Document Number SC31-6908-01
Trident Services and E.S.A. Software makes no warranty of any kind, expressed or implied, with regard to the programs or documentation. Trident Services and E.S.A. Software shall not be liable in any event for incidental or consequent damages in connection with or arising out of the furnishing, performance, or use of these programs.
Information in this manual is subject to change without notice and does not represent a commitment on the part of the vendor. The software described in this manual is furnished under a license agreement, and may be used or copied only in accordance with the terms of that agreement.
IBM Operating System Environment Manager (OSEM) for z/OS. Licensed materials - Property of IBM. 5799-HAX
(c) Copyright IBM Corp 2007. All rights reserved.
(c) Copyright E.S.A. Software 1990-2007. All rights reserved.
No parts of this publication may be copied or distributed, transmitted, transcribed, stored in a retrieval system, translated into any human or computer language, or disclosed to third parties without the express written permission of IBM Corp or E.S.A. Software.
The following are trademarks of IBM Corp:
The following are trademarks of Computer Associates International:
Second Edition (February 2006)
Revised 6 Jan 2008
This edition applies to Operating System Environment Manager for z/OS (OSEM for z/OS) Version 6 Release 1 Modification 0 (Program Number 5799-HAX).
OS/EM External Security Profiles Summary
This section provides a list of important topics, which you will need to consider prior to installing OS/EM. The intent is to assist you in assessing the impact, if any, that OS/EM will have on your installation.
An OS/EM authorization code must be obtained for each processor complex on which the product is intended to operate. OS/EM will not execute without a valid authorization code.
The authorization code is based on the unique CPU serial number and can be obtained by supplying the serial number(s) to your OS/EM sales account manager.
The CPU serial number can be obtained by entering the following command on an MVS master console:
D M=CPU IEE174I 12.42.25 DISPLAY M 618 PROCESSOR STATUS ID CPU SERIAL 0 + 0114BA3746 1 + 1114BA3746 2 + 2114BA3746 CPC ND = 009672.R31.IBM.02.000000052227 CPC ID = 00 + ONLINE - OFFLINE . DOES NOT EXIST CPC ND CENTRAL PROCESSING COMPLEX NODE DESCRIPTOR CPC ID CENTRAL PROCESSING COMPLEX IDENTIFIER
In this sample display, the serial number of ID 0 is '0114BA'. The last 4 characters are the CPU model number. OS/EM uses the last 4 characters of the serial number, in this case '14BA'.
Every user exit currently in use at your installation should be thoroughly documented as to its use and the location of both source and load members. All such exits should be functioning properly and should not modify any control blocks not specifically allowed at the exit point. Further, your exits should do nothing more than what is explicitly allowed in the relevant IBM documentation.
If any of these exits can be replaced by using OS/EM's optional facilities, determine if the optional facilities meet all your needs. If your exits contain more functions than those supplied by OS/EM, consider recoding your exits leaving only those functions not supplied by OS/EM.
You will also need to determine at what point you want the optional OS/EM functions to be invoked, either before your own exits or after all your exits have been processed. It is entirely possible that a conflict can develop between your own exits and the optional functions. For example, the optional functions supplied for IKJEFF10 modify the JOB statement. If your IKJEFF10 exit depends on certain information in a certain format on the JOB statement, the OS/EM optional processing might result in a different result for your exit.
In order to use the RELOAD function provided in the ISPF Interface, all user exits need to be defined to the Interface using the Basic Exits Functions. Although OS/EM will automatically find and load all user exits which have the standard IBM module names and are in the Linklist whether or not they have been defined to the Interface, the list of modules eligible to be reloaded is built from your entries in the Basic Exits Functions. If you prefer not to enter this information, refer to the "Reload Exits" section of the OS/EM User's Guide for instructions on reloading modules manually.
Note: This information will be added automatically to the interface during the upgrade process or during the 'REBUILD' function from the 'MAINTENANCE' section of the interface.
Many products, such as job schedulers and SYSOUT archival systems, depend on exits to accomplish their work. You should know at which exit points these supplied exits are invoked, and where they currently reside.
Many of these products also require the same exit point. You should determine in what order they should be invoked if OS/EM is to load and enable them.
The OS/EM optional feature Job Routing allows an installation to route jobs to specific LPARs within a MAS. The Job Routing Resource Communications dataset must be on DASD shared by each LPAR within the MAS. Additionally the Job Routing function must be enabled on each LPAR within a MAS concurrently. Failure to do so will result in jobs not being allowed to execute on LPARs where Job Routing is active if they have been through the interpreter on a LPAR without Job Routing. Conversely, LPARs within the MAS without Job Routing active may select jobs for execution without the specified resources.
Note For Users Upgrading From OS/EM 5.6 Or Earlier:
OS/EM Version 6 increases the number of resources that can be defined and, as a result, the maximum record size for the Job Routing Resource dataset has been increased. Existing users should consider redefining the Resource dataset to take advantage of this enhancement. Refer to Installation Step 19.
At installations where it is not permissible for a 3rd party product to manage RACF user exits, you may specify to OS/EM to use SAF as the security system in use (see Step 5 of the installation instructions.) This will disable OS/EM from managing RACF exits as well as disallowing use of any OS/EM features for RACF such as Surrogate Password Control, while still allowing calls to RACF for validation of other controls such as JOBCLASSCHECK (see Step 4 of the installation instructions.)
If your installation does not currently have a consistent dataset naming convention, one should be developed to make full use of the OS/EM DASD allocation built-in facility. At a minimum, the naming convention should be able to distinguish between production and test datasets. Ideally, your convention should be able to segregate the various types of datasets in your installation, datasets used primarily for online applications, those datasets used primarily for batch, etc.
Think in terms of classes of data. That is, you might have datasets used for online applications. These datasets should be allocated for the least amount of volume, channel, and control unit contention. Such datasets would constitute a class in OS/EM terms, a dataset name group.
To ensure that these dataset name groups get the processing you want them to have, volumes should be pooled. If you have volumes that have multiple physical and logical paths, these volumes should be reserved for those datasets that have critical access requirements for online datasets. By listing these volumes in a particular OS/EM volume group and designating the proper dataset name group to this volume group, you can ensure that all such datasets will be properly allocated.
If your installation has an existing dataset naming convention, determine if an adequate number of dataset name groups can be created to accomplish your allocation goals. You may find that, without too much re-working of your existing convention, you can group datasets in a satisfactory manner.
OS/EM can also be of benefit in migrating to a new dataset naming convention. You can define a couple of dataset name groups representing a subset of the new convention, establish one or two volume groups for these dataset name groups, and as you allocate datasets under the new names, they will be placed on these reserved volumes. Once volumes are free of datasets under the old names, they can then be used to establish new volume groups with dataset name groups representing another subset of the new convention. Migration can then be done in small, easy steps.
Remember, OS/EM DASD allocation neither imposes, nor demands, any specific naming convention. OS/EM dataset name groups can consist entirely of discrete dataset names. However, maintenance of such dataset name groups would be problematic. And, without some means of functionally grouping datasets, your allocation rules would be very general at best and may not achieve the desired results.
Most likely your installation already has rules concerning the use of tape devices by test jobs. These may be codified in some standards manual; or an informal set of rules, sometimes enforced by operators when there are not enough tape devices to go around. Whatever the rules, you should give some thought as to how you want to implement this OS/EM function. Remember, this function is intended primarily as a means to enforce your installation's standards concerning tape usage by test jobs. The wrong MAXTAPE value applied to a production job class would certainly not win you any friends in your operations group.
Also remember that tape devices are counted as allocation proceeds; therefore, jobs may cancel that did not cancel before (due to the job getting the devices, and possibly forcing other production jobs to wait until the devices are deallocated). You should give thought to running this function in WARN mode so that violations will be apparent to users before their jobs start canceling.
Determine which users, if any, will be allowed to submit operating system and JES2 commands in JCL. The simplest approach would be to severely limit this ability, say to a few system programmers, and RACF define resources COMMAND.* and JES2.* only; and only permit the appropriate userids. However, if you have other requirements, just ensure that the appropriate resource definitions are in place before invoking this function.
See "Step 4: Define Security" and "OS/EM External Security Profiles Summary" for more information regarding command security profiles.
Many OS/EM optional functions may be applied on a job class basis. This means that your installation should have a well-defined set of rules for job class usage. Any rules you develop should account for the following:
However, you should have at least one class reserved for those production jobs that consume excessive resources and single-thread such jobs through this class. We also recommend that you reserve one production class for those jobs that absolutely need to be executed when they are submitted. Such jobs would be the SMF dump job; and, if your CICS journal is on disk, the job that dumps a full disk journal to tape.
Some of the optional OS/EM control functions allow you to check that a specified job class is valid for the job. These classes must be defined to your security system using the classname FACILITY (or IBMFAC for CA-TOPSECRET) and resource JOBCLASS.x where x is the desired class. For RACF users, if the resource is not defined, OS/EM will by default allow access to the resource. CA-ACF2 users must define the appropriate JOBCLASS.x or JOBCLASS.* profiles otherwise jobs will fail.
