Concurrent Action Processing

cedraft
The following information explains how to enable, understand, activate, and manage the Concurrent Action Processing (CAP) feature to speed the processing of batch jobs and packages.
2
To enable CAP, the
CA Endevor
administrator requires the assistance of the following roles:
  • CA Common Services (CCS) administrator (or systems programmer): This role is required to enable the CCS Common Communications Interface (CAICCI) Spawn facility for CAP.
  • Security administrator: This role is required to configure your site security software to allow the spawn facility to function for CAP. This role is also required if you want to limit who can activate CAP.
How to Enable and Secure Concurrent Action Processing
As a change manager (
CA Endevor
administrator), you can enable the CAP to speed the processing of batch jobs and packages. CAP causes certain element action requests to be executed concurrently. This method of processing reduces the elapsed time that it takes to process multiple actions.
To set up this feature, you need your CCS administrator (or systems programmer) and your site security administrator. Optionally, you can limit who can use CAP.
This diagram shows how you enable CAP and, optionally, how you secure user access to CAP.
How to Enable and Secure Concurrent Action Processing
How to Enable and Secure Concurrent Action Processing
How to Enable CAP
To enable CAP, the following roles and tasks are involved:
  • CA Endevor
    administrator
    This role completes the following steps:
    1. Ask your CCS administrator to perform the task Enable the CAICCI Spawn Facility for CAP. Also, ask them to let you know when they have completed this task.
    2. Ask your Security administrator to perform the task Enable Spawn for CAP in Security Software. Also, ask them to let you know when they have completed this task.
  • CCS administrator
    This role completes the following steps:
    1. Enable the CAICCI Spawn Facility for CAP.
    2. Inform the
      CA Endevor
      administrator that the CAICCI Spawn Facility for CAP task is done.
  • Security administrator
    This role completes the following steps:
    1. Enable the spawn facility for CAP in your security software. Depending on the security software in use at your site, complete one of the following tasks:
    2. Inform the
      CA Endevor
      administrator that your site security software is configured to enable the spawn facility CAP.
How to Secure User Access to CAP
Optionally, you can limit who can use CAP. To secure user access to CAP, the following roles and tasks are involved:
  • CA Endevor
    administrator
    This role completes the following steps:
    1. Ask your security administrator to enable user access to CAP in your security software. Also, ask them to let you know when they have completed this task.
  • Security administrator
    This role completes the following steps:
    1. Enable users read access to CAP in your security software -- The security administrator enables user access in the site security software to the pseudo data set that the
      CA Endevor
      administrator defined as the security checkpoint for CAP. Details on how to enable access to a data set are not included in the
      CA Endevor
      documentation, because this is a usual procedure.
    2. Inform the
      CA Endevor
      administrator that the task to enable user access to the CAP data set is done.
Review Prerequisites
Before users can submit batch jobs or packages for Concurrent Action Processing, the following prerequisites are required:
  • Review how Type Sequencing is enabled.
    Type Sequencing causes the batch processing of element actions to occur in a Type sequence that is defined at the site level. CAP uses this feature to determine which actions can be processed simultaneously. You can make CAP more efficient by including a category definition for Types that can be processed simultaneously. For more information about Type Sequencing, see How Type Sequencing Affects Concurrent Action Processing. For more information about enabling Type Sequencing, see the scenario
    Type Sequencing
    .
  • Before enabling CAP, the
    CA Endevor
    administrator must understand how CAP works to properly set the spawn parameters. Review the following topics, which explain CAP processing:
  • Verify that the following CCS components are installed and running on your z/OS mainframe that hosts
    CA Endevor
    :
    • CAIENF
      The Event Notification Facility enables concurrent action processing through the component CAICCI Communication Interface.
    • CAICCI
      The Common Communications Interface is required only if you want to use CAP, Web Services, the Eclipsed-Based UI, or CA CMEW.
    CA Endevor
    uses the CCS Resource Initialization Manager (CAIRIM) component for product license authorization. CAIRIM is mandatory to run
    CA Endevor
    , whether your site uses CAP or CA CMEW. For information about how to determine if the components are installed, see Verify CA Common Services are Running.
  • (Optional) Enable IBM z/OS VSAM Record Level Sharing (RLS) facility to manage your
    CA Endevor
    VSAM data sets. These data sets include all Master Control Files (MCFs), Element catalog and EINDEX, and the package data set.
    RLS improves VSAM performance and, so, improves the performance of CAP.
  • Ensure that the C1DEFLTS referenced in the routing region JCL is the same as the C1DEFLTS referenced in the procedure JCL for the action request regions.
  • Verify that your exits work as expected.
    User exits are called in the routing region and action request regions. A summary of these exits is shown in the following table.
