEND
where tsn is the TSN assigned to the
ESYMAIN task.
This will automatically end all tasks belonging to that Entire System Server node.
For information on how to terminate Entire System Server via operator command, see Operator Commands in the Entire System Server Administration documentation.
Another way to terminate an Entire System Server node is to issue
FUNCTION= 'XEND' in the view processor NATPROC-USERS.
As of Version 3.1.1 of Entire System Server, you can run the
program ESYSTOP to shutdown ESY. It must be executed with the same
user ID as the Entire System Server, that is, as user TSOS.
The program ESYSTOP is driven by parameters obtained
from SYSDTA. Job name or TSN of the ESYMAIN task can
be specified. The following syntax must be used for the parameters:
-J jobname | --JNAME jobname -T tsn | --TSN tsn
The parameter --JNAME is recommended for a
generic setup of program ESYTRACE.
A sample job is listed in Step 8: Edit the Entire System Server Jobs in the Installation for BS2000 documentation.
Entire System Server under BS2000 consists of several tasks.
The ESYMAIN task is started manually by the operator
or by a startup script. This main task spawns a number of other tasks according
to the definitions in the startup parameter file.
Problems arise, if the JOB-CLASS-LIMIT of the
operating system is exhausted.
Entire System Server cannot work properly, if some ESY tasks are still hold in the wait queue. This state must be avoided by appropriate operator interventions.
A timer-controlled routine in the ESYMAIN task
regularly checks the state of all ESY tasks,for example, the status of the
started ESYSERV tasks and their workload.
Communication between the different ESY tasks is established via Eventing and Common Memory Pools. Forward Eventing is used for performance reasons.
The Natural applications and Entire System Server use the Adabas communication for transport of user data and for mutual communication between the different address spaces. The ESY node is addressable like an Adabas nucleus and thus visible via appropriate utilities.
The library concept of Entire System Server under BS2000 has been completely revised for Version 3.1.1.
The modules are link-edited to reduce the ESY startup duration. Apart from that, there is a strict distinction between the delivery library and the user library. While the delivery library contains the original ESY modules only, Customers user exits are kept in the ESY user library.
All ESY startup jobs contain the assignment of the ESY module
library via LINK-NAME 'DDLIB2' and the assignment of a
customer-specific ESY user library via LINK-NAME 'BLSLIB00'. This
user library is searched for required modules alternatively, if nothing was
found in the library assigned via LINK-NAME 'DDLIB2'.
To run different configurations, some modules must be loaded dynamically.
The Server-per-User Mode requires access of all ESY users to the module libraries assigned in the job control of the ESYSERV task. Therefore, these libraries have to reside on a pubset accessible by all ESY users and they have to be shareable.
As of Version 3.1.1, all Entire System Server components run in
AMODE 31 (AMODE = addressing mode). This is
independent from settings in the job control.
At program termination, the Entire System Server components set a return code, which is transferred to a monitoring job variable.
The status display for successful execution is C' $T
0000', the status for abnormal termination is C' $A 0008'.
Entire System Server enables the operation of System Automation Tools (e.g., Entire Output Management (EOM), Entire Operations (EOR)) as subtasks in the address space of ESY (z/OS, z/VSE) or as pseudo subtasks, i.e., standalone tasks (BS2000. These System Automation Tools (SAT) are applications on the basis of Natural, which require a Batch-Natural as engine.
SAT products are started by means of ESY startup parameters.
This section offers an overview of the interfaces between ESY and SAT and deals with the configuration in the overall context.
As Natural subtasks are implemented as separate tasks under
BS2000, the definition of job control instructions is required. The ESY startup
parameter JOBNATSUB specifies the location of the
SAT-ENTER job. Apart from that, the following can be defined:
the attributes for the SAT-ENTER job
(PRMNATSUB parameter)
the maximum number of pseudo Natural subtasks
(NATNUMSUB parameter)
and as of ESY Version 2.2.2, the input control of dynamic
Natural parameters (NATDYNPAR parameter).
The SAT-ENTER job, which is started during the
initialization of Entire System Server, reads initialization data and starts
the configured SAT products according to the set up definitions.