See "Step 4: Define Security" for more information regarding job class security.
The optional OS/EM IEFUSI function is applied based on the weight assigned to each selection criteria type: program name, job class or job name. Before applying storage limits, determine, at the very least, your installation's use of job classes. If, for example, you start CICS as a job, you would not want to specify the CICS job class with the wrong storage limits. In this case, it would be better to specify DFHSIP as a program name and assign it to a REGION keyword with the appropriate limits.
When using SMF exit IEFU83, including the OS/EM extended function Catalog Account Control, it is possible that SVC dumps will be produced for S71A abends. These abends are normally suppressed by the Catalog Address Space where they occur, but when CAS is called by IEFU83 a dump may be produced as OS/EM's SMF Controller may detect the abend. The same problem may be encountered without OS/EM as the SMF ESTAE routine IEEMB830 would then detect the abend.
IBM recommends that you set a SLIP trap in IEASLP00 in SYS1.PARMLIB to suppress the dump. An example for ABEND71A is:
SLIP SET,C=71A,ID=X71A,A=NODUMP,END
This information is documented in IBM APAR OW13864.
OS/EM should be operational on all members of a Multi-Access Spool (MAS) environment. However, if this is not immediately possible due to operational or change control considerations, the following rules must be followed:
If these conditions are not met, jobs may remain in the input queue indefinitely. This due to incompatibilities between the JCL conversion and job selection processes between the OS/EM and non-OS/EM systems. Under those circumstances, job selection will occur on the following basis:
It is recommended that no OS/EM Extended Functions are enabled until all systems in the MAS are running OS/EM. This will ensure that jobs are processed in a consistent manner regardless of which system performs the JCL conversion and job selection.
OS/EM version 6 can coexist with other systems that share the same Multi-Access Spool configuration (MAS) that operate OS/EM version 5.6 (OS/EM 5.5 & and earlier cannot coexist with Version 6). Users must ensure that all version 5.6 systems are at the most current maintenance level (contact OS/EM support to ensure that this is the case prior to activating version 6).
It should be noted, however, that functionality new to version 6 will not work or will produce unpredictable results unless all systems on the MAS operate with version 6. These functional components are:
OS/EM 6.1 introduces new three byte prefixes for all OS/EM load modules, ISPF resources (panels, skeletons, tables), REXX procedures, messages, etc. The old prefix OS$ is replaced by FEM. For load modules that support ESA/390 architecture (i.e. 31-bit addressing), the prefix OS@ is replaced by FEN.
Note For ESA/390 Architecture Users:
There is no requirement for users to explicitly specify FENxxxxx module names in any installation definitions or commands. OS/EM will automatically load these modules if it detects that it is running in an ESA/390 environment.
Every effort has been made to make this change as transparent as possible, however this change does affect the user in the following areas:
OS/EM is distributed as a pre-built SMP/E environment. The installation process is performed through an ISPF dialogue that guides the user to:
Additional installation steps involve setting up system environment and other related subsystems (e.g. RACF, DFSMShsm) to support OS/EM operation.
Some changes to the system PARMLIB will be required to enable OS/EM operation.
Very Important:
This section identifies the system requirements for installing and running OS/EM.
OS/EM is distributed via CD. This CD contains a binary distribution file named HOSM610.DIST.PACK. As the name implies, the data is in the packed (or 'TERSED') format using the TRSMAIN utility. Users who do not have the TRSMAIN utility installed on their system can obtain it from the IBM Technical Support website:
http://techsupport.services.ibm.com/390/trsmain.html
Download the distribution file into a sequential dataset with the following attributes:
RECFM=FB,LRECL=1024,BLKSIZE=6144,SPACE=(CYL,(30,5))
The distribution dataset contains a pre-built SMP/E environment which is loaded into the pre-allocated datasets. An ISPF dialogue is provided to guide the user through the installation process (this is similar to a ServerPac installation procedure). Follow these instructions carefully to avoid errors when attempting to load the SMP/E environment.
The Installation Library contains the ISPF dialogue and JCL skeletons that are used to define and load all the OS/EM datasets. Extract the Installation Library using the following JCL:
//jobname JOB (acct info),'name',CLASS=A,MSGCLASS=X //* //UNPKDIST EXEC PGM=TRSMAIN,PARM=UNPACK //SYSPRINT DD SYSOUT=* //INFILE DD DSN=osem.dist.dataset,DISP=OLD //OUTFILE DD DSN=&&PDS,DISP=(NEW,PASS), // UNIT=SYSDA,SPACE=(CYL,(15,30,15),RLSE) //* //EXTRPREP EXEC PGM=TRSMAIN,PARM=UNPACK //SYSPRINT DD SYSOUT=* //INFILE DD DSN=&&PDS(PREP),DISP=(OLD,DELETE) //OUTFILE DD DSN=hlq.OSEM.PREP,DISP=(,CATLG,DELETE), // UNIT=SYSDA,SPACE=(27920,(20,15,15),RLSE), // VOL=SER=SYS000
Execute the Installation Dialog by entering the following TSO command:
ex 'hlq.OSEM.PREP(FEMINST)' 'hlq.OSEM.PREP'
Ensure that dataset names specified in the above command is the same that was used in installation step 1.
The following menu will be displayed:
Figure 1. OS/EM Installation Menu
|
The pre-built OS/EM SMP/E environment is loaded by executing the selection items in the main menu in sequence.
The first panel defines variables for the SMP/E environment.
Figure 2. OS/EM Installation Variables
|
Notes:
If these fields are left blank, the Executable Library name specifications will be used for the OS/EM LINKLIB.
Pressing PF3 will display the OS/EM Required System Libraries panel.
Figure 3. OS/EM Required System Libraries
|
Define the installation dataset and supporting system libraries.
Notes:
MVS Macros | This is the system macro library (normally named SYS1.MACLIB). |
MVS MODGEN | This is the SYSGEN or module generation macro library (normally named SYS1.MODGEN). |
TCPIP Macros | This is the TCPIP macro library (normally named TCPIP.SEZACMAC). |
JES2 Macros | This is the JES2 macro library (normally named SYS1.SHASMAC). |
JES2 Source | This is the JES2 source library (normally named SYS1.SHASSRC). |
JES2 Load | This is the JES2 link or load library. Depending on the release level of JES2, the library is normally named SYS1.SHASLINK or named SYS1.SHASLNKE). |
JES3 Macros | This is the JES3 macro library (normally named SYS1.SIATMAC). |
The Unit and Volser fields are not required if the dataset is cataloged. The information may be necessary if the product is being installed on a new SYSRES volume (i.e. not the current SYSRES).
Figure 4. Verify/Change OS/EM Datasets
|
| blank | The dataset name is defined via the standards defined by the installation variables. |
| C | The dataset name has been changed through this panel. |
| F | The dataset name is not defined by the installation variables, but is explicitly defined during installation and/or maintenance. |
Subsequent installation steps will submit jobs. For each job that will be submitted, the following panel will be displayed:
Figure 5. OS/EM Installation Job Submission
|
Alter the JOB statement to meet your installation's standards and then select option 1 to submit the job. You may browse or edit the JCL prior to submission using options 2 and 3.
Note :
These three allocation jobs will delete any existing datasets with the defined naming standards prior to allocating the new datasets.
The following panel will be presented:
Figure 6. SMP/E Functions Menu
|
Enter the fully qualified name of the packed cumulative maintenance dataset and the HOLDDATA dataset. Do not use quotes. All other required datasets (i.e. the load library that has the TRSMAIN utility and the SMP/E CSI) are defined in the installation variables.
The job should complete with a return code of zero. For more information regarding the RECEIVE process or for any problem determination procedures, consult the relevant IBM SMP/E references.
The following panel will be presented:
Figure 7. SMP/E APPLY Maintenance
|
Select the desired APPLY function and the BYPASS option. It is recommended that an APPLY CHECK is run prior to the APPLY to insure all requisites and HOLD requirements are satisfied.
All required datasets are defined in the installation variables.
The job should complete with a return code of zero (or four if HOLDs are present and have been bypassed). For more information regarding the APPLY process, the CHECK and BYPASS options, or for any problem determination procedures, consult the relevant IBM SMP/E references.
VERY IMPORTANT
Once all installation steps have been completed, terminate the dialogue by pressing PF3.
OS/EM 6.1 provides new security functions and additional controls within existing functions. Existing OS/EM users should review this section carefully to ensure that all necessary security resources are defined.
A number of OS/EM optional functions can be controlled through your installation's security system (RACF, CA-TOPSECRET or CA-ACF2). These functions include:
If you intend to use these functions, the proper definitions must be in place before OS/EM can enforce the use of these resources.
Refer to "OS/EM External Security Profiles Summary" for a list of external security resources that are used for these functions.
Refer to the OS/EM User Guide for controlling these functions.
When Job Class Checking is enabled (OS/EM JCL Controls), external security will be checked for user authority to use the specified job class. Job class resources take the form JOBCLASS.x where x is the desired job class. Users must have at least READ access to the resource. For example, if JOBCLASSCHECKING is active and a user wishes to submit a job to run with CLASS=A, then they must be permitted access to the resource JOBCLASS.A.
