Upgrade z/VM in Place

This page documents the steps to follow to upgrade z/VM with vmsecure in place, including the Rules Facility. These steps are an addendum to the procedure in the IBM z/VM Installation Guide.
vmx32besp
This page documents the steps to follow to upgrade z/VM with
VM:Secure
in place, including the Rules Facility. These steps are an addendum to the procedure in the IBM
z/VM Installation Guide.
2
2
Upgrading z/VM 6.2.0 or z/VM 6.3.0 to z/VM 6.4.0
Follow the steps in this section to upgrade z/VM 6.2.0 or z/VM 6.3.0 to z/VM 6.4.0:
  1. Ensure that the userID MIGMAINT that runs the Upgrade in Place process is authorized to LINK to the VMANAGER 1FF disk read-only (RR).
  2. VM:Secure
    requirements that must be met before you begin:
    1. VM:Secure
      3.2 must be installed and deployed.
    2. VM:Secure
      3.2 RSU-1801 must be installed and deployed.
    3. All
      VM:Secure
      3.2 PTFs marked as HIPER must be installed and deployed.
    4. If you are upgrading a SSI cluster, all SSI members must meet these requirements before you begin to upgrade the first member.
  3. Add an ACCOUNT User Exit to
    VM:Secure
    that allows MIGMAINT to add any account code during the Upgrade in Place process.
    The exit EXEC file can be as simple as the following example:
    /* MYACTXIT EXEC */ Exit 0
    Place the file on the
    VMSECURE
    A-disk, and add this line to your PRODUCT CONFIG file (substituting your exit filename):
    USEREXIT ACCOUNT MYACTXIT EXEC
    Note:
    You can remove this exit after the upgrade process is complete.
  4. Verify that all DASD volumes in the 6.2.0 or 6.3.0 system which will hold minidisks that are created during the upgrade process are configured in the DASD CONFIG file.
    These volumes are listed on the worksheets you must complete during the IBM Upgrade in Place procedures. The worksheets are included in the Plan your Installation Upgrade section of the
    z/VM Installation Guide Version 6 Release 4
    .
  5. Add GRANT *ALL TO MIGMAINT to the AUTHORIZ CONFIG file.
  6. Issue the
    VMSECURE
    RULES SYSTEM command and make sure that these entries are present:
    ACCEPT MIGMAINT LINK * * ( NOPASS ACCEPT MAINT620 LINK * * ( NOPASS –or- ACCEPT MAINT630 LINK * * ( NOPASS ACCEPT BLDSEG LINK * * ( NOPASS ACCEPT BLDNUC LINK * * ( NOPASS ACCEPT BLDCMS LINK * * ( NOPASS
  7. Run these steps in the following sections of the
    z/VM Installation Guide Version 6 Release 4
    :
    1. Chapter 16: "Plan Your Upgrade Installation"
    2. Chapter 17: "Set Up For Your Upgrade Installation"
    3. Chapter 18: "Install a z/VM V6.4 Work System For Your Upgrade Installation".
  8. Perform these changes to Chapter 19, "Generate the STAGE1 Changes File":
    1. Before you issue the
      INSTUPGR STAGE1 ( PRIME
      command, LINK and ACCESS the
      VM:Secure
      PUBLIC disk. Use a filemode that is earlier in the search order than the Y-disk, unless you already deployed the PUBLIC files to the Y-disk. We recommend you LINK using virtual address 888 and ACCESS the disk as X/A.
      LINK VMANAGER 193 888 RR ACCESS 888 X/A
    2. Issue the following command:
      INSTUPGR STAGE1 ( PRIME
      If errors occur,
      VM:Secure
      logs problems in the following file:
      UPGDMIXT $LOGFILE E
      Correct the problems and reissue INSTUPGR.
  9. Perform these changes to Chapter 20, "Update Your Current System With the STAGE1 Changes":
    1. Before you issue the
      INSTUPGR STAGE1 ( COMMIT
      command, examine files with the filetype $DIRADD$. STAGE1 PRIME processing generates these files.
    2. Look at all MDISK statements to determine the volume serial numbers of all 640RLx volumes where minidisks exist.
    3. Update the
      VM:Secure
      DASD CONFIG file to include information for z/VM 6.4.0 volumes. Issue VMSECURE CONFIG DASD and do the following tasks:
      1. Add all the 640RLx volumes to the
        VM:Secure
        DASD CONFIG file. Doing so allows minidisks on those volumes to be allocated.
      2. Assign the 640RLx volumes to an allocation subpool.  You can put the 640RLx volumes in the same allocation subpool that contains the 620RLx or 630RLx volumes. Alternatively, you can put the 640RLx volumes in their own subpool.
