Version 9.6
 —  Installing EntireX under BS2000/OSD  —

Installing EntireX Security under BS2000/OSD

This document covers the following topics:


Installing EntireX Security for Broker Kernel

This section describes the steps for installing EntireX Security for Broker kernel under BS2000/OSD. The installation procedure has the following steps:

Modify Broker Attribute File

Start of instruction setTo modify the Broker attribute file

  1. Insert the following parameter in the section DEFAULTS=BROKER of the Broker attribute file:

    SECURITY=YES
  2. Modify the DEFAULTS=SECURITY section of the Broker attribute file according to your requirements. These parameters are used to adjust the security settings. See Security-specific Attributes under Broker Attributes. Authorization checks are currently not available.

Note:
Setting SECURITY=YES will load the provided load module USRSEC from the EXX load library assigned by LINK-NAME ETBLIB. This module will perform privileged operations, such as executing the SRMUINF macro for various users, and requires Broker running under TSOS.

Start (Restart) Broker Kernel

The Broker must be restarted to pick up changes to the Broker attribute file and to initialize Broker kernel under BS2000/OSD to perform security checks.

Basic installation of EntireX Security for Broker kernel is now complete.

Top of page

Installing EntireX Security for Applications Using Broker Stubs

This section describes the steps for installing EntireX Security for Broker stub under BS2000/OSD.

Notes:

  1. If you are running your application(s) with ACI version 7 or below, the following steps are required to install EntireX Security for the Broker stubs in all environments where applications execute either as clients or servers.
  2. The mainframe stubs employ high performance direct cross-memory to send and receive data from buffers in the application's working storage. This is utilized for sending/receiving more than 32 KB of data. Therefore, when encryption is active, the application programmer must not rely on the contents of the SEND buffer after issuing the SEND command, because the contents of the SEND buffer will be encrypted when sending more than 32 KB of data. We recommend to code all applications so that you do not rely on the contents of the SEND buffer after calling Broker. This will be required in future versions (later than 8.1) for all SEND commands regardless of whether the data exceeds 32 KB. Therefore, the application's SEND buffer must not be in read-only memory, where encryption is activated.

These steps are not required if you are running your application(s) with ACI version 8 or above.

Link and Security Components

For applications running on BS2000/OSD using ACI 7 or below, the Broker stub security component NA2PETS must be linked with the stub BROKER. In addition, LLM SECUEXIT must be made available. The following steps are required:

Notes:

  1. These steps are needed for backward compatibility if your applications issue any commands using ACI version 7 or below. Applications using ACI version 8 or above do not require these additional components in the stub.
  2. For ACI version 7 or below, these components must be added to the stub environment utilized by the application.

Installation of EntireX Security for Broker stubs is now complete. Now you can install the security components for the Broker stubs on the remaining operating systems where your application components are located.

Top of page