A generic profile (JOBCLASS.*) can be defined to include all job classes.
JOBCLASS resource profiles are defined in the FACILITY class (CA-TOPSECRET users will use the IBMFAC class).
Note:
OS/EM JCL Controls allow JCL & SYSOUT parameters to be secured through external security.
The user can specify the resource class and profile names to be used when validating the JCL & SYSOUT parameters. If these are not specified, the default class is FACILITY (IBMFAC for CA-TOPSECRET) and the JCL & SYSOUT parameter resources take the form JCL.parameter.value.
For example, to control the use of JCL parameter PRTY=15, you would define the resource JCL.PRTY.15 and provide READ authority to the appropriate users (the OS/EM PRTY JCL Controls will need to be enabled and defined to use the security system).
Important Notes:
Operating System and JES2 Command Controls (found in the Job Controls selection menu) provides security for commands being issued from jobs. When enabled, JCL is checked when it is being submitted from TSO for any operating system and/or JES2 command statements and external security is checked for authorization to issue these commands.
The FACILITY class (or IBMFAC) resource takes the form COMMAND.cmd for operating system commands, and JES2.$cmd for JES2 commands. Users must have at least READ access to the resource to be authorized to issue the command.
For operating system commands, cmd is the long form of the command. For example, COMMAND.MOUNT would be specified as the resource name for establishing authority to issue MVS MOUNT commands (do not code COMMAND.M).
For JES2 commands, cmd is the single-character command (e.g. JES2.$T). There are four exceptions to this rule:
Generic profiles may be defined to include all commands (i.e. COMMAND.* and JES2.*). These resources are useful when you want to restrict the authority to issue certain commands via submitted JCL, but some users should not be restricted. Use of these resources will mean that each and every command does not have to be defined.
Note:
Refer to the OS/EM User Guide for more information regarding this facility.
OS/EM provides additional JES2 commands for displaying 1 controlling job status and the Job Routing functions. Use of these commands can be controlled through external security. For a list of the commands and the associated resources refer to "OS/EM JES2 Command Checking".
Important Note:
ACF2 users must have these resources defined otherwise the commands will fail.
The use of the FEMCNTL command can be controlled via the external security system. The class is FACILITY|IBMFAC and the resource is FEMCNTL.sysid.function, where sysid is the four character SMF id of the system, and function is one of the following:
A generic resource FEMCNTL.sysid.* can be used to permit all FEMCNTL functions. READ access to this profile or the other profiles listed above is sufficient to authorize use of the appropriate FEMCNTL function.
Usage Notes:
If a particular FEMCNTL function is executed and there is no resource profile defined for that function (and there is no generic profile), OS/EM will issue the warning message FEMATH047 to indicate that the function is not protected. The execution of the command will continue normally.
OS/EM 6.1 introduces new three byte prefixes for all OS/EM load modules, ISPF resources (panels, skeletons, tables), CLISTs, REXX procedures, messages, etc. The old prefix OS$ is replaced by FEM. Every effort has been made to make this change as transparent as possible, however this change does affect the security resources that are used to secure the OS/EM system control command (FEMCNTL). Users who currently secure this function must ensure that new FACILITY|IBMFAC resources are defined to their security system. The old resource name OS$CNTL.sysid.function is replaced by FEMCNTL.sysid.function. The simplest approach to achieve this is to make copies of the existing resources. For example:
RDEFINE FACILITY FEMCNTL.sysid.ALLOC -
FROM(OS$CNTL.sysid.ALLOC) FCLASS(FACILITY)
If a generic profile is being used, then the RACF command would be:
RDEFINE FACILITY FEMCNTL.sysid.* -
FROM(OS$CNTL.sysid.*) FCLASS(FACILITY) FGENERIC
Notes:
OS/EM ISPF dialog functions can be controlled via the external security system. Discrete and/or generic profiles can be defined to control access to individual functions and/or functional groups. Profiles (FACILITY | IBMFAC class) have the following name structure:
OSEM.sysid.ADMIN.function
where
sysid is the SMF system name (SID parameter in the SMFPRMxx PARMLIB member)
function is the explicit or generic function name
Refer to "ISPF Admin Dialog Security" for a list of administration function names.
Usage Notes:
CA-ACF2 users must define the following commands as authorized TSO commands:
FEMCNTL
FEMCKSEC
FEMLIB
Note :
All users upgrading from prior versions of OS/EM must perform this step because the subsystem initialization module is changed (and the subsystem name is changed for users upgrading from 5.x or earlier).
OS/EM runs as a MVS subsystem. Therefore, the subsystem name must be defined. Edit your SYS1.PARMLIB member IEFSSNxx to add OSEM as the subsystem name. The member IEFSSN61 in the OS/EM SAMPLIB can be copied into your current IEFSSN member in SYS1.PARMLIB or copy IEFSSN61 into SYS1.PARMLIB and update the IEASYSxx SSN= parameter (e.g. SSN=(00,61) ).
Notes:
SUBSYS SUBNAME(OSEM)
INITRTN(FEMIPL)
INITPARM('subs,MSG=x,SVC=nnn,SEC=yyyy,CLASS=zzzzzzzz,SMF=xx')
,SMF=(xx,yyy)')
,SMF=(,yyy)')
OSEM is the sub-system name, FEMIPL is the execution module that establishes the OS/EM environment.
The additional entries are the initialization parameters that are
The INITPARM string is passed to the subsystem initialization routine. This string contains the following parameters:
subs | The OS/EM Job Entry Subsystem to control
|
x | The message support required during OS/EM Sub-system initialization
|
nnn | The SVC number you want OS/EM to use with JES3 only. If you omit this parameter (SVC=nnn), as in the example, OS/EM starts scanning for an available SVC number and will use the first available number. The OS/EM scan starts at SVC number 255 and works backwards. |
yyyy | Defines the security system installed at your installation. You must code this operand, along with the CLASS parameter, if you intend to use any of the OS/EM functions that depend on security system definitions.
|
zzzzzzzz | Resource class for authorization checking |
xx | Suffix of SMFPRM member to be invoked after FEMIPL executes |
yyy | SMF number to use for audit records. Note: See SMF Record Format in the appendix for the format of these SMF records. |
The OSEM procedure is automatically invoked by the OS/EM subsystem initialization. This procedure initializes the OS/EM environment.
The SAMPLIB member OSEM contains a sample procedure. Copy this member into a PROCLIB pointed to by your Master Scheduler JCL and update it to reflect your dataset naming.