      3. Allow any full pack minidisks in the MAINT640 directory entry to be created. To do so, add an IGNORE record in the DASD CONFIG file. Examine the list of full pack minidisks in the MAINT640 $DIRADD$ file on MIGMAINT 2CF0. For each of these minidisks, add an IGNORE record such as:
        IGNORE MAINT640 131
    4. LINK and ACCESS the
      VM:Secure
      PUBLIC disk. Use a filemode that is earlier in the search order than the Y-disk, unless you already deployed the PUBLIC files to the Y-disk. We recommend you LINK as address 888 and ACCESS as X/A
      LINK VMANAGER 193 888 RR ACCESS 888 X/A
    5. Issue the following command:
      INSTUPGR STAGE1 ( COMMIT
      If errors occur,
      VM:Secure
      logs problems in the following file:
      UPGDMIXT $LOGFILE E
      Correct the problems and reissue INSTUPGR.
  10. Perform these changes to Chapter 21, "Finish the STAGE1 Upgrade":
    1. Issue
      VMSECURE
      RULES SYSTEM and add the following line:
      ACCEPT MAINT640 LINK * * ( NOPASS
    2. Rework your local modifications, including the CP components added to your system by
      VM:Secure
      . Update the
      VM:Secure
      CP components by using the HCPxxx TEXT files generated by the command:
      VMXCPG ZVM640
      Use the VMXRPI CONFIG file that was used on the system you are upgrading as input to the VMXCPG utility. If you have z/VM 6.3.0-related user IDs in the VMXRPI CONFIG (for instance, MAINT630), add the z/VM 6.4.0 counterparts to the VMXRPI CONFIG before creating the new CP component text decks.
    3. Add the new CP components from VMXCPG to your VMSES CP component. See the procedures in the Rules Facility documentation, in Installing Access Control Interface Exits in the VM Control Program.
      At this time, complete the text deck replacements as indicated in the Rules Facility documentation.
      Do
      not
      run SERVICE or PUT2PROD
      . The IBM Upgrade In Place procedure performs these steps when needed.
    4. If on this system you have installed other
      VM:Manager Suite
      products that require CP modifications, prepare and rework those local modifications for use on z/VM 6.4.0. For more information, see the Product Maintenance and Upgrade sections of the Installation information for each product.
      Verify that you have the VMANAGER VM Product Manager directory diagnose logic for z/VM 6.4.0 available to include in your z/VM 6.4.0 system. Ensure that this file, VMNDLK64 TEXT, is placed on your z/VM 6.4.0 PARM disk. Also ensure that the CPXLOAD statement for the member you are upgrading is updated to reference VMNDLK64 TEXT. See Implementing the Directory Reader and System Information Diagnose Code and When Upgrading z/VM in Place in the
      Mainframe VM Product Manager
      Installation documentation.
      If you run
      VM:Spool
      V/Seg Plus Component,
      you must also update the V/Seg Plus CP local modifications (LOCALMODS) at this time
      . See When Upgrading z/VM in Place in the
      VM:Spool
      V/Seg Plus Component Installation Documentation.
    5. After you review and complete Chapter 21 Steps 1 and 2, then go to Chapter 21 "Step 3. Rework your local modifications" to complete that work. If the IBM
      z/VM Installation Guide
      indicates that this step should be skipped, then skip to item 11 below.
      The SYSLMOD Table entries should resolve as you rework the local modifications. Resolve any other local modification to CP if they are presented in the SYSLMOD table entries panel.
      Failure to resolve all entries that are presented in the SYSLMOD Table results in back-level CP modifications being included in your z/VM 6.4.0 CP nucleus. Back-level modifications can cause system abends and other unpredictable results.
  11. Run the steps in Chapter 22, "Stop Your Production Workload And Backup Your System."
  12. Perform these changes to Chapter 23, "Generate the STAGE2 Changes File":
    1. Before you issue the
      INSTUPGR STAGE2 ( PRIME
      command, LINK and ACCESS the
      VM:Secure
      PUBLIC disk at a filemode earlier in the search order than the Y-disk, unless you already deployed the PUBLIC files to the Y-disk. We recommend you LINK at address 888 and ACCESS as X/A.
      LINK VMANAGER 193 888 RR ACCESS 888 X/A
    2. Issue the following command:
      INSTUPGR STAGE2 ( PRIME
      If errors occur,
      VM:Secure
      logs problems in the following file:
      UPGDMIXT $LOGFILE E
      Correct the problems and reissue INSTUPGR.
