How to Configure the Installation Environment
The installation environment must be configured to support your installation of CA Endevor SCM. To do this, complete the following tasks:
ce17
The installation environment must be configured to support your installation of CA Endevor SCM. To do this, complete the following tasks:
- If your site has multiple CPUs sharing DASD, define queue names for CA Endevor SCM. For more information, see Global Resource Sharing.
- Create a CA Endevor SCM environment for the new release under TSO to enable users and administrators access to the product. For more information, see How to Define CA Endevor SCM to the ISPF Environment.
- Set up security as follows:
- Secure your data sets using the Alternate ID.
- Secure access to functions.
- If your site is using CA ACF2 security, modify the TSO Command Limiting Facility to allow ISPTLIB commands. These commands include ACMQ, BC1PACMI, ESORT, EONLY, EM, QM, and so on.
2
Global Resource Sharing
If your site has multiple CPUs sharing DASD, define queue names. If you are using Unicenter CA-MIM Resource Sharing or IBM Global Resource Serialization (GRS), include the queue names in the appropriate Global Resource Queue Name Table.
How to Define Queue Names for Unicenter CA-MII ENQ Management Definitions
The Unicenter CA-MII component of Unicenter CA-MIM has two operating modes, ALLSYSTEMS mode and SELECT mode. If you are using Unicenter CA-MIM Resource Sharing, the ENQ management definitions for CA Endevor SCM must be added in the Unicenter CA-MII MIMQNAME parameter library member. Which definitions depend on which mode Unicenter CA-MII is operating.
To define the queue names, do the following:
- Determine which operating mode your active Unicenter CA-MII address space is running in. To do this, issue the Unicenter CA-MIM command “F MIM,D INIT” and review the results. To determine if PROCESS=ALLSYSTEMS or PROCESS=SELECT is in effect, review the MIM1019I command response message.
- Add the definitions depending on which mode is running, as follows:
- ALLSYSTEMS processing mode -- If you are running Unicenter CA-MII in ALLSYSTEMS mode, add the following ENQ management definitions for CA Endevor SCM in the Unicenter CA-MII MIMQNAME parameter library member.CTLIELEM GDIF=YES,SCOPE=SYSTEMS,EXEMPT=NO,ECMF=YES,RPTAFTER=30,RPTCYCLE=60CTLIPROC GDIF=YES,SCOPE=SYSTEMS,EXEMPT=NO,ECMF=YES,RPTAFTER=30,RPTCYCLE=60ENDEVOR GDIF=YES,SCOPE=SYSTEMS,EXEMPT=NO,ECMF=YES,RPTAFTER=30,RPTCYCLE=60SPFEDIT GDIF=YES,SCOPE=SYSTEMS,EXEMPT=YES,ECMF=YES,RPTAFTER=0,RPTCYCLE=60SYSIEWLP GDIF=YES,SCOPE=SYSTEMS,EXEMPT=NO,ECMF=YES,RPTAFTER=30,RPTCYCLE=60
- SELECT processing mode -- If you are running Unicenter CA-MII in SELECT mode, add the following ENQ management definitions for CA Endevor SCM in the Unicenter CA-MII MIMQNAME parameter library member.CTLIELEM GDIF=YES,SCOPE=SYSTEMS,EXEMPT=NO,ECMF=YES,RPTAFTER=30,RPTCYCLE=60CTLIMSTR GDIF=YES,SCOPE=SYSTEMS,EXEMPT=NO,ECMF=NOCTLIPROC GDIF=YES,SCOPE=SYSTEMS,EXEMPT=NO,ECMF=YES,RPTAFTER=30,RPTCYCLE=60ENDEVOR GDIF=YES,SCOPE=SYSTEMS,EXEMPT=NO,ECMF=YES,RPTAFTER=30,RPTCYCLE=60SPFEDIT GDIF=YES,SCOPE=SYSTEMS,EXEMPT=YES,ECMF=YES,RPTAFTER=0,RPTCYCLE=60SYSIEWLP GDIF=YES,SCOPE=SYSTEMS,EXEMPT=NO,ECMF=YES,RPTAFTER=30,RPTCYCLE=60
GRS Definitions
If you are using IBM Global Resource Serialization (GRS), the following queue name considerations apply:
- There should be no reason to have INCL statements for CA Endevor SCM QNAMEs. Using the CON will convert the RESERVE on the volume, and by default GRS will include the SCOPE=SYSTEMS enqueue for global propagation.