In general, a distinction must be made between the start of the
SAT products via the macros SATSTART TYPE=BATCH and SATSTART
TYPE=SUBTASK. To obtain a complete interaction of the SAT products with
ESY, the SATP member (see SAT Installation and
Customization for details) for the SATSTART macros
should always use the TYPE=SUBTASK type. This ensures that both
control functions and the Entire System Server shutdown interact with the SAT
subproducts. TYPE=BATCH jobs are not known to Entire System
Server.
The products started by SAT (for example, EOM, EOR) run via
separate ENTER jobs. In case of SATSTART TYPE=SUBTASK
a job-skeleton is used for these ENTER tasks, which in the past
had to be part of the ESY module library in object module format. As of ESY
3.1.1, this job skeleton is definable as part of the ESY startup file.
ESY 3.1.1: NATURAL-SUB-TASK job skeleton as part of the ESY startup parameter file
The job skeleton must not be converted into object module
format any more. It can be defined at any location in the ESY startup parameter
file and must be started using the keyword SATSKEL-BEGIN and
terminated with the keyword SATSKEL-END.
The jobs P.NSBTSKIS and
P.NSBTSKSD are still delivered as ESY source library elements, but
they are only included for compatibility reasons.
The following abridged example of an ESY startup parameter file illustrates the keyword usage:
NODE=113 TIME=30 ... more parameters ... JOBNATSUB=$NPR.E.SAT.113 PRMNATSUB=RESOURCES=*PAR(CPU-LIMIT=*NO) NATDYNPAR=FILE NATNUMSUB=20 * SATSKEL-BEGIN /.&UID LOGON ... more JCL ... / LOGOFF SYS-OUT=DEL SATSKEL-END
A complete example is part of the delivery files. A comprehensive description is provided in the section Startup Parameters.
Starting with ESY 3.1.1, the enhanced LIST function
of view NATPROC-USERS displays all internal tasks in addition to
the ESY users, if the new field FULL-SCAN = 'YES' has been
specified. It allows to control ESY tasks with a Natural program.
The operator command SHUTDOWN stops
SAT components. New with ESY 3.1.1 is the operator command START
ALL to restart SAT without restarting ESY. The SAT mother task
will be started again to respawn all configured ESM monitors.
START ALL may be used only if the entire SAT
environment has previously stopped on its own or has been stopped by operator
command SHUTDOWN ALL. Both commands in conjunction
allow to "bounce" SAT during normal operation of ESY.
Please note that the operator command
SHUTDOWN can address individual SAT products via
parameters while the START command only accepts
parameter ALL.
Entire System Server must stop all NATURAL-SUB-TASKS
before shutting down. The stop request is published by ESY to all ESM monitors.
Having communicated the termination information, ESY checks the status of the
NATURAL-SUBTASKS over short time intervals. If they have
terminated on their own, shutdown will be continued. In the meantime, user
requests are still processed, as if the shutdown command had not been issued.
This procedure is called "Deferred Shutdown".
New startup parameter SHUTDOWN-MAX-DELAY
limits the Deferred Shutdown to a specified number of seconds. If the time
limit has been exceeded, Entire System Server will terminate without properly
closing down the SAT tasks.
If this situation occurs, you must check why the SAT products did not stop within the defined time interval. In this case, Software AG support should be consulted, if necessary.
As the SAT monitors have wait cycles,
SHUTDOWN-MAX-DELAY=180 should be used initially. If all
NATURAL-SUB-TASKS are stopped, the ESY termination will be
continued without further delays.
The Entire System Server tasks access datasets and other resources as requested by the Natural user. To be able to do this for various users, the Entire System Server must run under BS2000 user ID TSOS. Users' access rights are checked by the Entire System Server in order to provide access to BS2000 objects in the same range as if working under TIAM. Therefore, the Natural user must identify himself to Entire System Server before any view can be accessed.
A logon operation must be performed, specifying the user's system
user ID and password. If SECURITY=BS2 was specified in startup
parameters, user ID and password are checked against the system's user
definition file (TSOSJOIN). If this validation is successful, the user ID will
from then on be used for future validations until it is changed by another
logon operation.
If the user attempts to access a view before logging on, Response
Code 510 (LOGON REQUIRED) is returned. However, if
the startup parameter AUTOLOG is set to
YES, an implicit logon is performed as part of the first user
request.