    Exit Number
    Where Called
    When Called
    1
    Routing Region, Action Request Region
    After security calls
    2
    Action Request Region Only
    Before action is executed
    3
    Action Request Region Only
    After action is executed
    4
    Action Request Region Only
    Called before exit 2 for add, update, retrieve
    5
    Routing Region, Action Request Region
    Called once in each job
    6
    Routing Region, Action Request Region
    Called once in each
    CA Endevor
    termination
    7
    Routing Region, Action Request Region
    Called once in each
    CA Endevor
    startup
Certain requirements apply to the SCL requests in the jobs that are submitted for processing. Element names cannot be wildcarded. Additionally, the To and From statements on all Add, Update, and Retrieve actions must reference cataloged data sets. For more information about SCL requests, see SCL Requirements for CAP.
Concurrent Action Processing Overview
CAP speeds up the processing of batch jobs and packages. CAP causes certain element action requests to be executed concurrently, thus reducing the elapsed time that it takes to process multiple actions.
CAP uses Type Sequencing to determine which actions can be processed simultaneously. The CAP facility processes certain element actions of the same type concurrently, and must complete the processing of all actions of the same type before starting to process elements of the next type. However, any action types that are not defined in the Type Sequence can be processed concurrently with any other action. The following actions can be processed concurrently: ADD, ALTER, UPDATE, RETRIEVE, MOVE, GENERATE, DELETE, SIGNIN, and TRANSFER
CA Endevor
to
CA Endevor
. All other actions on the request are processed serially.
The administrator can specify whether CAP is allowed and how many additional started tasks a single job can create for concurrent processing. These parameters are set in the C1DEFLTS table. Through the External Security Interface, the administrator can limit who is authorized to use CAP. This method of processing is not initiated automatically; users must request CAP at the job level.
CAP with CA CM Enterprise Workbench is available only for packages and enterprise packages, not for element actions.
How Concurrent Action Processing Works
CAP dynamically creates additional server address spaces to process certain actions concurrently. This processing method reduces the elapsed time that is required to process large numbers of actions. Thus CAP speeds the processing of batch jobs and packages.
When CAP is requested, the request is processed in the following manner:
  1. Any actions that are wildcarded or masked, are expanded and the actions are sorted in type sequence order to create a chain of element action requests.
    Only use wildcarding or masking when you are submitting one action (for example, all Add actions) in the same job, to avoid unpredictable results.
  2. Any actions that use an archive file as input, such as RESTORE, LIST from archive file, and TRANSFER, are executed serially in the routing region. These actions run serially in the routing region.
  3. Before execution of other actions,
    CA Endevor
    determines whether CAP is enabled and the user is authorized in the following order:
    1. CA Endevor
      determines whether Type Sequencing is enabled.
    2. If Type Sequencing is enabled, the request JCL is examined for the presence of an EN$CAP or EN$CAPnn DD card. These parameters indicate whether the JCL requests Concurrent Action Processing.
    3. If the JCL requests CAP, the C1DEFLTS parameters SPAWN and SPAWNCNT values are checked to see if CAP is enabled.
    4. A check is made through the External Security Interface to determine whether the user is authorized to request Concurrent Action Processing.
    If any of these conditions are
    not
    met, all actions are processed serially.
  4. If CAP was requested and is permitted as verified in step 3, the chain of action requests that remains from step 1 and 2 is examined. Any ADD, UPDATE, or RETRIEVE requests found in the chain are then preprocessed as follows.
    1. Any DDNAME is translated to a data set name; that is, the DDNAME is localized. These data set names are created in the following manner.
      • When a
        CA Endevor
        server allocates a pseudo-temporary data set name,
        CA Endevor
        builds the name using a jobnumber node in the
        CA Endevor
        generated name, rather than the jobname. This is necessary to avoid data set contention among the action request regions.
      • Sometimes,
        CA Endevor
        requests that the system generated names of temporary data sets be unique in the system. This is done to avoid data set contention among servers. Currently, when
        CA Endevor
        allocates a temporary data set that is to have a system generated name, it does so by specifying a DALDSNAM text unit. This causes the temporary data set name to have the following form, which may
        not
        be unique:
      SYSyyddd.Thhmmss.RA000.jobname.dsname.Hnn SYSyyddd.Thhmmss.RA000.jjobname.Rggnnnnn
      However, in an action request region that is created for CAP,
      CA Endevor
      may eliminate the DALDSNAM for some temporary data sets. This action causes a name to be generated with the following form, which is unique:
      For temporary data sets created and deleted in the same processor step (that is, allocated with DISP=(NEW,DELETE,DELETE), or with no DISP at all), the DALDSNAM is not eliminated. This means that such data sets are
      always
      generated as SYSyyddd.Thhmmss.RA000.jobname.dsname.Hnn, even with Concurrent Action Processing. Therefore, contention is still possible with such data sets.
    2. The data set specified (using the DSNAME or DDNAME parameter) is checked to determine if it is a cataloged data set. If any data set refers to an uncataloged file (for example, a SYSIN/SYSOUT data set, a temporary data set or a non-SMS data set with a disposition of NEW), CAP cannot be enabled, and the actions are processed serially.
      If you use exit 4 programs to alter input and output files before the execution of an ADD, UPDATE, or RETRIEVE action, the data sets specified in the SCL must be cataloged data sets. This requirement applies even if the user has an exit 4 program that changes the data set names.