- Only the QNAMES of SPFEDIT, SYSIEWLP, ENDEVOR and CTLIMSTR are used with RESERVE W/SCOPE=SYSTEMS + UCB locks. The remaining QNAMES, CTLIPROC, and CTLIELEM are used with ENQUEUEW/SCOPE=SYSTEMS.
Sample definition for when your site decides to CONVERT RESERVEs:
/***********************************************************//* RESOURCE NAME LIST FOR CA ENDEVOR SCM *//***********************************************************/RNLDEF RNL(CON) Type(GENERIC) QNAME(CTLIMSTR)RNLDEF RNL(CON) Type(GENERIC) QNAME(SPFEDIT)RNLDEF RNL(CON) Type(GENERIC) QNAME(SYSIEWLP)RNLDEF RNL(CON) Type(GENERIC) QNAME(ENDEVOR)
How to Define CA Endevor SCM to the ISPF Environment
CA Endevor SCM must be defined to the ISPF environment. Identify the CA Endevor SCM data sets to ISPF, using a CLIST or existing logon procedures.
Before you define CA Endevor SCM to the ISPF environment, consider the following information:
- Many factors influence the region size required to execute CA Endevor SCM. These factors include split-screen processing, the use of CA Panvalet or CA Librarian, the maximum size of elements, whether sort work areas are defined in the CLIST, and whether ISPF resides in the LPA. A region size of 4096KB is sufficient for most installations.
- The delivered CLIST library (yourHLQ.CSIQCLS0) is fixed block (FB). If your existing CLIST libraries are variable blocked (VB), use the TSO utilities to create a VB file.
To identify the data sets to ISPF, do the following:
- Identify the files to ISPF using one of the following methods:
- Use the ISPF LIBDEF Services. (We recommend this method.)
- Use the TSO FREE and ALLOCATE CLIST services to reallocate the ISPF libraries.
- Allocate all data sets through TSO logon procedures.
- Define an ISPF option for CA Endevor SCM to the main ISPF dialog by adding CA Endevor SCM as a valid option on an ISPF primary or secondary options panel.
- Execute the CLIST.The CLIST is executed automatically when you select the CA Endevor SCM option from the ISPF main dialog.
The ISPF LIBDEF Services Method
You can use the ISPF LIBDEF services to identify CA Endevor SCM libraries to the ISPF environment. Use member ENDEVOR provided in the installed CSIQCLS0 library. We recommend this approach.
For the Japanese installation, edit the ENDEVOR member to include the Japanese panel and menu library names in the appropriate data set concatenations. For more information, see Edit ENDEVOR Member for Japanese Installation.
Copy the CLIST to a data set that is allocated to the standard SYSPROC DD concatenation.
If the authorized CA Endevor SCM load modules have not been placed in LPA, LINKLIST, or STEPLIB libraries, you can use the ISPF ISPLLIB DD statement instead. However, allocation of an authorized library under ISPLLIB may not support all necessary system authorization requirements. Allocate ISPLLIB to the CA Endevor SCM authorized load libraries before invoking ISPF.
The CLIST you see at your site is an edited version, reflecting the information entered during the installation of the INSTALL job. After you create the CLIST, change an ISPF primary or secondary options panel to include an option for CA Endevor SCM.
Modify your ISPF panel similar to the following sample ISPF/PDF Primary Option Menu. The sample panel has been modified to add option E for CA Endevor SCM. When you select this option, the ENDEVOR CLIST is invoked to begin the CA Endevor SCM dialog.
The following lines, which are shown in bold in the sample, enable users to access CA Endevor SCM.
- E +Endevor - Endevor Software Management System --Indicates what the user enters to select CA Endevor SCM.
- E,'CMD(Endevor)' --Indicates that the ENDEVOR CLIST is to be executed when the defined option is selected.