//OSEM PROC PROG=OS$INIT <=== SEE NOTES BELOW //* //*-------------------------------------------------------------------* //* OS/EM SUBSYSTEM INITIALIZATION PROC //* //* THIS PROC MUST BE IN A PROCLIB REFERENCED BY THE MASTER //* SUBSYSTEM - USUALLY SYS1.PROCLIB - CHECK YOUR MSTJCL00 //*-------------------------------------------------------------------* //* //* COMBINED OSEM PROC FOR OS/EM V6.X RELEASES //* //*-------------------------------------------------------------------* //* BEGINNING WITH OS/EM 6.1 THIS PROC HAS THE SYMBOLIC PARAMETER //* 'PROG'. WHEN STARTING THE PROC MANUALLY YOU MUST ENSURE THAT YOU //* SPECIFY IT IF YOU ARE RUNNING OS/EM 6.1 OR ABOVE. ENTER: //* 'S OSEM,PROG=FEMINIT'. THE PROG PARAMETER DOES NOT NEED TO BE //* ENTERED ON OS/EM VERSION 6.0 AS THE DEFAULT VALUE IS OS$INIT. //* YOU MAY ENTER THE COMMAND AS 'S OSEM,PROG=FEMINIT,SUB=MSTR' WHICH //* WILL ALLOW THE PROC TO EXECUTE EVEN IF JES2 IS INACTIVE. //* //* THE ONLY TWO VALID VALUES FOR THE PROG PARAMETER ARE: //* OS$INIT - OS/EM VERSION 6.0 //* FEMINIT - OS/EM VERSION 6.1 AND ABOVE //*-------------------------------------------------------------------* //* HOW THIS PROC SUPPORTS MULTIPLE VERSIONS OF OS/EM: //* //* OS/EM NOW SHIPS WITH THE LOAD MODULE FEMSIDCK WHICH HAS AN ALIAS OF //* OS$SIDCK WHICH WAS SHIPPED IN PRIOR RELEASES OF OS/EM. IN VERSION //* 6.1 THIS PROGRAM LOOKS FOR A PARM VALUE OF FEMINIT. IF THE PARM //* MATCHES IT ENDS WITH A RETURN CODE OF '0' ALLOWING THE FEMINIT //* STEP TO EXECUTE. IF THE PARM RESOLVES TO OS$INIT AS IT WOULD FOR //* AN OLDER RELEASE OF OS/EM IT WILL END WITH A RETURN CODE OF '4' //* WHICH WILL CAUSE STEP FEMINIT TO BE BYPASSED AND INSTEAD EXECUTE //* THE STEP OS$INIT. //* //* AS THE OS/EM COMMAND PROCESSOR HAS BEEN RENAMED YOU CAN NOT USE //* THE SAME PARMLIB FOR VERSION 6.1 AND PRIOR RELEASES. //* //*-------------------------------------------------------------------* //* CHANGE LOG: //* UK00500 09/09/06 UPDATED COMMENTS //* UK00503 09/14/06 UPDATED COMMENTS //* //* //*-------------------------------------------------------------------*
//VER61 EXEC PGM=OS$SIDCK,PARM=&PROG,TIME=(0,15) // IF VER61.RC = 0 THEN //* //* OS/EM V6.1 RUNNING ON THIS SYSTEM //* //FEMINIT EXEC PGM=&PROG,TIME=(0,45) //SYSTSPRT DD DISP=OLD,DSN=SYS1.OSEM.VER61.IPL.REPORT //SYSMDUMP DD DISP=OLD,DSN=SYS1.OSEM.VER61.DUMP //SYSTSIN DD DSN=SYS1.OSEM.VER61.PARMLIB(TIME),DISP=SHR // DD DSN=SYS1.OSEM.VER61.PARMLIB(CODEINIT),DISP=SHR // DD DSN=SYS1.OSEM.VER61.PARMLIB(JES2INIT),DISP=SHR // DD DSN=SYS1.OSEM.VER61.PARMLIB(JES3INIT),DISP=SHR // DD DSN=SYS1.OSEM.VER61.PARMLIB(MVSINIT),DISP=SHR // DD DSN=SYS1.OSEM.VER61.PARMLIB(DASDINIT),DISP=SHR // DD DSN=SYS1.OSEM.VER61.PARMLIB(DSNINIT),DISP=SHR // DD DSN=SYS1.OSEM.VER61.PARMLIB(HSMINIT),DISP=SHR // DD DSN=SYS1.OSEM.VER61.PARMLIB(JCLINIT),DISP=SHR // DD DSN=SYS1.OSEM.VER61.PARMLIB(JOBINIT),DISP=SHR // DD DSN=SYS1.OSEM.VER61.PARMLIB(JOBRINIT),DISP=SHR // DD DSN=SYS1.OSEM.VER61.PARMLIB(MISCINIT),DISP=SHR // DD DSN=SYS1.OSEM.VER61.PARMLIB(VOLINIT),DISP=SHR // DD DSN=SYS1.OSEM.VER61.PARMLIB(POOLINIT),DISP=SHR // DD DSN=SYS1.OSEM.VER61.PARMLIB(PREFINIT),DISP=SHR // DD DSN=SYS1.OSEM.VER61.PARMLIB(RACFINIT),DISP=SHR // DD DSN=SYS1.OSEM.VER61.PARMLIB(RSTRINIT),DISP=SHR // DD DSN=SYS1.OSEM.VER61.PARMLIB(SVCINIT),DISP=SHR // DD DSN=SYS1.OSEM.VER61.PARMLIB(TIMEINIT),DISP=SHR // DD DSN=SYS1.OSEM.VER61.PARMLIB(TPSHINIT),DISP=SHR // DD DSN=SYS1.OSEM.VER61.PARMLIB(QUERY),DISP=SHR // ELSE //* //* OS/EM VERSION PRIOR TO 6.1 RUNNING //* //OS$INIT EXEC PGM=&PROG,TIME=(0,45) //SYSTSPRT DD DISP=OLD,DSN=SYS1.OSEM.IPL.REPORT //SYSMDUMP DD DISP=OLD,DSN=SYS1.OSEM.DUMP //SYSTSIN DD DSN=SYS1.OSEM.PARMLIB(TIME),DISP=SHR // DD DSN=SYS1.OSEM.PARMLIB(CODEINIT),DISP=SHR // DD DSN=SYS1.OSEM.PARMLIB(JES2INIT),DISP=SHR // DD DSN=SYS1.OSEM.PARMLIB(JES3INIT),DISP=SHR // DD DSN=SYS1.OSEM.PARMLIB(MVSINIT),DISP=SHR // DD DSN=SYS1.OSEM.PARMLIB(DASDINIT),DISP=SHR // DD DSN=SYS1.OSEM.PARMLIB(DSNINIT),DISP=SHR // DD DSN=SYS1.OSEM.PARMLIB(HSMINIT),DISP=SHR // DD DSN=SYS1.OSEM.PARMLIB(JCLINIT),DISP=SHR // DD DSN=SYS1.OSEM.PARMLIB(JOBINIT),DISP=SHR // DD DSN=SYS1.OSEM.PARMLIB(JOBRINIT),DISP=SHR // DD DSN=SYS1.OSEM.PARMLIB(MISCINIT),DISP=SHR // DD DSN=SYS1.OSEM.PARMLIB(VOLINIT),DISP=SHR // DD DSN=SYS1.OSEM.PARMLIB(POOLINIT),DISP=SHR // DD DSN=SYS1.OSEM.PARMLIB(PREFINIT),DISP=SHR // DD DSN=SYS1.OSEM.PARMLIB(RACFINIT),DISP=SHR // DD DSN=SYS1.OSEM.PARMLIB(RSTRINIT),DISP=SHR // DD DSN=SYS1.OSEM.PARMLIB(SVCINIT),DISP=SHR // DD DSN=SYS1.OSEM.PARMLIB(TIMEINIT),DISP=SHR // DD DSN=SYS1.OSEM.PARMLIB(TPSHINIT),DISP=SHR // DD DSN=SYS1.OSEM.PARMLIB(QUERY),DISP=SHR // ENDIF //*
Important Usage Notes:
Starting with OS/EM 6.1, the OS/EM subsystem initialization routine (FEMIPL) issues the following command to invoke the OS/EM environment initialization:
S OSEM,PROG=FEMINIT,SUB=MSTR
The OSEM procedure MUST contain a reference to the &PROG variable somewhere in the JCL (even if it is in a comment statement). If there is no reference to this variable, the OSEM procedure will fail with a JCL error and the environment will not be initialized.
Perform one of the following procedures:
Note:
Use caution if your site uses both the LNK= and PROG= parameters. A LNKLST ACTIVATE statement in a PROGxx member will cause the LNKLSTxx member(s) to be ignored.
Perform one of the following procedures:
Note:
Users may use both IEAAPFxx and PROGxx to define authorized load libraries, however there are restrictions related to dynamic authorization lists. Users should consult the MVS Initialization and Tuning Reference if you intend to use both mechanisms.
The OS/EM executable load library should be explicitly defined as APF authorized. The definition of the library to the LINKLST implicitly defines APF authorization. However, several of the OS/EM utility job streams defines the OS/EM load library in a STEPLIB, which nullifies the implicit authorization.
Note:
The FEMSTART CLIST has a symbolic parameter LINKLIB in the SITE SPECIFIC PARMS section. This allows the user to use the 6.1 ISPF functions before the library has been defined to the system LNKLST. Once the library is in the LNKLST, this symbolic parameter should be changed to LINKLIB().
Since you will use the ISPF interface on a regular basis, you should place an entry for the interface on an ISPF menu, preferably a menu that is not widely available to your regular ISPF users.
If you use O as the selection letter, the entry in the menu's )PROC section would be:
O,'CMD(FEMSTART) NOCHECK'
You will also need to add the following line at the end of the menu's )PROC section to allow users to go directly to an OS/EM sub-menu.
&NXOPT = .TRAIL
This procedure will build the initial OS/EM PARMLIB and ISPF Table library entries for your environment. This should only be used by new OS/EM users. Users migrating from prior releases of OS/EM should go to installation step 12.
|
Figure 9. OS/EM Installation Functions
|
Figure 10. Table Creation Progress
|
This process may take several minutes. When complete, the OS/EM Tables and Initialization members will be created.
Notes:
If this is a new installation, go to step 13.
The Upgrade function parses a Query Report of your current OS/EM environment to determine which exits and optional features you are using and stores that information in the OS/EM Version 6.1 PARMLIB and ISPF Table library.
Perform the following procedure to upgrade to OS/EM Version 6.1:
|
Figure 12. OS/EM Installation Functions
|
Figure 13. Verify Upgrade Panel
|
Perform the following:
OR
Figure 14. Upgrade Progress Display
|
The upgrade process may take several minutes. When complete, the OS/EM settings from the current environment or the saved Query Report will be migrated to the OS/EM 6.1 tables.
Notes:
Users upgrading from a prior release of OS/EM should skip to Step 14 because Step 12 copies the existing authorization codes into the new tables.
Figure 15. OS/EM Authorization Codes
|
See Authorization Code, Definition and Use in the OS/EM User Guide for more information.
Once the authorization code(s) has been entered, the OS/EM authorization code initialization member must be built so the OS/EM environment will start during the next IPL.
Figure 16. Build Initialization Members
|
See the OS/EM User Guide for complete instructions.
If you are only installing the HSM Optimizer Reports go to step 24.
Defining JES2 User Exits To OS/EM
The OS/EM AUTOINSTALL feature (new to OS/EM Version 6) will process the JES2 initialization parameters and automatically place the defined user exits under OS/EM control. Therefore, there is nothing that a new user must do to implement existing JES2 exits in OS/EM.