  13. Perform these changes to Chapter 24, "Update Your Current System With the STAGE2 Changes":
    1. LINK and ACCESS the
      VM:Secure
      PUBLIC disk at a filemode earlier in the search order than the Y-disk, unless you already deployed the PUBLIC files to the Y-disk. We recommend you LINK at address 888 and ACCESS as X/A.
      LINK VMANAGER 193 888 RR ACCESS 888 X/A
      Then proceed to issue:
      INSTUPGR STAGE2 ( COMMIT
    2. After the IPL 190 step, LINK and ACCESS the
      VM:Secure
      PUBLIC disk at a filemode in front of the Y-disk, unless you already deployed the PUBLIC files to the Y-disk. We recommend you LINK at address 888 and ACCESS as X/A. Then proceed to reissue:
      INSTUPGR STAGE2 ( COMMIT
      If errors occur,
      VM:Secure
      logs problems in the following file:
      UPGDMIXT $LOGFILE E
      Correct the problems and reissue INSTUPGR.
  14. Perform the remaining steps in the IBM documentation.
Upgrading z/VM 6.4.0 to z/VM 7.1.0
Follow the steps in this section to upgrade z/VM 6.4.0 to z/VM 7.1.0:
  1. Ensure that the userID MIGMAINT that runs the Upgrade in Place process is authorized to LINK to the VMANAGER 193 disk read-only (RR).
  2. VM:Secure
    requirements that must be met before you begin:
    1. VM:Secure
      3.2 must be installed and deployed.
    2. VM:Secure
      3.2 RSU-1801 must be installed and deployed.
    3. All
      VM:Secure
      3.2 PTFs marked as HIPER must be installed and deployed.
    4. All
      VM:Secure
      3.2 PTFs designated as "z/VM 7.1 Support" must be installed and deployed.
    5. If you are upgrading a SSI cluster, all SSI members must meet these requirements before you begin to upgrade the first member.
  3. Add an ACCOUNT User Exit to
    VM:Secure
    that allows MIGMAINT to add any account code during the Upgrade in Place process.
    The exit EXEC file can be as simple as the following example:
    /* MYACTXIT EXEC */ Exit 0
    Place the file on the
    VMSECURE
    A-disk, and add this line to your PRODUCT CONFIG file (substituting your exit filename):
    USEREXIT ACCOUNT MYACTXIT EXEC
    Note:
    You can remove this exit after the upgrade process is complete.
  4. Verify that all DASD volumes in the 6.4.0 system that will hold minidisks that will be created during the upgrade process are configured in the DASD CONFIG file.
    These volumes are listed on the worksheets you must complete during the IBM Upgrade in Place procedures. The worksheets are included in the Plan your Installation Upgrade section of the
    z/VM Installation Guide Version 7 Release 1
    .
  5. Add GRANT *ALL TO MIGMAINT to the AUTHORIZ CONFIG file.
  6. Issue the
    VMSECURE
    RULES SYSTEM command and make sure that these entries are present:
    ACCEPT MIGMAINT LINK * * ( NOPASS ACCEPT MAINT640 LINK * * ( NOPASS ACCEPT BLDSEG LINK * * ( NOPASS ACCEPT BLDNUC LINK * * ( NOPASS ACCEPT BLDCMS LINK * * ( NOPASS
  7. Run these steps in the following sections of the
    z/VM Installation Guide Version 7 Release 1
    :
    1. Chapter 12: "Plan Your Upgrade Installation"
    2. Chapter 13: "Set Up For Your Upgrade Installation"
    3. Chapter 14: "Install a z/VM V7.1 Work System For Your Upgrade Installation".
  8. Perform these changes to Chapter 15, "Step 2. Generate the STAGE1 Table":
    1. Before you issue the
      INSTUPGR STAGE1 ( PRIME
      command, LINK and ACCESS the
      VM:Secure
      PUBLIC disk. Use a filemode that is earlier in the search order than the Y-disk, unless you already deployed the PUBLIC files to the Y-disk. We recommend you LINK using virtual address 888 and ACCESS the disk as X/A.
      LINK VMANAGER 193 888 RR ACCESS 888 X/A
    2. Issue the following command:
      INSTUPGR STAGE1 ( PRIME
      If errors occur,
      VM:Secure
      logs problems in the following file:
      UPGDMIXT $LOGFILE E
      Correct the problems and reissue INSTUPGR.
  9. Perform these changes to Chapter 16, "Update Your Current System With the STAGE1 Changes" in "Step 2. Use the INSTUPGR command to make your STAGE1 system changes":
    1. Before you issue the
      INSTUPGR STAGE1 ( COMMIT
      command, examine files with the filetype $DIRADD$. STAGE1 PRIME processing generates these files.