If the Natural user ID (BS2000 logon user ID for batch, or TIAM,
*USER for openUTM) is not defined in
BS2000, Response Code 510 (LOGON REQUIRED) is
returned. For Natural/UTM, TSOS is not allowed as
*USER and will be rejected.
The Entire System Server online tutorial contains a sample logon program that uses view NATPROC-LOGON.
The logon operation is not needed if Entire System Server is used in single-user mode.
If SECURITY=USER is specified in the startup
parameters, exit USERLSEC is called to check the user ID and
password as required at your site, and not against the system's user definition
file (TSOSJOIN). For a sample exit USERLSEC, see the
supplied Source Library.
If no security system interface is requested (startup parameter
SECURITY=NONE), no security check is performed: all logon attempts
will be successful. If in this case the Natural user ID is not defined in
BS2000, only functions which do not require a BS2000 user ID are available
(such as EVENTING).
This mode was introduced with ESY 3.6.1 and is more effective than
the Multi-User Mode. The ESYSERV task that has been started for
the requesting user runs with the same user ID. There is no need to perform
extra security checks. Access to Operating System resources is executed in the
related ESYSERV user task but not in a privileged TSOS task. This
simplifies the security requirements since all checks are done by the Operating
System itself. The ESYMAIN task sets following parameters if
SERVER-PER-USER=YES was specified:
AUTOLOG = NO
JOBENT = YES
SDF-P = NO
SECURITY = BS2
SERVER-DYN = NO
If the Siemens software product SECOS is installed at your site, please note that the Entire System Server must be authorized to access any object that any of its users should be able to access.
This means that the Entire System Server user ID (TSOS) has to be
defined in every access control list (ACL) of those objects. For SECOS V2 it is
sufficient to define the program ESYSERV from the Entire System
Server Module Library in any GUARD concerned, if GUARDs are used.
There is no need to apply extra security definitions for ESY. The
ESYSERV task runs with the user ID of the requesting user.
The Entire System Server can run without the UCON
interface. However, it is required if you wish to use views
SEND-MESSAGE or CONSOLE.
The UCON interface of Entire System Server is
activated by a separate task which opens a DCAM application and connects to
UCON ($CONSOLE).
To enable the UCON interface task to connect to
UCON, an authorization name must be defined for Entire System
Server in BS2000 generation and this name must be defined as BS2000 user ID.
This user ID, as well as the password defined for it must be specified as
parameter of program ESYCONS in the JCL to start the Console Task of Entire
System Server. (See also Step 8: Edit the Entire
System Server Jobs in the Installation for
BS2000 documentation.)
The user ID must be authorized to issue certain operator commands.
ESY does not require operator command authorization keys but the ESM monitors
do. Therefore, the user ID must be authorized to issue all operator commands
needed by the ESM monitors to support full functionality. For example, Entire
Output Management needs the authorization key of operator command
/CANCEL-JOB.
The required authorization keys for the UCON user ID
are listed in the documentation of the various ESM products.
If your application issues operator commands, the UCON
user ID must be authorized by the Administrator to execute that command.
With startup parameter CONACCESS, the use of
console functions can be restricted for all users on the respective node.
If WRITE is specified for CONACCESS, an
exit can be used to further restrict the use of the OP-CMD
function of the CONSOLE view. Whenever the CONSOLE
view is called with FUNCTION=OP-CMD, the USERCSEC
module in the Entire System Server User Module Library gets control (if it
exists). The caller's user ID, as well as the command string, is passed to the
exit as input parameters and the exit checks whether the user is authorized to
issue the command. If the user exit USERCSEC does not exist, all
operator commands are accepted.
For a sample exit USERCSEC, see the supplied Source
library. For a description of the CONACCESS
parameter, see the section Startup Parameters.
The SYSTEM-COMMAND view allows to issue a BS2000
command in a Natural program. The view passes the data to the macro command
language processor and returns the result to the calling Natural application.
An exit must be activated to restrict the use of system commands.
Whenever the SYSTEM-COMMAND view is called, the
USERSSEC module in the Entire System Server User Module Library
gets control (if it exists). The caller's user ID, as well as the command
string, are passed to the exit as input parameters and the exit checks whether
the user is authorized to issue the command. If user exit USERSSEC
does not exist, view SYSTEM-COMMAND is completely disabled.