However, since OS/EM provides centralized management of all common user exits, it makes more sense to explicitly define the user exits to OS/EM. These exits can be defined to OS/EM before or after the initial IPLs with OS/EM.
The OS/EM processing rules for JES2 exits are:
A suggested migration strategy from JES2 PARM definitions to OS/EM is:
Refer to the OS/EM User's Guide for more information regarding the Rebuild OS/EM Tables and Build Initialization Member functions.
Special Consideration For JES2 Exit 0
If you are using the JES2 Pre-Initialization Exit (EXIT 0) to control the start of the JES2 Initialization process, it must be Link Edited as a separate Load Module with a name other than HASPXIT0, and additional Exit Entry Points (such as EXIT19 or EXIT24, for example) should not be included. These should be assembled and Link Edited into a separate Load Module (or Modules) of their own and additionally defined to OS/EM, as appropriate.
Defining User Exits To Be Outside Of OS/EM Control
Occasionally, a third-party product insists that their JES2 User exit(s) be loaded first (i.e. outside the control of OS/EM and be first in the exit calling sequence). One example is the JES2 EXIT 5 for CA-ROSCOE. In order to satisfy the product's requirements, the following must be done when OS/EM is installed:
LOADMOD(modname)
EXIT(nnn) ROUTINES=(entrypt,OSEMXnnn)
where modname is the load module name and entrypt is the user exit's entry point name for the user exit that is to be loaded outside of OS/EM's control. The OSEMXnnn entry point specification defines the OS/EM JES2 user exit control module for this exit point (this is normally defined automatically when the AUTOINSTALL function is active).
Other Notes:
Beginning with OS/390 Version 2 Release 4, IBM has provided a compatibility and migration aid in the form of a user Exit 5 routine. Without OS/EM, this exit is invoked automatically if you do not specify your own Exit 5. Since OS/EM enables Exit 5 this user exit will not be automatically invoked. To ensure that this exit continues to be available, you must define it to the OS/EM Basic Exits Function. The module name of this exit is HASX05C with an entry point name of HASX5CTR. Because this exit is not MVS re-entrant, you will need to code KEY: 1 on the OS/EM entry panel.
Prior versions of OS/EM required users to define OS/EM JES2 the interface module and the user exit points in the JES2 initialization parms. The OS/EM AUTOINSTALL feature (new to OS/EM Version 6.0) automatically adds the OS/EM JES2 Interface for all of the user exit points.
Users who are upgrading to OS/EM 6.1 must remove the OS/EM LOADMOD and EXIT(nnn) definitions from the JES2 initialization parms before IPLing with OSEM 6.1:
LOADMOD(OS$J2ITF) STORAGE=CSA EXIT(001) ROUTINE=EXIT1,ENABLE,TRACE=NO * * * EXIT(nnn) ROUTINE=EXITnnn,ENABLE,TRACE=NO
Important:
Failure to remove these definitions will cause OS/EM to attempt to dynamically define these exits during JES2 initialization. These definitions will fail (load module not found) and error messages will be issued, but JES2 and OS/EM initialization will continue normally.
No upgrade actions are required.
Copy the SAMPLIB member CSVLLA61 to the system PARMLIB. Edit this member to specify the OS/EM executable load library. This member is used by the OS/EM maintenance functions to refresh the Library Lookaside Directory (LLA).
Make the following changes to the system PARMLIB:
OS/EM Version 6 introduces significant architectural changes that affect how it is configured to OS/390 & z/OS.
Note: If the EXIT ADD statements are not removed, message CSV431I will be issued at IPL time for each entry point (Module Not Found). This will not prevent OS/EM from initializing successfully.
No upgrade actions are required.
This step may be skipped during an upgrade of OS/EM, however you should review your ARCCMDxx member to be sure all DFHSM exits are specified.
In order to activate the HSM Optimizer functions the DFHSM ARCCMDxx parm member must be updated to enable all the DFHSM exits.
SETSYS EXITON(AD BD BE CB CD CR ED IN MD MM) SETSYS EXITON(MV M2 RD RP SA SD SK TD TE TV)
This step may be skipped during an upgrade of OS/EM, however you should review your SMFPRMxx member to be sure all SMF exits are enabled. The EXITS parameter should be specified on both the SYS and SUBSYS keywords, as the following example shows:
SYS(NOTYPE(16:19,99),EXITS(IEFACTRT,IEFUAV,IEFUJI,IEFUJP,IEFUJV,
IEFUSI,IEFUSO,IEFUTL,IEFU29,IEFU83,IEFU84,IEFU85),
INTERVAL(003030),NODETAIL)
SUBSYS(STC,EXITS(IEFACTRT,IEFUAV,IEFUJI,IEFUJP,IEFUJV,IEFUSI,
IEFUSO,IEFUTL,IEFU29,IEFU83,IEFU84,IEFU85))
Note:
Users of z/OS 1.9 and later should add IEFU29L to the SMF exits lists above.
This step may be skipped during an upgrade.
RACF provides three types of password authentication:
Prior to RACF release 2.1 the default authentication method was the masking algorithm. Beginning with RACF release 2.1, a two-step method of checking is the default, where RACF uses both the masking algorithm and the DES algorithm.
You must control the type of authentication used via OS/EM if you are running RACF 2.1 or above.
Note: For more information on using the ISPF Facility MVS Basic Exit Support, see the OS/EM User Guide. For more information regarding RACF Password Authentication, refer to the RACF System Programmer's Guide.
The Communications dataset contains 32 fixed length records - one record for each system within the MAS. Each record is made up of a 4 byte header plus 45 bytes for each active resource on the system.
New users must allocate a Resource dataset with the following characteristics:
RECFM=F,LRECL=nnnnn,BLKSIZE=nnnnn,DSORG=PS,SPACE=(nnnnn,(32),,CONTIG)
where nnnnn is the record / block size. This is calculated with the following algorithm:
45 * Max_Number_Resource_Entries + 4
The minimum record length is 4505 (allowing a maximum of 100 active resources per system) and the maximum record length is 32719 (737 active resources). It is recommended that the maximum value is used since the dataset is very small and will not increase in size.
Only allocate 32 blocks for the primary extent and zero for the secondary allocation. Any allocation exceeding this will simply be wasted allocated space.
OS/EM Version 6 increases the maximum number of resources that can defined from 100 to 727. While the current Job Routing Resource dataset will still work with OS/EM Version 6.0, users should consider migrating the dataset to support the increased number of resources.
OS/EM SAMPLIB member RDSCOPY allocates a new Resource dataset and migrates the data from the existing Resource dataset. The JCL needs to be modified to specify the desired record length. The record length is calculated as follows:
45 * Max_Number_Resource_Entries + 4
The minimum record length is 4505 and the maximum is 32719. It is recommended that the maximum value is used.
Note: Users must ensure that the new dataset name is defined in the Job Routing System Level Controls panel before IPLing the system.
IMPORTANT
If you are running in a Multi-Access Spool (MAS) environment, you must not increase the size of the Resource Dataset record until all systems are running OS/EM 6.x.
No upgrade actions are required.
To use the OS/EM support of the ISPF installation-wide exits, you must have set the EXITS keyword on the ISPMTAIL macro to YES, or by using the ISPCCONF command to change the ISPDFLTS setting 'Enable ISPF Exits'.
For detailed instructions, refer to the ISPF Planning and Customizing manual, section Tailoring ISPF Defaults.
Also be sure that you do not have a version of ISPEXITS available in a STEPLIB in any ISPF logon procedure, otherwise ISPEXITS will be loaded from the STEPLIB and not from the OS/EM load library. Any exit (and associated data area) coded in your ISPEXITS module must be defined to OS/EM via the Basic Exits function.
Users who do not wish to activate the OS/EM ISPF Dialog security can skip to Step 22. This step can be done at any time after the installation process.
Prior to activating this feature, refer to "Administration Dialog Security" and "ISPF Admin Dialog Security" to ensure that the appropriate external security profiles are defined.
Edit the OS/EM PARMLIB member QUERY and un-comment the FEMCNTL SYSTEM control statement.
/* -----------------------------------------------------------------*/ /* UNCOMMENT THE FOLLOWING STATEMENT TO ACTIVATE ADMIN SECURITY */ /* */ /*FEMCNTL SYSTEM ADMINSEC /* -----------------------------------------------------------------*/ /* */ FEMCNTL QUERY ALL
IPL the system. OS/EM will initialize with the parameters you placed in the parmlib members pointed to by the OSEM procedure.
Use the ISPF interface at any time to modify processing options and/or user exits, or to build initialization members that your installation requires.
Perform the following tasks to verify that OS/EM has been installed correctly:
FEMIPL020 FEMIPL ENDED - RC = xx
If this message is not present, the OS/EM subsystem initialization process was not performed.
Useful MVS commands are:
D IPLINFO to display the basic IPL information
D SSI to display the subsystem information
D PROG,LNKLST to display the LNKLST and APF status
If the subsystem initialization message is present but the return code is not zero, scan the SYSLOG for preceding OS/EM messages that may indicate the cause of the initialization error.