  5. Action request regions are created equal to the SPAWNCNT value set in the C1DEFLTS table. However, if the SPAWNCNT value was overridden on the job request, that value is used to determine the maximum number of action request regions. The value can be changed for a specific job in the following manner:
    • For batch requests, by using the EN$CAPnn DD card on a batch job request JCL.
    • For foreground requests, by using the Concurrent Number field on the Submit Package panel or the Batch Options Menu.
    Note:
    If
    CA Endevor
    is called from a processor, it will not create any servers. In addition, if an action request region is created during concurrent action processing, it will not create additional servers.
  6. The actions ADD, ALTER, UPDATE, RETRIEVE, MOVE, GENERATE, DELETE, SIGNIN, and TRANSFER (
    CA Endevor
    to
    CA Endevor
    ) are dispatched to action request regions. Actions that can be processed simultaneously are routed from the routing region of the originating job to the action request regions and processed concurrently.
    • The
      routing region
      is the batch job, TSO session, or CA CM Enterprise Workbench session that has requested that actions be processed concurrently.
    • Action request regions
      are the started tasks that are created to process the actions. Multiple action request regions are created. They receive individual action requests from the routing region, process them, and send the results back.
    CAP uses Type Sequencing to determine which actions can be processed simultaneously. Type Sequencing determines whether actions can be processed concurrently. Elements in the same type sequence can be processed concurrently. Also, elements that are not listed in the type sequence can be processed concurrently with any element. There is no guarantee that actions on elements in the same type sequence (or on elements that are not type sequenced) are processed in the order in which they appear in the SCL. However, actions against the same element name are processed serially and in the order in which they appear in the SCL, provided the element names are explicit. One action must complete before the next is dispatched.
    If you specify AUTOGEN, SCL requests are fully resolved based on current inventory contents before any actions are processed. For example, suppose that you have a GENERATE action with the AUTOGEN option and several MOVE actions in the same request. The MOVE actions do not include any of the additional elements that are copied back as a result of the GENERATE action.
  7. After all other actions have completed processing, the actions PRINT, ARCHIVE, LIST, and TRANSFER to archive data set are performed serially in the routing region.
How Type Sequencing Affects Concurrent Action Processing
Type sequencing is required when using Concurrent Action Processing (CAP). You can make CAP more efficient by including a category definition for Types that can be processed simultaneously. Categories are defined in the Type Sequence table.
Specifying a category in the Type Sequencing table does not affect how sequenced Type and nonsequenced Type requests are built and sorted. The category only affects how the actions are dispatched by Concurrent Action Processing.
CAP processes requests as follows:
  1. When
    CA Endevor
    is dispatching element actions to process concurrently, it refers both to the Type and to the category associated with the Type when deciding which action requests to dispatch.
    1. If the next request in the sequenced Type chain contains the same category value as the previous request, that element action can be dispatched to an available STC.
      With categories,
      CA Endevor
      continues dispatching element actions from the sequenced Type chain as long as the category value matches the previous request. Available STCs only have to wait if sequenced Type requests from one category value are still processing and there are no non-sequenced Type requests to process.
    2. If the next request does not have the same category value,
      CA Endevor
      attempts to dispatch a request from the nonsequenced Type chain.
      Without categories, element actions of the next sequenced Type number have to wait until all actions of the previous sequenced Type have completed processing. Nonsequenced Type element actions are then dispatched as STCs become available or after all the sequenced Type requests are dispatched. Available STCs remain idle if there are sequenced Type requests still processing, and there are no requests from the nonsequenced Type chain to process.
  2. When all the requests have been processed for a particular sequenced Type and category,
    CA Endevor
    begins processing requests for the next sequenced Type.
  3. When all requests from the sequenced Type chain have been completed, any remaining requests from the nonsequenced Type chain are then dispatched.
Enable Spawn Parameters for CAP
The CAP option requires that you enable spawn parameters in the Defaults table (C1DEFLTS). CAP uses the parameters to spawn address spaces that allow multiple element actions to be processed simultaneously.
Follow these steps:
  1. Open the C1DEFLTS member that is located in the
    iprfx.iqual
    .CSIQSRC.
  2. Change SPAWN=N to SPAWN=Y in the TYPE=MAIN section of the C1DEFLTS table.
    The spawn function for CAP is set to enable CAP.
  3. Set the following parameters in the C1DEFLTS table.
    • SPAWNCNT=
      n
      Specifies the default number of spawned regions that are started when CAP is used. Valid values are 2 through 99, but it cannot exceed the value of the parameter SPAWNMAX. The field can also be set to 0 to disable CAP when SPAWN=Y. If SPAWN=N, SPAWNCNT must be set to 0.
    • SPAWNMAX=
      n
      Specifies the maximum number of tasks that a single job can spawn. Valid values are 2 through 99. The field can also be set to 0 to disable CAP if SPAWN=Y. If SPAWN=N, SPAWNMAX must be set to 0.
      The CCS Communications Interface (CAICCI) SERVICE definition MAX#_PROCESSES can be used to limit the total number of service processes on a system.
