Define CICS Configuration Manager system options

When the CICS® Configuration Manager server starts, it looks in the repository for a system options record. Among other data, this record specifies:

Before starting the server, you need to initialize the repository by creating this system options record and supplying initial values for the system options.

Edit and submit the JCL in the following member of the sample library SCCVSAMP:

CCVXSYSO
Defines system options.

The system options are represented in the member by the following parameters:

PackageApprovals
PackageAutoNumber
TransformRulesActive
SecurityActive
ObjectSecurityActive
AutoRemoveDeletedGroups
ExitPoints
You can specify the value of these system options as either Y (active) or N (inactive). If you omit one of these system options from the JCL, the default value is N. For a description of these system options, see Table 1.
SAFClass
ObjectSAFClass
The system authorization facility (SAF) resource class that you want to use for each type of CICS Configuration Manager security checking: for server API commands (SAFClass) and for resource definition keys (ObjectSAFClass).

Start of change XFACILIT is the default value for both of these system options. If you decide to use a different resource class, see Requirements for a resource class for security checking. End of change

Start of change The values of SAFClass and its related option SAFPrefix are only used when CICS Configuration Manager security checking for server API commands and CICS region security checking are both active (system option SecurityActive=Y and SIT parameter SEC=YES). End of change

Start of change The values of ObjectSAFClass and its related option ObjectSAFPrefix are only used when CICS Configuration Manager security checking for resource definition keys and CICS region security checking are both active (system option ObjectSecurityActive=Y and SIT parameter SEC=YES). End of change

Start of change For more information about CICS Configuration Manager security checking, see Restricting access to API commands and resource definitions. End of change

Start of change SAFPrefix End of change
Start of change The prefix that CICS Configuration Manager adds to the SAF resource keys (known as "security keys") for server API command security checking. The default value is CCVAPI.

For details on the format of these security keys, see Security keys for API commands.

End of change
Start of change ObjectSAFPrefix End of change
Start of change The prefix that CICS Configuration Manager adds to the security keys for resource definition key security checking. The default value is CCVRES.

For details on the format of these security keys, see Security keys for resource definitions.

End of change
CICSPlexMPname
(Required only if your system uses CICSPlex SM.)

The 1- to 8-character name of the local CMAS that manages the MAS in which the CICS Configuration Manager server runs. Typically, this CMAS would be a maintenance point (MP), but this is not a requirement. (For details on MP locations, see Location of maintenance point CMAS.)

This name must match the CICSPlex SM system parameter NAME of the local CMAS (specified in the extrapartition transient data queue COPR, ddname EYUPARM).

Furthermore, the CICSPlex SM system parameter CMASSYSID of the MAS must match the SYSID of the local CMAS.

The following figure illustrates these values and their relationships:

Figure 1. CICS Configuration Manager system option CICSPlexMPname must match EYUPARM NAME of local CMAS

The CICS Configuration Manager server uses this CMAS name to send requests to the CICSPlex SM API.

If these values are inconsistent, then, when CICS Configuration Manager attempts to send a CICSPlex API request to the CMAS, CICSPlex SM responds with an exception: return code 1028 (INVALIDPARM), reason code 1282 (CONTEXT).

UnauthenticatedPortNumber
UnauthenticatedPortName
AuthenticatedPortNumber
AuthenticatedPortName
SSLPortNumber
SSLPortName
The CICS Configuration Manager server can listen for clients on three types of TCP/IP port:
  • Unauthenticated and unencrypted
  • Authenticated and unencrypted
  • Authenticated and encrypted using the secure sockets layer (SSL)
You can define up to three ports, one of each type, but you must specify at least one port. You determine which ports the CICS Configuration Manager server listens to by specifying the port numbers in this JCL. Typically, you select which type of port you want to use, and define a single port number for that type. However, you might have reasons for using more than one type of port. For details on the level of security offered by each port, see Authenticating the client user.

If you decide not to specify a particular port type, then delete the associated parameters from the JCL.

You cannot share port numbers between port types. Ask your network administrator for spare port numbers that you can allocate to CICS Configuration Manager.

The port "names" are the names of the TCPIPSERVICE resource definitions that the CICS Configuration Manager server dynamically defines for each port when the server initializes. (You do not need to define these resource definitions statically in the CSD file.) The default names for the unauthenticated, authenticated, and SSL ports are CCVNONE, CCVBASIC, and CCVSSL, respectively. If you specify a port number without a name, then the port is defined with the default name. However, if you specify a port name without a number, then the name is ignored, and the port is not defined.

ServerIPAddress
The IP address of the host system, as defined in its TCP/IP profile. You must specify this address as one of the following:
  • An IP address in dotted decimal form (nnn.nnn.nnn.nnn where nnn is 0255)
  • The literal string INADDR_ANY (for details, see the description of the IPADDRESS attribute of the TCPIPSERVICE resource definition in CICS Transaction Server for z/OS®: CICS Resource Definition Guide)

Proxy servers not supported: You might not be able to connect to a CICS Configuration Manager server via a proxy server.

Changing system options after installation

To change the system options for the CICS Configuration Manager server IP address, ports, or CICSPlex SM MP name after installing CICS Configuration Manager:

  1. Create a copy of the sample JCL member CCVXSYSO.
  2. Edit the copy so that it no longer affects the journal, as follows:
    1. Edit the JCL so that it no longer deletes and then re-creates the journal: either remove the DELETE and CREATE steps, or add RESTART=PRIME1 to the job card (to skip those steps).
    2. In step PRIME1, change the line that begins //JNL DD to //JNL DD DUMMY
    3. Remove step PRIME2.
  3. Issue the following CICS command to close the CICS Configuration Manager repository file, so that it is available to the batch process in the next step:
    CEMT SET FILE(CCVDDD) CLO
  4. Submit the edited copy of the JCL.

    Running this job overwrites all CICS Configuration Manager system options, not just the system options for the parameters that you specify in the job. If you re-run this job, specify all parameters again, not just the ones you want to change. Before re-running the job, use CICS Configuration Manager ISPF dialog option 1.1 System Options to view current system option values.

  5. Run the CICS Configuration Manager server initialization program CCVINIT to re-initialize the CICS Configuration Manager server, so that it uses the latest system options in the repository. For details, see Start the CICS Configuration Manager server.
    Tip: To run program CCVIINIT, invoke the transaction CCVI on the command line of a CICS terminal.

To change all other system options, you can use the CICS Configuration Manager ISPF dialog option 1.1 System Options.


Information Information

Feedback


Timestamp icon Last updated: Friday, 7 February 2014


http://pic.dhe.ibm.com/infocenter/cicsts/v5r1/topic///ccv-install-system-options.htm