IEF142I OSEM OSEM - STEP WAS EXECUTED - COND CODE xxxx
If this message is not found, browse the SYSLOG for MVS or OS/EM messages that would indicate why the procedure was not invoked. Common errors are JCL errors or the OSEM procedure is not found.
If the message is found, but the condition code is not zero, the SYSLOG may have other OS/EM messages that will indicate the source of the error(s). There may also be errors parsing the OS/EM initialization statements. Browse the OS/EM IPL.REPORT dataset (pointed to by the SYSTSPRT DD in the OSEM procedure) for any errors in processing the FEMCNTL commands.
If the message is found and the condition code is zero, the OS/EM system has been successfully initialized.
The IPL.REPORT also contains a query report which displays the status of all OS/EM functions. This report should be reviewed to ensure that OS/EM is performing all the functions that the user is expecting.
Note : The query report in the IPL.REPORT will not reflect the ultimate status of certain functions (e.g. Job Routing, Tape Sharing) because they are initialized after the time that the query is executed. In order to ensure that the query report completely reflects the operational status of OS/EM, users should perform a QUERY ALL function through the OS/EM ISPF administration panel.
Refer to the OS/EM Version 6.1 Users Guide for information regarding the initialization and creation of the OS/EM HSM Optimizer Reports.
OS/EM is installed and maintained with SMP/E. Maintenance is distributed in the form of individual PTFs and Cumulative Service. This maintenance is applied using the standard SMP/E RECEIVE / APPLY / ACCEPT process.
The OS/EM Maintenance and Installation functions (Option 1 from the OS/EM main menu) provides tools for implementing product maintenance after the PTFs have been applied with SMP/E.
Figure 17. OS/EM Maintenance & Installation Menu
|
The following functions are applicable when applying product maintenance:
Note: If you have valid changes pending, they should be executed prior to using this function, or those changes will be lost. See the "Execute Pending Changes" chapter in the OS/EM User Guide for more information on this process.
|
Field entry is as follows:
If used, be sure to enclose the DSN in apostrophes (single quotes), otherwise your TSO ID will be appended to the front of the dataset name.
Again, use apostrophes to qualify the dataset name.
Figure 19. ISPF Table Rebuild Utility
|
Since this process takes several minutes to complete, the above panel is displayed to let you know what processing is currently being done.
The SMP/E Functions provide dialogs for applying maintenance to the OS/EM product. This is a simplified form of the standard SMP/E ISPF dialog for the RECEIVE, APPLY and ACCEPT functions.
It is not mandatory to use these functions to apply OS/EM maintenance (users can use the SMP/E dialogs and/or tailored JCL). However, these dialogs significantly streamline the maintenance process and insure that the correct datasets are used.
Figure 20. SMP/E Functions Menu
|
Each option will submit a job to complete the SMP/E function. A JOB statement skeleton panel will be presented which will allow the user to tailor the JOB statement, view / edit the JCL stream and submit the job.
|
Figure 22. SMP/E Functions Menu
|
Enter the fully qualified name of the packed cumulative maintenance dataset and the HOLDDATA dataset. Do not use quotes. All other required datasets (i.e. the load library that has the TRSMAIN utility and the SMP/E CSI) are defined in the installation variables.
The job should complete with a return code of zero. For more information regarding the RECEIVE process or for any problem determination procedures, consult the relevant IBM SMP/E references.
Figure 23. SMP/E APPLY Maintenance
|
Select the desired APPLY function and the BYPASS option. It is recommended that an APPLY CHECK is run prior to the APPLY to insure all requisites and HOLD requirements are satisfied.
All required datasets are defined in the installation variables.
The job should complete with a return code of zero (or four if HOLDs are present and have been bypassed). For more information regarding the APPLY process, the CHECK and BYPASS options, or for any problem determination procedures, consult the relevant IBM SMP/E references.
Figure 24. SMP/E ACCEPT Maintenance
|
Select the desired ACCEPT function and BYPASS option. It is recommended that an ACCEPT CHECK is run prior to the ACCEPT to insure all requisites and HOLD requirements are satisfied.
All required datasets are defined in the installation variables.
The job should complete with a return code of four. For more information regarding the APPLY process, the CHECK and BYPASS options, or for any problem determination procedures, consult the relevant IBM SMP/E references.
The JES Offset Table(s) must be generated under the following circumstances:
When this option is selected, the user is presented with the following selection menu:
Figure 25. JES Offset Table Menu
|
This function defines the MVS and JES libraries that are to be used for the Offset Table generation. These libraries must match the environment on which OS/EM is to run.
The libraries are defined at installation time but may need to be modified if the Offset Table is being generated for a new environment (e.g. building a new set of SYSRES volumes).
If the incorrect libraries are used, abends in OS/EM control modules and/or JES modules may result.
Figure 26. Library Definitions for JES Offset Table
|
Enter the appropriate library dataset names that are / will be in effect when OS/EM will be initialized.
MVS Macros | This is the system macro library (normally named SYS1.MACLIB). |
MVS MODGEN | This is the SYSGEN or module generation macro library (normally named SYS1.MODGEN). |
TCPIP Macros | This is the TCPIP macro library (normally named TCPIP.SEZACMAC). |
JES2 Macros | This is the JES2 macro library (normally named SYS1.SHASMAC). |
JES2 Source | This is the JES2 source library (normally named SYS1.SHASSRC). |
JES2 Load | This is the JES2 link or load library. Depending on the release level of JES2, the library is normally named SYS1.SHASLINK or named SYS1.SHASLNKE). |
JES3 Macros | This is the JES3 macro library (normally named SYS1.SIATMAC). |
If the JES Offset Table generation is for the current system, the cataloged libraries should be used and so it shouldn't be necessary to enter anything in the UNIT and VOLSER fields.
If the JES Offset Table generation is for a new environment using different SYSRES volumes, the UNIT and VOLSER fields must point to the new volumes to be used when the system is IPLed.
When the JES Offset Table menu options 2 or 3 are selected, the user is presented with a skeleton JOB JCL statement that can be modified prior to submitting the Offset Table generation job.
Figure 27. JES Offset Table JOB Statement
|
VERY IMPORTANT
Figure 28. Copy SMP/E Libraries
|
The selection columns are :
CMPRS | Enter Y if you want to compress the selected executable library prior to copying the contents of the corresponding target library. |
COPY | Enter Y if you want to copy the selected target library to the corresponding executable library. |
REFR | This applies only to the executable load library. Enter Y and specify the appropriate suffix for the system PARMLIB CSVLLAxx member if you wish to refresh the Library Lookaside (LLA) after the executable load library has been copied. |
Once the appropriate libraries have been selected, pressing PF3 will result in the JCL JOB statement selection panel being presented. Make the necessary changes and submit the job (option 1).
Note:
Changes made to the installation variables will affect the JCL that is submitted for the maintenance functions (e.g. JES Offset Table generation).
The principal purpose of this function is to allow the user to change executable library definitions. This permits the maintenance of multiple iterations of the OS/EM system libraries from the one ISPF environment.
Figure 29. OS/EM Installation Variables
|
Notes:
If these fields are left blank, the Executable Library name specifications will be used for the OS/EM LINKLIB.
Very Important:
Use extreme caution when modifying SMP/E, target and distribution library specifications. This dialog does not change dataset & library definitions defined within SMP/E (i.e. DDDEF entries for the OS/EM system). Problems when attempting to maintain the OS/EM system are likely if there is a mismatch between these installation variables and the SMP/E environment.
Pressing PF3 will display the OS/EM Required System Libraries panel.
Figure 30. OS/EM Installation Variables
|
Notes:
MVS Macros | This is the system macro library (normally named SYS1.MACLIB). |
MVS MODGEN | This is the SYSGEN or module generation macro library (normally named SYS1.MODGEN). |
TCPIP Macros | This is the TCPIP macro library (normally named TCPIP.SEZACMAC). |
JES2 Macros | This is the JES2 macro library (normally named SYS1.SHASMAC). |
JES2 Source | This is the JES2 source library (normally named SYS1.SHASSRC). |
JES2 Load | This is the JES2 link or load library. Depending on the release level of JES2, the library is normally named SYS1.SHASLINK or named SYS1.SHASLNKE). |
JES3 Macros | This is the JES3 macro library (normally named SYS1.SIATMAC). |
The Unit and Volser fields are not required if the dataset is cataloged. The information may be necessary if the product is being installed on a new SYSRES volume (i.e. not the current SYSRES).
Figure 31. Verify/Change OS/EM Datasets
|
| blank | The dataset name is defined via the standards defined by the installation variables. |
| C | The dataset name has been changed through this panel. |
| F | The dataset name is not defined by the installation variables, but is explicitly defined during installation and/or maintenance. |
Refer to the cautionary notes above relating to updating installation variables.
This option only needs to be used when specifically instructed in SMP/E HOLDDATA for the affecting PTF(s).
The following panel is an example of options that could be listed following maintenance.
