Installing EntireX Security under z/VSE

This document covers the following topics:


Installing EntireX Security for Broker Kernel

This section describes the steps for installing EntireX Security for Broker kernel under z/VSE.

Step 1: Modify Broker Attribute File

  1. Insert the following parameter in the section DEFAULTS=BROKER of the Broker attribute file:

    SECURITY=YES
  2. Modify the SECURITY-PARMS parameter according to your requirements: see Security Solutions in EntireX.

Note:
Setting SECURITY=YES will load the provided PHASE module USRSEC from the EXX960 product sublibrary. This module will issue the IBM PRODID macro in order to obtain authorization to perform privileged operations, such as execute the RACROUTE.

Step 2: Configure IBM Basic Security Manager

The IBM Basic Security Manager must be installed and configured on your system in order to use EntireX Security. This allows EntireX Broker to perform authentication based on a user ID and password stored in BSM for all connected application components. See IBM documentation z/VSE Installation, z/VSE Administration and z/VSE Planning for complete details of IBM Basic Security Manager (BSM).

Note:
It is not necessary to activate the Basic Security Manager in batch.

Step 3: Define User Profiles for Basic Security Manager

See your IBM documentation for detailed instructions for defining user IDs for Basic Security Manager (BSM). The section Resource Definition with subsection Tailoring the Interactive Environment/Maintaining User Profiles provides a description of both online (ICCF) and batch utilities for adding user IDs. The online ICCF transaction for adding user IDs is shown below.

Required fields are shown in bold. If DAYS=0, the password will never expire.

Alternatively, you can use the batch program IESUPDCF. See your z/VSE documentation for details.

    __________________________________________________________________________________ 
   |                                                                                  |
   |  IESADMUPBA                ADD OR CHANGE USER PROFILE                            |
   |  Base     II       CICS     ResClass ICCF                                        |
   |                                                                                  |
   |  To CHANGE, alter any of the entries except the userid.                          |
   |                                                                                  |
   |    USERID............. ENDU       4 - 8 characters (4 characters for ICCF users) |
   |                                                                                  |
   |    INITIAL PASSWORD... ________   3 - 8 characters                               |
   |                                                                                  |
   |    DAYS............... 000        0-365 Number of days before password expires   |
   |    REVOKE DATE........ ________   Date when Userid will be revoked (mm/dd/yy)    |
   |                                                                                  |
   |    USER TYPE.......... 1          1=Administrator, 2=Programmer, 3=General       |
   |    INITIAL NAME....... IESEADM    Initial function performed at signon           |
   |    NAME TYPE.......... 2          1=Application, 2=Selection Panel               |
   |    SYNONYM MODEL...... ________   Userid to be used as model for synonyms        |
   |                                                                                  |
   |                                                                                  |
   |                                                                                  |
   |                                                                                  |
   |  PF1=HELP                    3=END                     5=UPDATE                  |
   |                 8=FORWARD                                                        |
   |                                                                                  |
   |                                                                                  |
   |__________________________________________________________________________________|

Step 4: Start / Restart Broker Kernel

This is needed to pick up changes to the Broker attribute file and to initialize Broker kernel under z/VSE as an authorized subsystem able to perform security checks.

Installation of EntireX Security for Broker kernel is now complete.

Setting up EntireX Security for Broker Stubs

This section describes the steps for installing EntireX Security for Broker stubs under z/VSE.

The delivered phases BKIMB.PHASE and BKIMC.PHASE are linked for use with internal security, which requires an application to use ACI version 8 or above. If you are running your application at ACI version 7 or below, the steps above are required to install EntireX Security for the Broker stubs in all environments where applications execute. These steps are not required if you are running your application at ACI version 8 or above.

Step 1: Relink the Stub Modules or your Application for Use with External Security

To enable external security, relink the stub modules BKIMB.PHASE, and BKIMC.PHASE (and your application if it does not dynamically load the stub).

Additionally include the following objects:

  • ETBUEVA

  • ETBUPRE

  • ETBVPRE

  • ETBVEVA

  • ETBENC

  • ETBTP

The following job control is delivered and may be used for relinking the various stub modules:

  • BKIMB.J

  • BKIMC.J

Additionally, a detailed description of how to link the stubs and your application can be found under Administering Broker Stubs under z/VSE.

Step 2: Rename SECUEXI0

Rename the phase SECUEXI0.PHASE in library EXX960 to SECUEXIT.PHASE.