    • SPAWNPROC=
      CAP_server_name
      Specifies the one to eight-character name of the CAP server. This name must be a CAICCI SERVICE definition service_name and a started task procedure name. A name is only required if the SPAWN=Y.
    If SPAWN=Y and SPAWNCNT=0, CAP is disabled. However, users can override the SPAWNCNT value for a specific job by using the EN$CAP
    nn
    DDNAME on the job request JCL. However, users cannot override the SPAWNMAX value.
    Press End.
    Your changes to C1DEFLTS are saved. The spawn parameters are set according to your preferences. The Edit session ends and the Edit Entry Panel opens.
  4. Complete the fields to select the BC1JTABL member located in the installation library
    iprfx.iqual
    .CSIQJCL. Press Enter.
    The sample JCL BC1JTABL opens in an ISPF Edit panel.
  5. Edit the sample JCL BC1JTABL found in
    iprfx.iqual
    .CSIQJCL to your installation standards. Execute the job.
    The Defaults table is assembled, link-edited, and stored as member C1DEFLTS in your APF-authorized user library, iprfx.iqual.CSIQAUTU. The spawn parameters are enabled for CAP processing. However, CAP cannot be used until the CAICCI Spawn Facility is enabled for CAP.
Instead of steps 4 and 5, you can assemble and link-edit C1DEFLTS using an SMP/E USERMOD.
Example: C1DEFLTS Spawn Parameters for CAP
In this example, the C1DEFLTS table spawn parameters are set to enable CAP. The spawn facility for CAP is activated, because SPAWN=Y. When CAP is used, CAICCI uses the spawn procedure ENDEVOR. Eight spawn regions are started and one job can spawn a maximum of 99 address spaces.
SPAWN=Y ACTIVATE THE SPAWN FACILITY SPAWNCNT=8, SPAWN COUNT SPAWNMAX=99, MAXIMUM SPAWN COUNT SPAWNPROC=ENDEVOR, NAME OF SPAWN PROC
Ask your CCS administrator (or systems programmer) to enable the CAICCI Spawn Facility for CAP. Also, ask the administrator to let you know when they have completed this task.
Enable the CAICCI Spawn Facility for CAP
CAP uses the CCS Common Communications Interface (CAICCI) Spawn facility. This facility spawns multiple address spaces to enable multiple actions to be processed simultaneously. The following setup steps are required to use the spawn facility:
  • A CAP spawn parameter definition file must be appended to the SPNPARMS DD in the CA Event Notification Facility (CAIENF) procedure.
  • The spawn parameter file must be customized. The customization specifies the started task to enable the spawn facility to spawn address spaces in the z/OS environment where
    CA Endevor
    is installed.
Follow these steps:
  1. Open the CAIENF member located in your CAI.CAIPROC library.
    If CAIENF is not in the CAI.CAIPROC library, your system administrator could have copied the CAIENF member to your system PROCLIB.
  2. Append the CAP spawn parameter file definition named SPNPARMS DD to the CAIENF procedure JCL. For example, in the sample JCL below, you add and customize the two lines in bold.
    //ENF PROC OPTLIB='SYS2.CA90S.PARMLIB', // ENFDB='SYS2.CA31.ENFDB', // ENFPARM=ENFPRM31, // SPNPAR1=SPWNSNMP, //
    SPNPARn=ndvspawn,
    // CCIPARM=CCIPCA31, // ENFCMDS=ENFCMD31, //ENF EXEC PGM=CAS9MNGR,TIME=1440 //CASRT01 DD UNIT=SYSDA,SPACE=(CYL,(5,1)) //CASRT02 DD UNIT=SYSDA,SPACE=(CYL,(5,1)) //CASRT03 DD UNIT=SYSDA,SPACE=(CYL,(5,1)) //CASRT04 DD UNIT=SYSDA,SPACE=(CYL,(5,1)) //CASRT05 DD UNIT=SYSDA,SPACE=(CYL,(5,1)) //SPNPARMS DD DISP=SHR,DSN=&OPTLIB(&SPNPAR1) //
    DD DISP=SHR,DSN=&OPTLIB(&SPNPARn)
    //SPNPRINT DD SYSOUT=X //SPNDEBUG DD SYSOUT=X //SRVDEBUG DD SYSOUT=X //ENFDB DD DISP=SHR,DSN=&ENFDB //ENFPARMS DD DISP=SHR,DSN=&OPTLIB(&ENFPARM) // DD DISP=SHR,DSN=&OPTLIB(&CCIPARM) //ENFCMDS DD DISP=SHR,DSN=&OPTLIB(&ENFCMDS) //SYSPRINT DD SYSOUT=X
    • SPNPAR
      n
      Specifies a symbolic for a CAIENF parameter member. The value for
      n
      must be the next sequential number in the list of parameter files for the spawn function.
    • ndvspawn
      Specifies the spawn parameter file for CAP. Throughout this procedure, this file is named ndvspawn. When you save the member in step 4, you can name the member as appropriate for your site.