Figure 32. Update System Tables
|
The SMP/E target libraries that need to be copied will be dependent upon what members are affected by the maintenance that was applied. Users should check the SMP/E APPLY output to determine the affected libraries. If the maintenance affects a large number of members (e.g. cumulative maintenance that has a multiple PTFs), it may be more prudent to copy all libraries to insure that the maintenance is properly implemented.
PTFs that require special actions (e.g. an IPL, JES Offset Table generation, Table Library rebuild) will be indicated through maintenance documentation and/or PTF HOLDDATA. Users must insure that all actions are performed. Failure to do so could result in improper operation of the OS/EM environment.
Important Notes:
If maintenance requires an IPL, it is recommended that the libraries be copied immediately prior to system termination.
When applying maintenance that does not require an IPL and OS/EM load modules are affected, the following procedure is recommended after the libraries have been copied:
IMPORTANT
Any time that JES maintenance is applied, it is recommended that OS/EM maintenance is also applied because the two products are closely linked. Contact OS/EM support to obtain the latest maintenance for the product.
Whenever JES system maintenance is applied, the OS/EM JES Offset Table must be regenerated. This is done through the Maintenance and Installation function of the OS/EM ISPF dialogue (Option 1).
After the JES offset table is generated, it will need to copied from the OS/EM target LINKLIB into the executable LINKLIB.
Whenever you install a new version of JES2, and this release will operate as a secondary JES subsystem, you MUST use the ISPF interface and update the JES2 version number. Select option 6 Set JES Name on the Primary Option Menu and specify the version of JES you will be using. Once this is updated, select option 8 Build Initialization Member and select the following items:
Notes:
This is a summary of the external security profiles that OS/EM will use when the optional security functions are enabled.
JOBCLASS.x
All JOBCLASS profiles are defined to the FACILITY class (IBMFAC for CA-TopSecret).
COMMAND.* | Generic profile for all operating system commands |
COMMAND.cmd | 'cmd' must be full command verb (e.g. MOUNT) |
JES2.* | Generic profile for all JES2 commands |
JES2.$cmd | 'cmd' is the single-character command (excluding ADD, DEL, TRACE 1 VS) |
All command profiles are defined to the FACILITY class (IBMFAC for CA-TopSecret).
The following table lists the OS/EM JES2 commands and the associated
security resource and access authority required.
| Command | Resource Name | Authority |
|---|---|---|
| $DB | jesx.DISPLAY.OSEM | READ |
| $DC | jesx.DISPLAY.OSEM | READ |
| $DP | jesx.DISPLAY.OSEM | READ |
| $DRESOURCE | jesx.DISPLAY.OSEM | READ |
| $LF | jesx.DISPLAY.OSEM | READ |
| $LN | jesx.DISPLAY.OSEM | READ |
| $LQ | jesx.DISPLAY.OSEM | READ |
| $QA | jesx.ADD.OSEM | CONTROL |
| $QD | jesx.DELETE.OSEM | CONTROL |
| $Q' | jesx.MODIFY.OSEM | UPDATE |
| $QJ | jesx.MODIFY.OSEM | UPDATE |
jesx is the JES2 subsystem name.
All command profiles are defined to the OPERCMDS class.
Users can optionally define the security class and profile names to be checked when controlling the use of JCL & SYSOUT parameters. Refer to the JCL Controls section of the OS/EM User's Guide for more information regarding this option.
If the class and profile names are not defined, the following FACILITY class (IBMFAC for CA-TopSecret) profiles will be used:
JCL.parm.value
where valid 'parm' values are:
External security can be used to secure the FEMCNTL functions. The FEMCNTL utility is used to enable / disable / alter OS/EM functions and user exits.
FEMCNTL.sysid.command
where valid 'command' values are:
| * | Generic profile for all FEMCNTL commands |
| ACF2 | OS/EM ISPF Dialog security for CA-ACF2 users |
| ALLOC | Device allocation functions and user exits |
| CODE | OS/EM Authorization Code functions |
| DASD | DSN and Volume Group functions |
| DASDCNTL | DASD Quickpool functions and IGGPRE00 & IGGPOST0 user exits |
| DUMP | OS/EM Dump functions |
| HSM | HSM Optimizer functions and DFSMShsm user exits |
| ISPF | ISPF functions and user exits |
| JES2 | JES2 functions and user exits |
| JES3 | JES3 user exits |
| MISC | Miscellaneous functions |
| POOL | OS/EM Quickpool functions |
| QUERY | OS/EM Query function |
| RACF | RACF functions, OS/EM ISPF Dialog security for RACF users and user exits |
| RELOAD | OS/EM & user exit load module load / reload functions |
| SAF | SAF user exits |
| SMF | SMF functions and user exits |
| SVC | SVC Delete / Replace functions |
| SYSTEM | OS/EM general system functions |
| TOPS | OS/EM ISPF Dialog security for CA-TopSecret users |
| TSO | TSO functions and user exits |
All function profiles are defined to the FACILITY class (IBMFAC for CA-TopSecret).
External security can be used to secure the ISPF Administration dialog functions. The profile names have the structure
OSEM.sysid.ADMIN.function
where sysid is the SMF system name (defined in the SID parameter of the SMFPRMxx PARMLIB member).
The 'function' name is hierarchical in structure to allow flexible security by functional group with generic profiles. For example:
OSEM.sysid.ADMIN.* | Profile for all ISPF administration functions |
OSEM.sysid.ADMIN.MAINT.* | Profile for ISPF administration Maintenance functions |
Valid 'function' values are:
| MAINT.AUTH.CODE | Option 1.1 |
| MAINT.ENABLE.EXPIRE.MSG | Option 1.2 |
| MAINT.NOTIFY.GROUPS | Option 1.3.1 |
| MAINT.NOTIFY.ALLOC | Option 1.3.2 |
| MAINT.NOTIFY.DASD | Option 1.3.3 |
| MAINT.NOTIFY.HSM | Option 1.3.4 |
| MAINT.NOTIFY.ISPF | Option 1.3.5 |
| MAINT.NOTIFY.JES2 | Option 1.3.6 |
| MAINT.NOTIFY.JES3 | Option 1.3.7 |
| MAINT.NOTIFY.MISC | Option 1.3.8 |
| MAINT.NOTIFY.RACF | Option 1.3.9 |
| MAINT.NOTIFY.SAF | Option 1.3.10 |
| MAINT.NOTIFY.SMF | Option 1.3.11 |
| MAINT.NOTIFY.TSO | Option 1.3.12 |
| MAINT.NOTIFY.OSEM | Option 1.3.13 |
| MAINT.NOTIFY.USER | Option 1.3.14 |
| MAINT.SMF.RECORD.NUMBER | Option 1.4 |
| MAINT.PERF.COUNTS | Option 1.5 |
| MAINT.ENABLE.WARN.MSG | Option 1.6 |
| MAINT.PEND.CHG.CLEANUP | Option 1.7 |
| MAINT.REBUILD.TABLES | Option 1.8 |
| MAINT.OFFSET.LIBS | Option 1.10.1 |
| MAINT.JES2.OFFSET | Option 1.10.2 |
| MAINT.JES3.OFFSET | Option 1.10.3 |
| MAINT.COPY.SMPE2EXEC | Option 1.11 |
| MAINT.INST.VARIABLES | Option 1.12 |
| MAINT.GEN.DSNAMES | Option 1.13 |
| MAINT.CREATE.TABLES | Option 1.15 |
| MAINT.UPGRADE.TABLES | Option 1.16 |
| BASIC.JES2.EXITS | Option 2.1 |
| BASIC.JES3.EXITS | Option 2.2 |
| BASIC.MVS.EXITS | Option 2.3 |
| DEFINE.DSN.GROUPS | Option 3.1 |
| DEFINE.VOL.GROUPS | Option 3.2 |
| HSM.BKUP | Option 3.3.1 |
| HSM.DEFRAG | Option 3.3.2 |
| HSM.DBA | Option 3.3.3 |
| HSM.DBU | Option 3.3.4 |
| HSM.DIRECT.ML2 | Option 3.3.5 |
| HSM.EARLY.RECALL | Option 3.3.6 |
| HSM.DSORG | Option 3.3.7 |
| HSM.MIG | Option 3.3.8 |
| HSM.ML2 | Option 3.3.9 |