%---------------------- ISPF/PDF PRIMARY OPTION MENU ----------------------%OPTION ===>_ZCMD +% +USERID - &ZUSER % 0 +ISPF PARMS - Specify terminal and user parameters +TIME - &ZTIME % 1 +BROWSE - Display source data or output listings +TERMINAL - &ZTERM % 2 +EDIT - Create or change source data +PF KEYS - &ZKEYS % 3 +UTILITIES - Perform utility functions% 4 +FOREGROUND - Invoke language Processors in foreground% 5 +BATCH - Submit job for language processing% 6 +COMMAND - Enter TSO Command, CLIST, or REXX exec% 7 +DIALOG TEST - Perform dialog testing% 8 +LM UTILITIES- Perform library administrator utility functions% 9 +IBM PRODUCTS- Additional IBM program development products% 10 +SCLM - Software Configuration and Library Manager% E +Endevor - Endevor Software Management System% C +CHANGES - Display summary of changes for this release% T +TUTORIAL - Display information about ISPF/PDF% X +EXIT - Terminate ISPF using log and list defaults%+Enter%End+command to terminate ISPF.)INIT)PROC&ZQ = &Z IF (&ZCMD ¬= ' ') &ZQ = TRUNC(&ZCMD,'.') IF (&ZQ = ' ') .MSG = ISRU000 &ZSEL = TRANS( &ZQ 0,'PANEL(ISPOPTA)' 1,'PGM(ISRBRO) PARM(ISRBRO01)' 2,'PGM(ISREDIT) PARM(P,ISREDM01)' 3,'PANEL(ISRUTIL)' 4,'PANEL(ISRFPA)' 5,'PGM(ISRJB1) PARM(ISRJPA) NOCHECK' 6,'PGM(ISRPTC)' 7,'PGM(ISPYXDR) PARM(ISR) NOCHECK' 8,'PANEL(ISRLPRIM)' 9,'PANEL(ISRDIIS)' 10,'PGM(ISRSCLM) NOCHECK'E,'CMD(Endevor)'C,'PGM(ISPTUTOR) PARM(ISR00005)' T,'PGM(ISPTUTOR) PARM(ISR00000)' ' ',' ' X,'EXIT' *,'?' ) &ZTRAIL = .TRAIL)End
The TSO FREE and ALLOCATE Method
You can use the TSO FREE and ALLOCATE services to identify CA Endevor SCM libraries to the ISPF environment. Use the CLIST provided on the installation cartridge, member BC1PCLS1 in the CSIQCLS0 library.
For the Japanese installation, edit the BC1PCLS1 member to include the Japanese panel and menu library names in the appropriate data set concatenations. For more information, see Edit BC1PCLS1 Member for Japanese Installation.
The CLIST must be copied to a data set in the standard SYSPROC DD concatenation and must be invoked at LOGON time.
The CLIST you see at your site is an edited version, reflecting the information entered during the installation of the INSTALL job.
After you define the CLIST, change an ISPF primary or secondary options panel to include an option for CA Endevor SCM. In the following sample, the ISPF/PDF Primary Option Menu has added option E for CA Endevor SCM. Whenever you select this option, CA Endevor SCM is automatically invoked. The first bold line indicates what to enter to select CA Endevor SCM. The second line indicates that the CA Endevor SCM program should be executed when the defined option is selected.
Modify your ISPF panel similar to the following sample panel.