      However, ensure that you substitute that name wherever ndvspawn is referenced in this procedure, including here in the SPNPARMS DD statement.
    Press End.
    Your changes are saved. The CAP spawn parameter file is defined to the CAIENF procedure for CAICCI. The Edit session closes, and the Edit Entry panel opens.
  3. Open the CAPCCI member, which is located in the installation source library
    iprfx.iqual
    .CSIQOPTN, in an ISPF Edit panel.
  4. Customize the spawn parameters by editing the following CAICCI SERVICE and PROCESS statements in the CAPCCI file. Verify that the procname and the task name are the same. Keep the statements in the exact format provided in the sample file, maintaining spaces and column alignments.
    ******************************************************************** * CCI SERVICE STATEMENTS FOR ENDEVOR ******************************************************************** ENDEVOR SERVICE SERVER_NAME=MVS_START_SERVER, DEALLOCATE=TERMINATE, LOST_CLIENT=DEALLOCATE, MAX#_SERVICES=100, MAX#_CLIENTS=1, MAX#_PROCESSES=100, SERVICE_UNAVAILABLE=START_SERVICE, START=SPAWN_ONLY, SIGNON/NOPASSCHK=SERVICE ******************************************************************** * CCI PROCESS STATEMENTS FOR ENDEVOR ******************************************************************** PROCESS PROCESS_TYPE=MVS_STC, PROCNAME=ENDEVOR,PARM='BC1PCPS0'
    • SERVICE
      statement
      Specifies the host application.
    • PROCESS
      statement
      Specifies the JCL procedure that executes
      CA Endevor
      .
    • PROCNAME=
      procname
      Specifies the name of the started task procedure that the Spawn facility initiates. For example, PROCNAME=ENDEVOR.
    Enter the Save command and specify a name for the spawn parameter file for CAP (ndvspawn).
    The CAP spawn parameter file (ndvspawn) is customized to specify the started task procedure that CAICCI can use to spawn address spaces for CAP. Your changes are saved. The Edit session closes, and the Edit Entry panel opens.
  5. Save the customized file in your CAI.PARMLIB data set as the member
    ndvspawn.
    The file is now saved in a location where CAICCI can use it to spawn address spaces for CAP.
  6. Open the ENDEVOR member, which is located in the CSIQJCL library that is delivered with
    CA Endevor
    , in an ISPF Edit panel.
  7. Edit the sample ENDEVOR started task procedure as appropriate for your site. Enter Copy on the command line and specify the PROCLIB defined to JES where you want to copy the file.
    Your changes are saved. The started task procedure ENDEVOR is available to spawn the address spaces where multiple element actions can be processed simultaneously. The Edit session closes, and the Edit Entry panel opens.
  8. Recycle CAICCI or perform an IPL.
    The changes to CAICCI are in effect. Therefore, the CAICCI SPAWN facility is in effect for CAP and
    CA Endevor
    can process jobs that are submitted with the CAP option. When users submit a batch job or package from foreground panels, the option to specify CAP is available on the panel.
If you use a PROC name other than ENDEVOR, update the other locations where the PROC name is used. Verify the SPAWNPROC parameter in the C1DEFLTS table and the CAICCI Service name and CAICCI PROC in the PROCLIB member all contain the same value. This parameter is also the same name as the PROCNAME= value specified in the CAICCI definitions.
You have now enabled the CAP to speed the processing of batch jobs and packages.
Inform your
CA Endevor
administrator to let them know that the CAICCI SPAWN facility is in effect for CAP.
Verify CA Common Services are Running
The CCS components CAIRIM, CAIENF, and CAICCI must be installed and running on your mainframe. CAIENF and CAICCI are required only if you want to use CAP, the Web Services component, or the companion product CA CMEW. If they are not installed and running, install these services according to the instructions in the Common Services documentation
.
Follow these steps:
  1. Go to the SDSF status display and enter the prefix ENF*.
    If you do not see ENF* active on your system, contact your systems programmer to start it.
  2. If the job is running, select it and search for (Find) CAICCI within the job.
    • If you find CAICCI, CAIENF and CAICCI are running.
    • If you do not find CAICCI, check your site CAI.CAIPROC library to see if the ENF member has been modified to run CAICCI at your site.
      If the ENF member does not exist, contact your CCS administrator (or systems programmer) to determine the status of CAIRIM, CAIENF, and CAICCI on your system.
Setting Up Security for CAP
Your site security administrator must enable the spawn facility for CAP in your security software, depending on the security software in use at your site. The
CA Endevor
administrator must set the security control checkpoint for CAP in
CA Endevor
.
How to Configure CA Top Secret for CAP
For the CA Event Notification Facility (CAIENF) to spawn the SPAWNPROC defined to the C1DEFLTS table, the task must be defined to your security software package with a corresponding default user ID. Using these definitions, CAIENF will start the spawned task. The task will start under the security context of the default user ID, but then switch security context to that of the user submitting the
CA Endevor
job.