| HSM.PRTY.REQUESTS.SYS | Option 3.3.10.1 |
| HSM.PRTY.RECALL.REQS | Option 3.3.10.2 |
| HSM.PRTY.RECOVER.REQS | Option 3.3.10.3 |
| HSM.QUICK.DELETE | Option 3.3.11 |
| HSM.REBLOCK | Option 3.3.12 |
| HSM.RECALL.VOL.SELECT | Option 3.3.13 |
| HSM.REPORTS | Option 3.4.1 |
| HSM.SMF.COLLECT | Option 3.4.2 |
| HSM.DEFINE.REPT.FILES | Option 3.4.3 |
| ISPF.PREFIX | Option 3.5 |
| JCL.ACCOUNT.NUMBERS | Option 3.6.1 |
| JCL.EZPROC | Option 3.6.2 |
| JCL.JOB.CLASS.CHECKING | Option 3.6.3.1 |
| JCL.JOB.NAME.CHECKING | Option 3.6.3.2 |
| JCL.FORCE.OPEN | Option 3.6.4 |
| JCL.OTHER.ADDRSPC | Option 3.6.5.1 |
| JCL.OTHER.DATACLASS | Option 3.6.5.2 |
| JCL.OTHER.DDNAMES | Option 3.6.5.3 |
| JCL.OTHER.DPRTY | Option 3.6.5.4 |
| JCL.OTHER.EXPDT | Option 3.6.5.5 |
| JCL.OTHER.MGMTCLASS | Option 3.6.5.6 |
| JCL.OTHER.PERFORM | Option 3.6.5.7 |
| JCL.OTHER.PROTECT | Option 3.6.5.8 |
| JCL.OTHER.PRTY | Option 3.6.5.9 |
| JCL.OTHER.RETPD | Option 3.6.5.10 |
| JCL.OTHER.STORCLASS | Option 3.6.5.11 |
| JCL.OTHER.SUBSYS | Option 3.6.5.12 |
| JCL.OTHER.TIME | Option 3.6.5.13 |
| JCL.OTHER.UNIT | Option 3.6.5.14 |
| JCL.OTHER.USERLIB | Option 3.6.5.15 |
| JCL.STEPLIB.SYSTEM | Option 3.6.6.1 |
| JCL.STEPLIB.SEL.LISTS | Option 3.6.6.2 |
| JCL.SYSOUT.BURST | Option 3.6.7.1 |
| JCL.SYSOUT.CHARS | Option 3.6.7.2 |
| JCL.SYSOUT.COPIES | Option 3.6.7.3 |
| JCL.SYSOUT.DEST | Option 3.6.7.4 |
| JCL.SYSOUT.FCB | Option 3.6.7.5 |
| JCL.SYSOUT.FLASH | Option 3.6.7.6 |
| JCL.SYSOUT.FORM | Option 3.6.7.7 |
| JCL.SYSOUT.FORMDEF | Option 3.6.7.8 |
| JCL.SYSOUT.MODIFY | Option 3.6.7.9 |
| JCL.SYSOUT.MSGCLASS | Option 3.6.7.10 |
| JCL.SYSOUT.OUTPRTY | Option 3.6.7.11 |
| JCL.SYSOUT.PAGEDEF | Option 3.6.7.12 |
| JCL.SYSOUT.PRMODE | Option 3.6.7.13 |
| JCL.SYSOUT.SYSOUT | Option 3.6.7.14 |
| JCL.SYSOUT.UCS | Option 3.6.7.15 |
| JCL.SYSOUT.WRITER | Option 3.6.7.16 |
| JCL.TAPE.CONTROLS | Option 3.6.8 |
| JCL.VIRTUAL.STORAGE | Option 3.6.9 |
| JOB.ADD.NOTIFY | Option 3.7.1 |
| JOB.CONTROL.JES2.CMDS | Option 3.7.2 |
| JOB.CONTROL.MVS.CMDS | Option 3.7.3 |
| JOB.DSN.CONFLICT.RESOL | Option 3.7.4 |
| JOB.JOB.STEP.NOTIFY | Option 3.7.5 |
| JOB.LIMITS.BY.USER | Option 3.7.6.1 |
| JOB.PROGRAM.LIMITS | Option 3.7.6.2 |
| JOB.JOB.START.MESSAGE | Option 3.7.7 |
| JOB.JOB.STEP.STATISTICS | Option 3.7.8 |
| JOB.NOT.CATALOGED2 | Option 3.7.9 |
| JOB.REFORMAT.JOB.ACCT | Option 3.7.10 |
| SET.JES.NAME | Option 3.7.11 |
| JOB.SURROGATE.PASSWORDS | Option 3.7.12 |
| JOB.SYSOUT.EXTEND.JES2 | Option 3.7.13.1 |
| JOB.SYSOUT.EXTEND.OUTLM | Option 3.7.13.2 |
| JOB.TSO.LOGOFF.STATS | Option 3.7.14 |
| JOB.VERIFY.USER.RACF | Option 3.7.15 |
| JOB.VERIFY.USER.JOBNAME | Option 3.7.16 |
| JOBROUTE.SYSTEM.LEVEL | Option 3.8.1 |
| JOBROUTE.JECL.DEFAULTS | Option 3.8.2 |
| JOBROUTE.MSG.SUB | Option 3.8.3 |
| JOBROUTE.ROUTING.GROUPS | Option 3.8.4 |
| JOBROUTE.CHANGE.JOBCLS | Option 3.8.5 |
| JOBROUTE.CHANGE.SCHENV | Option 3.8.6 |
| JOBROUTE.CHANGE.SRVCLS | Option 3.8.7 |
| JOBROUTE.CHANGE.XEQNODE | Option 3.8.8 |
| SET.JES.NAME | Option 3.8.9 |
| MISC.ACF2.NONCANCEL | Option 3.9.1 |
| MISC.CATALOG.ACCOUNT | Option 3.9.2 |
| MISC.ESTIMATED.COSTS | Option 3.9.3 |
| MISC.SMF.DUMP | Option 3.9.4.1 |
| MISC.SMF.DUMP.IEFU29L | Option 3.9.4.2 |
| MISC.TSO.PGM.INTERCEPT | Option 3.9.5 |
| MISC.WTO | Option 3.9.6 |
| QUICKPOOL.DASD.ALLOC | Option 3.10.1 |
| QUICKPOOL.RULES | Option 3.10.2 |
| RACF.DISCRETE.PROFILES | Option 3.11.1 |
| RACF.EXTERNAL.TAPE | Option 3.11.2 |
| RACF.RESTRICT.PASSWORD | Option 3.11.3 |
| RESTRICT.DEVICES | Option 3.12 |
| SVC.REPLACE | Option 3.13 |
| TAPESHR.SYSTEM.LEVEL | Option 3.14.1 |
| TAPESHR.DEVICE.LEVEL | Option 3.14.2 |
| TIME.JOB.TIME | Option 3.15.1 |
| TIME.SYSTEM.LEVEL | Option 3.15.2 |
| TIME.SELECTION.LISTS | Option 3.15.3 |
| QUERY.STATUS | Option 4 |
| RELOAD.JES2.USER.MODS | Option 5.1 |
| RELOAD.JES3.USER.MODS | Option 5.2 |
| RELOAD.MVS.USER.MODS | Option 5.3 |
| RELOAD.SYSTEM.MODS | Option 5.4 |
| RELOAD.RACF.TABLES | Option 5.5 |
| SET.JES.NAME | Option 6 |
| XEQ.PENDING.CHANGES | Option 7 |
| BUILD.INIT.MEMBER | Option 8 |
All administration function profiles are defined to the FACILITY class (IBMFAC for CA-TopSecret).
Resource Name | Description |
DISCRETE.PROFILE.class | These resources are used by the RACF Discrete Profiles function to control the definition of discrete profiles. 'class' is the name of the resource class that is being controlled. READ access permits a user to create discrete profiles. See 'RACF Discrete Profiles' in the OS/EM User Guide. |
| This is a FACILITY class resource. |
EXTERNAL.TAPE | This resources is used by the External Tape Controls function to allow users to open datasets that have no defined profile. the resource class that is being controlled. READ access permits a user to open external datasets. See 'External Tape Control' in the OS/EM User Guide. |
| This is a FACILITY class resource. |
The following OS/EM functions use external security resources, the names of which are defined by the user.
OS/EM Function | Description |
Job Limiting | External security can be used to allow users to bypass the job limiting controls. READ access to the defined resource will permit a user to execute more concurrent jobs than may be allowed by the job limiting rules. This resource is optional. If it is not defined all users' jobs will be subject to the job limiting controls. See 'Job Limits By User' in the OS/EM User Guide. |
| Example - BYPASS.JOB.LIMITS |
SYSOUT Extensions | External security can be used to grant SYSOUT extensions when the output limits are exceeded. Read access to the defined resource will grant SYSOUT extensions to the user's job (the size of the extension is defined in the SYSOUT Extension Controls). This resource is optional. If it is not defined all users' jobs will be subject to the SYSOUT extension controls. See 'SYSOUT Extensions' in the OS/EM User Guide. |
| Example - EXTEND.SYSOUT |
Time Extensions | External security can be used to grant CPU and/or wait time extensions when the job / step / wait time limits are exceeded. Read access to the defined resource(s) will grant CPU or wait extensions to the user's job / step. (the size of the extension is defined in the Time Extensions System Level Controls. These resources are optional. If they are not defined all users' jobs will be subject to the Time extension controls. See 'SYSOUT Extensions' in the OS/EM User Guide. |
| Example - EXTEND.JOBCPU, EXTEND.STEPCPU, EXTEND.WAIT |
All User Defined profiles are defined to the FACILITY class (IBMFAC for CA-TopSecret).
The success of this manual depends solely on its usefulness to you. To ensure such usefulness, we solicit your comments concerning the clarity, accuracy, completeness, and organization of this manual. Please enter your comments below and mail this form to the address on the front page of this manual. If you wish a reply, give your name, company, and mailing address. We would also appreciate an indication of your occupation and how you use this manual.
Please rate this manual on the following points: