Chapter 3. Operating NetView FTP V2.2.1 MVS - IBM

More documents

Recommendations

Info

Data Security NetView FTP V2.2.1 MVS allows effective use of: � System Authorization Facility (SAF) products � VSAM password protection � Pre-transfer user-exit facility. These security functions are described in the following. System Authorization Facility Note: NetView FTP V2.2.1 MVS does not use the direct interface with SAF products such as RACF, but uses the SAF MVS router interface via the RACROUTE macroinstruction. An SAF product, such as RACF, helps an MVS installation to control a user’s ability to use resources. It provides users with data set read and write authority on a user basis. The SAF product identifies a user by the USER parameter supplied in a job control JOB statement. The user may also be required to supply a password in the PASSWORD parameter in the JOB statement. Authorization for a Server: The SAF product regards the startup job for a server as it does for any batch job running under MVS. You can specify a user ID, password, and group ID under which the server accesses the data sets. Similarly, if you use a procedure to start a server, you can define the procedure and its scope of access rights to the SAF product. However, this is not recommended, as it allows any remote user to contact your server and to use the access authority that you give to the server to read and write to your system. As a solution to this problem, NetView FTP V2.2.1 MVS offers dynamic data security. Dynamic Data Security: Using the values of security parameters specified in the file transfer request, a server that is going to access a data set creates a temporary SAF environment. This SAF environment is established before the data set is allocated and opened. During the existence of the temporary SAF environment, NetView FTP V2.2.1 MVS processes the file under the authorization of the user ID specified in the security parameters of the file-transfer request. The server deletes this environment after it closes and then deallocates the data set. The effect is similar to specifying SAF parameters in a job control statement. However, with NetView FTP V2.2.1 MVS, you can create the data security environment dynamically and request the creation of the security environment from either system of the file transfer. Because a server can process up to 32 file transfers at the same time, it can also have up to 32 temporary SAF environments at the same time. If you have security parameters for the server startup job or procedure, the temporary SAF environment supersedes, for as long as it exists, the original environment that was created by the security parameters for the server startup job or procedure. When the temporary SAF environment is deleted, the original SAF environment is reestablished. 180 NetView FTP V2 MVS Installation, Operation, and Administration
This approach of creating a temporary SAF environment has the following advantages: � You can define new data sets to the SAF product using the authority of the user who created the receiving data set. � The servers themselves do not have to have access rights for the data sets that are involved in a transfer. This makes NetView FTP V2.2.1 MVS easier to install and protects it from misuse. NetView FTP V2.2.1 MVS uses the RACROUTE macroinstruction to create a temporary SAF environment. For the APPL parameter the RACROUTE macro supplies the string DVGFTP. This string is made available to installation exit routines. For more information on the RACROUTE macro refer to the following: � MVS/Extended Architecture System Programming Library: System Macros and Facilities, Volume 2 � MVS/Extended Architecture Supervisor Services and Macro Instructions. If you use NetView FTP V2.2.1 MVS’s dynamic data security function, you can specify, in the file-transfer request, a user ID, password, and a group ID security parameter for both the sending and the receiving data sets. Under certain circumstances NetView FTP V2.2.1 MVS automatically retrieves the request originator’s password and default connect group from the installed SAF product. NetView FTP V2.2.1 MVS uses either the specified or retrieved security parameter values to gain access to the data sets. The retrieved parameters can be used on the remote system, for instance if the