In the following description ENDEVOR is used as both the SPAWNPROC started task name and its corresponding user ID. If your site already has user ID ENDEVOR defined as the alternate user ID, do not use ENDEVOR for your task name or task user ID. Instead, select a different value. The alternate ID (ALTID) is defined in the C1DEFLTS table as RACFUID=ENDEVOR.
If your site uses CA Top Secret:
  1. Define a new facility name ENDEVOR for CAP. To do so, add the following definitions to the Top Secret Security parameter file (specified by the PARMFIELD DD statement):
    * USERnn FACILITY FOR * FAC(USERnn=NAME=ENDEVOR) FAC(ENDEVOR=
    xxxx
    )
    Where
    xxxx
    is any other facility control options to be set other than the defaults. The facility can be defined dynamically using the TSS MODIFY command. For example:
    TSS MODIFY(FAC(USER
    nn
    =NAME=ENDEVOR)) TSS MODIFY(FAC(ENDEVOR=
    xxxx
    ))
    The TSS MODIFY command is only valid until the next recycle of CA Top Secret.
  2. Define a new ACID named ENDEVOR:
    TSS CRE(ENDEVOR) NAME(
    endevor user-id
    ?) TYPE(USER) FAC(STC,ENDEVOR) PAS(xxxx,0) TSS ADD(ENDEVOR) FAC(STC)
    CA Top Secret recommends that all started task (STC) ACIDs be given a password and that OPTIONS(4) be set in the CA Top Secret parameter file. OPTIONS(4) eliminates the prompt for a password when the STC starts. However, if someone tries to log on with the STC ACID, that person must know the password.
    The NODSNCHK, NORESCHK, and NOSUBCHK bypass attributes on the ENDEVOR ACID may be required. If not, verify that the ACID is authorized to access all the files and resources it requires.
  3. Give the ENDEVOR ACID a MASTFAC definition:
    TSS ADD(ENDEVOR) MASTFAC(ENDEV0R)
  4. Assign userid ENDEVOR as the default ACID for the CAICCI spawned task ENDEVOR:
    TSS ADD(STC) PROCNAME(ENDEVOR) ACID(ENDEVOR)
  5. Grant each user of CA SCM for Mainframe access to the ENDEVOR facility:
    TSS ADD(USER-ID) FAC(ENDEVOR
    For more information about defining a new facility, see
    CA Top Secret Control Options
    . For more information about the CRE and ADD commands, see
    CA Top Secret Command Functions
    .
How to Configure CA ACF2 for CAP
For the CA Event Notification Facility (CAIENF) to spawn the SPAWNPROC defined to the C1DEFLTS table, the task must be defined to your security software package with a corresponding default user ID. Using these definitions, CAIENF will start the spawned task. The task will start under the security context of the default user ID, but then switch security context to that of the user submitting the
CA Endevor
job.
In the following description ENDEVOR is used as both the SPAWNPROC started task name and its corresponding user ID. If your site already has user ID ENDEVOR defined as the alternate user ID, do not use ENDEVOR for your task name or task user ID. Instead, select a different value. The alternate ID (ALTID) is defined in the C1DEFLTS table as RACFUID=ENDEVOR.
To configure CA ACF2 for CAP:
  1. Create an STC logon ID named ENDEVOR for the Concurrent Action Processing Started task:
    ACF INSERT ENDEVOR NAME(ENDEVOR) STC
  2. Verify that the ENDEVOR logon ID is defined with site-specific logon ID fields such as those fields used to create the UID string.
  3. Verify that the ENDEVOR logon ID has access to all the data sets in the ENDEVOR task by writing CA ACF2 security ACCESS rules for the logon ID.
For more information about configuring CA ACF2, see the
CA ACF2 Security Administration Guide
.
How to Configure RACF for CAP
For the CA Event Notification Facility (CAIENF) to spawn the SPAWNPROC defined to the C1DEFLTS table, the task must be defined to your security software package with a corresponding default user ID. Using these definitions, CAIENF will start the spawned task. The task will start under the security context of the default user ID, but then switch security context to that of the user submitting the
CA Endevor
job.
To customize IBM RACF to let the CAP started task initialize correctly:
  1. Define a started task to RACF, using one of the following methods:
    • Define a new profile to the STARTED class (recommended by IBM)
    • Add a new entry in the started procedures table (ICHRIN03)
  2. Assign a RACF user ID to the started task xxxxxxxx and assign the user ID to a RACF group authorized to initiate started procedures. To define a RACF user ID for xxxxxxxx, use the ADDUSER command and associate it with your existing started task RACF group, as follows:
    ADDUSER
    user_name
    DFLTGRP(
    default_group
    ) OWNER(
    default_group
    ) NOPASSWORD
    • user_name
      Specifies the name of the new RACF user ID. This name should be the same as the name of the started task member in your PROCLIB that CAP uses.
    • default_group
      Specifies the default group that contains all system started tasks; for example, STCGROUP.
    This command is only an example. For more information about using the ADDUSER command, see your RACF administrator.
    If you do not know the name of the default group, see your RACF administrator. For detailed information to implement the RACF STARTED class or to modify the started task table (ICHRIN03), see the
    IBM RACF Security Administrator Guide
    .
