- As is always the case, don't turn things on unless you need
them. In general, the cost of security has been highly optimized. However,
if you don't need EJBROLEs, then don't enable the class in RACF.
- Use the RACLIST to place into memory
those items that will improve performance. Specifically, ensure that you RACLIST
(if used):
- CBIND
- EJBROLE
- SERVER
- STARTED
Example:
RACLIST (CBIND, EJBROLE, SERVER, STARTED)
- Use of things like SSL come at a price. If you are a heavy SSL user, ensure
that you have appropriate hardware, such as PCI crypto cards, to speed up
the handshake process.
- Here's how you define the BPX.SAFFASTPATH facility class profile. This
profile allows you to bypass SAF calls which can be used to audit successful
shared file system accesses.
Note: Do not use this option if you need to audit successful
HFS accesses or if you use the IRRSXT00 exit to control HFS access.
- Use VLF caching of the UIDs and GIDs as shown in the example COFVLFxx
parmlib member below:
Example: sys1.parmlib(COFVLFxx):
********************************* Top of Data ********************.
.
CLASS NAME(IRRGMAP) EMAJ(GMAP)
CLASS NAME(IRRUMAP) EMAJ(UMAP)
CLASS NAME(IRRGTS) EMAJ(GTS)
CLASS NAME(IRRACEE) EMAJ(ACEE)
.
******************************** Bottom of Data ******************
To avoid a costly scan of the RACF databases, make sure all HFS files
have valid GIDs and UIDs.