Perform this task to set up the operating system security prerequisites
for a WebSphere Application Server for z/OS cell. This ensures that all servers
in the cell are using the same operating system security definitions.
Before you begin
Install the WebSphere Application Server for z/OS product code and
review the instructions for using the Customization Dialog. Have available
a copy of the worksheet that you completed as part of
Planning for security.
About this task
You must perform this task before configuring any application
serving environment that uses the security domain. If a new WebSphere Application
Server for z/OS cell or server on a z/OS system will use the exact same security
domain definitions as an existing server or cell on the same z/OS system,
you do not need to repeat this task.
You need to run the jobs generated
as part of this task once per security database. If z/OS systems do not share
a RACF or other security database, you are responsible for making sure identical
security definitions are in place for all WebSphere Application Server for
z/OS user IDs, groups, and profiles. See Preparing the security server (RACF) for more information.
Procedure
- Log on to TSO on the z/OS system on which you intend to configure
the security domain. Use a user ID that has READ access to the
WebSphere Application Server for z/OS product data sets.
- Start the Customization Dialog. See Starting the Customization Dialog for details.
- Choose the configuration data sets in which you will store your
customization jobs and data. See Choosing configuration data sets for details.
- Set the customization variables according to the values recorded
on your security domain worksheet. See Setting the customization variables: Security domain for details.
- Save the security domain customization variables in a data set
that you will use in later customization steps. See Saving the security domain variables for details.
- Create the customization jobs and files, based on the customization
variable values you entered. See Creating the customization jobs and files for details.
- Follow the generated customization instructions. See Following the generated customization instructions: Security domain for details, and a sample set of customization instructions.
Results
You have finished when you have successfully completed the steps in
the generated instructions. The security domain is in place on the chosen
z/OS system. If any z/OS systems that interoperate with or host your planned
application serving environment do not share the security database you updated
as part of this task, update the security databases of the other systems accordingly.
Note: In the case of SSL certificates, this might require transporting
certificates created on the initially configured z/OS system to the other
z/OS systems rather than creating new SSL certificates on each system.
What to do next
Proceed with the configuration of the application serving environments
that use this security domain.