Set a Security Control Checkpoint for CAP
You can set a security control checkpoint for CAP, by defining a pseudo data set in the
CA Endevor
External Security Interface (ESI). A pseudo data set represents a data set access rule. The pseudo data set does not refer to a physical data set.
The security control checkpoint works with your site security software to determine whether users have authority to use CAP. Your security software must allow users read access to the pseudo data set to authorize users to use CAP. If a user does not have authority to use CAP, actions are processed in the order they are defined for Type Sequencing.
Follow these steps:
  1. Open the External Security Interface (ESI) Name Equates Table, member BC1TNEQU, located in your
    iprfx.iqual
    .CSIQSRC installation library.
  2. Add a NAMEQU CONCURRENT_ACT_PROC entry and specify the L1 and L2 values.
    NAMEQU CONCURRENT_ACT_PROC. L1=('
    high_level_qualifier
    '), L2=('next_level_qualifier')
    • NAMEQU CONCURRENT_ACT_PROC
      Specifies the pseudo data set name that the RACROUTE macro uses to secure CAP processing. Set the following values:
      • L1
        Specifies the high-level qualifier for the data set.
      • L2
        Specifies the next-level qualifier for the data set. We recommend that you specify a value of CAP to make it easy to understand the purpose of pseudo data set.
    Press End.
    Your changes are saved. A pseudo data set name is defined in your ESI Name Equates Table to act as a security checkpoint for CAP. The Edit session closes, and the Edit Entry panel opens.
  3. Assemble and link-edit member BC1TNEQU.
    Now when users request access to CAP, the pseudo data set defined in the ESI acts as a security control checkpoint. If your site security software allows users read access to the pseudo data set, the users have authority to use CAP.
Ask your security administrator to grant read access to the pseudo data set for the users you want to have access to CAP. Also, ask the security administrator to let you know when they have completed this task.
Example: A sample CONCURRENT_ACT_PROC rule for Name Equates Table
In this example, the Name Equates table includes the following entry.
NAMEQU CONCURRENT_ACT_PROC. L1=('C1'), L2=('CAP')
Users who have read authority to the data set library C1.CAP have authority to request CAP.
How to Activate Concurrent Action Processing
To speed up the processing of batch jobs and packages, you can use the CAP option. To activate CAP, an EN$CAP or EN$CAPnn DD statement is required in the job step that executes
CA Endevor
. In addition, the SCL statements in the batch jobs or packages that are submitted for CAP processing, must conform to certain requirements.
To add the DD statement and activate CAP, use one of the following methods:
For more information about SCL requirements, see SCL Requirements for CAP.
Activate CAP in Batch JCL
To speed the processing of batch jobs and packages that contain many actions, you can request CAP in the JCL that executes
CA Endevor
.
Follow these steps:
  1. Verify that the SCL requests meet these requirements:
    • All elements are fully qualified; wildcarding is not used for elements.
    • On any Add, Update, or Request statements, the referenced data sets are cataloged data sets.
  2. Add an EN$CAP or EN$CAP
    nn
    DD statement in the job step that executes
    CA Endevor
    .
    When you submit a job or package for batch processing from foreground panels, the option to specify concurrent action processing is provided on the panel. When you select this option, the EN$CAPnn DD statement is automatically included in the submitted JCL.
    //EN$CAP DD SYSOUT=*
    Specifies that the number of CAP processors that are allowed for this job is equal to the SPAWNCNT value in C1DEFLTS. For Concurrent Action Processing to occur, SPAWN=Y must be coded in C1DEFLTS and SPAWNCNT must be greater than 1.
    //EN$CAPnn DD SYSOUT=*
    nn
    Specifies the maximum number of action request regions that are allowed for a job. This parameter limits the Extended Common Storage Area (ECSA) that is used by CAP.
    00
    - Concurrent action processing will not be used and actions will be processed sequentially.
    02-nn
    - Indicates the maximum number of action request regions that are allowed per job. This value overrides the SPAWNCNT value in C1DEFLTS, but does
    not
    override the SPAWNMAX value in C1DEFLTS. SPAWN=Y must be coded in C1DEFLTS to enable Concurrent Action Processing. To determine what
    nn
    value to specify, use the following formulas. Where x in the formula is the same as the nn value for EN$CAP
    nn
    . To determine the minimum amount of ECSA that must be free before CAP is started,use the following formula: Minimum ECSA = 3.6K*x + 3.2K To determine the maximum amount of ECSA that a CAP job can use, use the following formula: Maximum ECSA = 40.1K*x + 3.2K To determine the size of the ECSA storage area that a CAP job can use that will not use all the ECSA free storage, add 20% to the maximum value, as follows: Maximum ECSA plus 20% = (40.1K*x + 3.2K)1.20
    Your processing preferences are set. When you submit the job, it is processed according to your preferences. If more than one EN$CAP
    nn
    card is included in the JCL for the job step, only the first one is used.