request originator has identical user IDs and passwords on both systems. The NetView FTP Parameter Reference describes how to specify these parameters, and when NetView FTP V2.2.1 MVS automatically retrieves them. NetView FTP V2.2.1 MVS encrypts the passwords as soon as they are read in. This ensures that the passwords are encrypted before they are transferred across the network and are not visible in a dump. You can use the SECPAR server initialization parameter to specify whether or not the server automatically rejects all requests for which SAF security parameter values do not exist. Automatic rejection is the default value for SECPAR. The SECPAR server initialization parameter can be used to prevent requests being processed that do not contain security parameters. Additionally, this parameter controls whether or not the transfer program uses the request originator’s security parameters or the security parameters specified in the request. For further information on the SECPAR parameter, refer to Security Parameters on page 121. Note: In a request, you can specify xSECURP=‘*’ for the sending and the receiving system. This is useful if both the local and the remote system have the same SAF environment. The originator of the file-transfer request can give access authorization to the server. In this case, the server runs under the authorization of the user ID specified in the file-transfer request. Appendix A. Data Integrity and Data Security 181
Page 1:
NetView File Transfer Program Versi
Page 4 and 5:
Note! Before using this information
Page 6 and 7:
Verifying the Installation of the O
Page 8 and 9:
The ESTAE Recovery Routine of the Q
Page 10 and 11:
Events Issued by the SNA Server Onl
Page 12 and 13:
x NetView FTP V2 MVS Installation,
Page 14 and 15:
NetView FTP AIX NetView File Transf
Page 16 and 17:
2 NetView FTP V2 MVS Installation,
Page 18 and 19:
File-Transfer Requests You use NetV
Page 20 and 21:
The main NetView FTP MVS component,
Page 22 and 23:
7. After the queue handler finds a
Page 24 and 25:
17. The sending server passes the d
Page 26 and 27:
If an error occurred while processi
Page 28 and 29:
Page 30 and 31:
i. If you want to use NetView FTP V
Page 32 and 33:
Figure 9. NetView FTP V2.2.1 MVS Sa
Page 34 and 35:
MVS Link-Library List Library DVG.N
Page 36 and 37:
5. Submit the job DVGJSMPE. This jo
Page 38 and 39:
Gaining Access to the Interactive I
Page 40 and 41:
Preparing the OSI Part of NetView F
Page 42 and 43:
Verifying the Installation of NetVi
Page 44 and 45:
Installation Verification Test 1 In
Page 46 and 47:
Continue to submit the job until on
Page 48 and 49:
Query a NetView FTP V2.2.1 MVS File
Page 50 and 51:
When the job has finished, check th
Page 52 and 53:
When the job has finished, check th
Page 54 and 55:
7. Check the NetView FTP V2.2.1 MVS
Page 56 and 57:
Page 58 and 59:
� A repeatable operand is shown l
Page 60 and 61:
id This is an optional user-defined
Page 62 and 63:
SUB=subsystem The name of the subsy
Page 64 and 65:
Figure 37 shows an example of this
Page 66 and 67:
Displaying the Status of a Specific
Page 68 and 69:
REMOTE LU NAME The LU name of the r
Page 70 and 71:
Modifying a Server’s Classes You
Page 72 and 73:
With this MODIFY command the queue
Page 74 and 75:
All Servers An OSI server can only
Page 76 and 77:
� A name of up to eight character
Page 78 and 79:
Page 80 and 81:
Page 82 and 83:
DVGXRQ1 JOB (accn,n),'programmer-id
Page 84 and 85:
Avoiding Request Queue Overflows Re
Page 86 and 87:
Printing the NetView FTP V2.2.1 MVS
Page 88 and 89:
DVGXCR1 JOB (accn,n),'programmer-id
Page 90 and 91:
NAME The cluster name shown is a sa
Page 92 and 93:
Avoiding a Checkpoint Data Set Over
Page 94 and 95:
APPL name and ACBNAME Use these par
Page 96 and 97:
An example of what the entries can
Page 98 and 99:
Page 100 and 101:
The records must be at least 28 byt
Page 102 and 103:
Updating a Server Group Table � A
Page 104 and 105:
Page 106 and 107:
Filestore Nickname The name of the
Page 108 and 109:
Making Entries in the Local Resourc
Page 110 and 111:
DVGQHPRO Defines the LANG, SNAP, UD
Page 112 and 113:
DVGNDT Defines the data set that co
Page 114 and 115:
This name is used: � To identify
Page 116 and 117:
total Defines the total number of F
Page 118 and 119:
Sample Initialization Parameters fo
Page 120 and 121:
DVGSTSV Defines the procedure step
Page 122 and 123:
DVGREP Defines the file-transfer re
Page 124 and 125:
Batch Jobs to Start a Server You ca
Page 126 and 127:
The JCL statements for a batch job
Page 128 and 129:
Initialization Parameters for an SN
Page 130 and 131:
Server Running Mode Use the SRVMODE
Page 132 and 133:
If you specify a value for this par
Page 134 and 135:
►►──POSTCONV=name───
Page 136 and 137:
When processing a remote request (o
Page 138 and 139:
Example of Initialization Parameter
Page 140 and 141:
Local User Password Use the OIUSRPW
Page 142 and 143:
┌─3��─┐ ►►──OIR
Page 144 and 145: The library DVG.NFTP230.SDVGSAM0 co
Page 146 and 147: Special Considerations for Language
Page 148 and 149: 134 NetView FTP V2 MVS Installation
Page 150 and 151: Types of Traces There are three dif
Page 152 and 153: Module Groups for Traces The figure
Page 154 and 155: Tracing an SNA Server You can run a
Page 156 and 157: Figure 75 (Part 2 of 2). LU 6.2 Con
Page 158 and 159: Figure 81 (Part 2 of 2). Trace Grou
Page 160 and 161: TASK ID Identifier for the main tas
Page 162 and 163: ▌1▐ ��1747�� D7C9C4E2 6
Page 164 and 165: Figure 87. Frequency of Entering an
Page 166 and 167: Figure 98. Frequency of Entering an
Page 168 and 169: Error Situations in the Interactive
Page 170 and 171: The ESTAE Recovery Routine of the Q
Page 172 and 173: The ESTAE Recovery Routine of the S
Page 174 and 175: 9. The post-conversation user exit
Page 178 and 179: Initial Evaluation Messages Codes T
Page 180 and 181: The Internal Trace Facility NetView
Page 182 and 183: Identifying the Type-of-Failure Key
Page 184 and 185: PCSS/name The name parameter indica
Page 186 and 187: Search Strategy Figure 102 (Part 2
Page 188 and 189: Description of the Symptom Record T
Page 196 and 197: Synchronized SAF Environments: If S
Page 198 and 199: OSI/File Services filestore owners
Page 200 and 201: � Name of the receiving transfer
Page 202 and 203: Error Recovery for OSI Transfers OS
Page 204 and 205: � The RETRY file-transfer request
Page 206 and 207: If you request a restart from a che
Page 210 and 211: RLU SLU RDSN. Furthermore, new file
Page 212 and 213: Migrating NetView FTP V2.2.0 MVS to
Page 214 and 215: APPC Security 16 + 24 = 40 Addition
Page 216 and 217: Server Modules 1.1MB Automatic Area
Page 218 and 219: If any of the following apply to yo
Page 220 and 221: Therefore, the maximum RXB size is:
Page 224 and 225: TIMECR and BYTECR Server Initializa
Page 226 and 227: The OBTINTVL Server Initialization
Page 228 and 229: Rules for Defining Pacing Values in
Page 234 and 235: Queue Handler Log File The followin
Page 236 and 237: DVG�66I PROCESSING STARTED FOR RE
Page 238 and 239: Interpreting SMF Records If you wan
Page 240 and 241: Offsets Type Length Name Descriptio
Page 242 and 243: Offsets Type Length Name Descriptio
Page 244 and 245:
Offsets Type Length Name Descriptio
Page 246 and 247:
Page 248 and 249:
Page 250 and 251:
Page 252 and 253:
Page 254 and 255:
Page 256 and 257:
Page 258 and 259:
Page 260 and 261:
Page 262 and 263:
248 NetView FTP V2 MVS Installation
Page 264 and 265:
The Startup Parameter 2. Events iss
Page 266 and 267:
Keyword (Value) The event passes th
Page 268 and 269:
Request Queue Status This event ref
Page 270 and 271:
File-Transfer Request Added This ev
Page 272 and 273:
File Transfer Started This event is
Page 274 and 275:
Sample Log Files with NetView Event
Page 276 and 277:
Page 278 and 279:
Page 280 and 281:
system. It is used when a server ca
Page 282 and 283:
data set control block. A control b
Page 284 and 285:
independent LU. A logical unit (LU)
Page 286 and 287:
node. An endpoint in a link, or a j
Page 288 and 289:
equest password. A character string
Page 290 and 291:
System management facilities. An op
Page 292 and 293:
Page 294 and 295:
OS/VS Publications OS/VS SPL: Super
Page 296 and 297:
CDRM 81 CDRSC definition 81 changin
Page 298 and 299:
file (continued) handler 9 opening
Page 300 and 301:
LPA library 96, 107 LRD user name o
Page 302 and 303:
parameter (continued) SECACPT 81 SE
Page 304 and 305:
sending server, determining 9 seria
Page 306 and 307:
time checkpoint interval 117 TIMECR
Page 308:
Your comments, please ... SH12-5657
show all

Chapter 3. Operating NetView FTP V2.2.1 MVS - IBM

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?