%---------------------- ISPF/PDF PRIMARY OPTION MENU ----------------------%OPTION ===>_ZCMD +% +USERID - &ZUSER % 0 +ISPF PARMS - Specify terminal and user parameters +TIME - &ZTIME % 1 +BROWSE - Display source data or output listings +TERMINAL - &ZTERM % 2 +EDIT - Create or change source data +PF KEYS - &ZKEYS % 3 +UTILITIES - Perform utility functions% 4 +FOREGROUND - Invoke language Processors in foreground% 5 +BATCH - Submit job for language processing% 6 +COMMAND - Enter TSO Command, CLIST, or REXX exec% 7 +DIALOG TEST - Perform dialog testing% 8 +LM UTILITIES- Perform library administrator utility functions% 9 +IBM PRODUCTS- Additional IBM program development products% 10 +SCLM - Software Configuration and Library Manager% E +Endevor - Endevor Software Management System% C +CHANGES - Display summary of changes for this release% T +TUTORIAL - Display information about ISPF/PDF% X +EXIT - Terminate ISPF using log and list defaults%+Enter%End+command to terminate ISPF.)INIT)PROC&ZQ = &Z IF (&ZCMD ¬= ' ') &ZQ = TRUNC(&ZCMD,'.') IF (&ZQ = ' ') .MSG = ISRU000 &ZSEL = TRANS( &ZQ 0,'PANEL(ISPOPTA)' 1,'PGM(ISRBRO) PARM(ISRBRO01)' 2,'PGM(ISREDIT) PARM(P,ISREDM01)' 3,'PANEL(ISRUTIL)' 4,'PANEL(ISRFPA)' 5,'PGM(ISRJB1) PARM(ISRJPA) NOCHECK' 6,'PGM(ISRPTC)' 7,'PGM(ISPYXDR) PARM(ISR) NOCHECK' 8,'PANEL(ISRLPRIM)' 9,'PANEL(ISRDIIS)' 10,'PGM(ISRSCLM) NOCHECK'E,'PGM(C1SM1000) NEWAPPL(CTL1) NOCHECK'C,'PGM(ISPTUTOR) PARM(ISR00005)' T,'PGM(ISPTUTOR) PARM(ISR00000)' ' ',' ' X,'EXIT' *,'?' ) &ZTRAIL = .TRAIL)End
The TSO Logon Procedure Method
You can allocate the CA Endevor SCM data sets through your existing TSO logon procedures. Allocate the data sets as follows:
DDnames | Library Created by the INSTALL Jobs |
SYSPROC | iprfx.iqual. CSIQCLS0 |
ISPPLIB | iprfx.iqual. CSIQPJPN (Japanese panels for installation of Japanese version)iprfx.iqual. CSIQPENU |
ISPSLIB | iprfx.iqual. CSIQSENU |
ISPMLIB | iprfx.iqual .CSIQMJPN (Japanese messages for installation of Japanese version)iprfx.iqual .CSIQMENU |
CONLIB | iprfx.iqual. CSIQLOAD (if not in LINKLIST or LPA) |
ISPTLIB | iprfx.iqual. CSIQTENU |
After you copy these libraries to the logon procedure, change an ISPF primary or secondary options panel to include an option for CA Endevor SCM.
For more information about how to add an option for CA Endevor SCM, see The TSO FREE and ALLOCATE Method.
How to Secure Your Data Sets
The CA Endevor SCM Alternate ID allows you to secure CA Endevor SCM data sets from updates outside of CA Endevor SCM while allowing users to perform functions that update those data sets from within CA Endevor SCM. Before any action that accesses a CA Endevor SCM data set, the Alternate ID is swapped for the user's ID and access is performed using the Alternate ID.
We recommend that you use the Alternate ID to secure your data sets. For more information, see "Implementing Data Set Security" in Securing. Typically, you secure a high level qualifier as READ/WRITE for CA Endevor SCM, READ/WRITE/UPDATE for the Administrator, and READ for all others.
To secure your CA Endevor SCM data sets, complete the following steps:
- Define a user ID for CA Endevor SCM to use as an Alternate ID to your security software product (CA Top Secret, CA ACF2 or RACF).
- Grant the Alternate ID CONTROL access to all CA Endevor SCM VSAM files and UPDATE access to Source Output and any other libraries and files that are to be written to.A single HLQ (uprfx) is used in the Rapid Implementation setup job, so you can grant access to all the data sets using one rule. For example, this rule grants access to all the uprfx data sets: "uprfx.** R(A) W(A) C(A)"
- Update the RACFUID= parameter in your C1DEFLTS table to supply the Alternate ID.
How to Establish Functional Security
The External Security Interface (ESI) allows you to establish security rules for access to your Environments, Systems, Subsystems, actions, and so on, within CA Endevor SCM. This is accomplished by defining pseudo data set names and functional access levels in the ESI table (BC1TNEQU) that are tested against the user's access level through the SAF (Security Authorization Facility) interface.
To secure access to functions, complete the following steps:
- Secure access to functions by defining pseudo data set names and functional access levels in the External Security Interface (ESI) table (member BC1TNEQU).
- The security settings are tested against the user's access level through the Security Authorization Facility (SAF) interface.
For more information about functional security, see Securing.