Activate CAP for Packages Submitted in Foreground
To speed the processing of batch jobs and packages that contain many actions, you can request CAP in the JCL that executes
CA Endevor
.
Follow these steps:
  1. Verify that the SCL requests meet these requirements:
    • All elements are fully qualified; wildcarding is not used for elements.
    • On any Add, Update, or Request statements, the referenced data sets are cataloged data sets.
  2. Edit the following options on the
    Submit Package
    panel.
    If CAP is not enabled, the following options are dimmed on the panel.
    • Concurrent Action Processing
      Use this field to indicate whether you want to use concurrent action processing. Valid values are Y and N. The default value when you enter the panel is N. If this feature is not enabled for your site, this option is read-only.
    • Concurrent Number
      Specify the number of concurrent actions that are to be processed. The default is the SPAWNCNT value set in C1DEFLTS. If you overwrite the default but decide you want to use the default, type in the default value or blank out this field. Valid values are 02 through the Max number that is shown on the panel. The Max number is the value of SPAWNMAX specified in the C1DEFLTS.
    Your processing preferences are set. When you submit the job, it is processed according to your preferences.
Activate CAP for Batch Jobs Submitted in Foreground
When you submit a job for batch processing from the foreground Submit Package panel, you can request concurrent action processing.
Follow these steps:
  1. Verify that the SCL requests meet these requirements:
    • All elements are fully qualified; wildcarding is not used for elements.
    • On any Add, Update, or Request statements, the referenced data sets are cataloged data sets.
  2. Edit the following options on the
    Batch Options Menu
    :
    • Concurrent Action Processing
      Use this field to indicate whether you want to use concurrent action processing. Valid values are Y and N. The default value when you enter the panel is N. If this feature is not enabled for your site, this option is read-only.
    • Concurrent Number
      Specify the number of concurrent actions that are to be processed. The default is the SPAWNCNT value set in C1DEFLTS. If you overwrite the default but decide you want to use the default, type in the default value or blank out this field. Valid values are 02 through the Max number that is shown on the panel. The Max number is the value of SPAWNMAX specified in the C1DEFLTS.
    Your processing preferences are set. When you submit the job, it is processed according to your preferences.
SCL Requirements for CAP
When batch jobs or packages are submitted for CAP processing, the SCL statements in these jobs must conform to the following requirements to process properly.
  • Use explicit element names in SCL, if you plan to submit different actions in the same job.
    If you use wildcards in the element or member names, actions against the same element may not be processed in statement order. For example, if you code the following, with the GEN following the ADD statement, the ADD may not complete before the GEN begins:
    ADD ‘*’ TO ENV ‘TESTENV’ SYSTEM ‘TESTSYS’ SUBSYSTEM ‘TESTSBS’ TYPE ‘TESTTYPE’… GEN ‘*’ FROM ENV ‘TESTENV’ SYSTEM ‘TESTSYS’ SUBSYSTEM ‘TESTSBS’ TYPE ‘TESTTYPE’ …
  • You can use wildcards or masking, if you submit one action per job. For example, you can use wildcards when submitting multiple Add actions in the same job.
  • Examine your SCL requests. If your job will use CAP, check all ADD, UPDATE, and RETRIEVE actions ensuring that all data sets referenced by the TO FILE, TO DSNAME, TO DDNAME and FROM FILE, FROM DSNAME, and FROM DDNAME are cataloged data sets. They cannot be uncatalogued, temporary, or JES2 file data sets.
  • If your site uses exit 4 programs to alter input or output files before the execution of an ADD, UPDATE, or RETRIEVE, ensure that the data sets specified in the SCL are cataloged data sets, even if the exit 4 program changes the data set names.
How to Monitor Concurrent Action Processing
To monitor CAP, the
CA Endevor
administrator can use MVS modify commands to view action status. You can issue MVS modify commands to the routing region to determine the status of the actions. Responses are written to the region joblog.
The general format of an MVS modify command is as follows:
F
jobname.identifier,parameters
  • D[ISP] STAT
  • D[ISP] STATS
  • D[ISP] STATISTICS
    Displays statistics.
    A display statistics command returns the following response:
    Number of Completed Requests nnnnnn Number of Executing Requests nn Number of Action Request regIons nn Max Elapsed Time so far nnnnnn Act# num Stmt #num action element type Min Elapsed Time so far nnnnnn Act #num Stmt #num action element type Total Elapsed Time collected so far nnnnnn
  • D[ISP] ACTIVE REQS
  • D[ISP] ACTIVE REQUESTS
    Displays status of currently active action requests. This parameter returns the following response:
    ACT# num Stmt #num ACTIVE ON jobname jobnumber cci-id action element type.
  • D[ISP] SERVERS
    Display the status of spawned servers. If the server is busy processing a request, information about the request appears. This parameter returns the following response:
    REGION jobname jobnumber cci-id status [ACT# nnnn STMT# nnnn action element-type]
    The cci-id status is BUSY, AVAILABLE, or UNINITIALIZED. If the action request region is BUSY, the action number, statement number, action being performed, element being acted upon and the element type are displayed.