    2. Look at all MDISK statements to determine the volume serial numbers of all 710RLx volumes where minidisks exist.
    3. Update the
      VM:Secure
      DASD CONFIG file to include information for z/VM 7.1.0 volumes. Issue VMSECURE CONFIG DASD and do the following tasks:
      1. Add all the 710RLx volumes to the
        VM:Secure
        DASD CONFIG file. Doing so allows minidisks on those volumes to be allocated.
      2. Assign the 710RLx volumes to an allocation subpool.  You can put the 710RLx volumes in the same allocation subpool that contains the 640RLx volumes. Alternatively, you can put the 710RLx volumes in their own subpool.
      3. Allow any full pack minidisks in the MAINT710 directory entry to be created. To do so, add an IGNORE record in the DASD CONFIG file. Examine the list of full pack minidisks in the MAINT710 $DIRADD$ file on MIGMAINT 2CF0. For each of these minidisks, add an IGNORE record such as:
        IGNORE MAINT710 131
    4. LINK and ACCESS the
      VM:Secure
      PUBLIC disk. Use a filemode that is earlier in the search order than the Y-disk, unless you already deployed the PUBLIC files to the Y-disk. We recommend you LINK as address 888 and ACCESS as X/A
      LINK VMANAGER 193 888 RR ACCESS 888 X/A
    5. Issue the following command:
      INSTUPGR STAGE1 ( COMMIT
      If errors occur,
      VM:Secure
      logs problems in the following file:
      UPGDMIXT $LOGFILE E
      Correct the problems and reissue INSTUPGR.
  10. Perform these changes to Chapter 17, "Finish the STAGE1 Upgrade":
    1. Issue
      VMSECURE
      RULES SYSTEM and add the following line:
      ACCEPT MAINT710 LINK * * ( NOPASS
    2. Rework your local modifications, including the CP components added to your system by
      VM:Secure
      . Update the
      VM:Secure
      CP components by using the HCPxxx TEXT files generated by the command:
      VMXCPG ZVM710
      Use the VMXRPI CONFIG file that was used on the system you are upgrading as input to the VMXCPG utility. If you have z/VM 6.4.0-related user IDs in the VMXRPI CONFIG (for instance, MAINT640), add the z/VM 7.1.0 counterparts to the VMXRPI CONFIG before creating the new CP component text decks.
    3. Add the new CP components from VMXCPG to your VMSES CP component. See the procedures in the Rules Facility documentation, in Installing Access Control Interface Exits in the VM Control Program.
      At this time, complete the text deck replacements as indicated in the Rules Facility documentation.
      Do
      not
      run SERVICE or PUT2PROD
      . The IBM Upgrade In Place procedure performs these steps when needed.
    4. If on this system you have installed other
      VM:Manager Suite
      products that require CP modifications, prepare and rework those local modifications for use on z/VM 7.1.0. For more information, see the Product Maintenance and Upgrade sections of the Installation information for each product.
      Verify that you have the VMANAGER VM Product Manager directory diagnose logic for z/VM 7.1.0 available to include in your z/VM 7.1.0 system. Ensure that this file, VMNDLK71 TEXT, is placed on your z/VM 7.1.0 PARM disk. Also ensure that the CPXLOAD statement for the member you are upgrading is updated to reference VMNDLK71 TEXT. See Implementing the Directory Reader and System Information Diagnose Code and When Upgrading z/VM in Place in the
      Mainframe VM Product Manager
      Installation documentation.
      If you run
      VM:Spool
      V/Seg Plus Component,
      you must also update the V/Seg Plus CP local modifications (LOCALMODS) at this time
      . See
      When Upgrading z/VM in Place
      in the
      VM:Spool
      V/Seg Plus Component
      Installation Documentation.
    5. After you review and complete Chapter 17 Steps 1, 2 and 3, then go to Chapter 17 "Step 4. Rework your local modifications" to complete that work. If the IBM
      z/VM Installation Guide
      indicates that this step should be skipped, then skip to item 11 below.
      The SYSLMOD Table entries should resolve as you rework the local modifications. Resolve any other local modification to CP if they are presented in the SYSLMOD table entries panel.
      Failure to resolve all entries that are presented in the SYSLMOD Table results in back-level CP modifications being included in your z/VM 7.1.0 CP nucleus. Back-level modifications can cause system abends and other unpredictable results.
  11. Run the steps in Chapter 18, "Stop Your Production Workload And Backup Your System."
  12. Perform these changes to Chapter 19, "Generate the STAGE2 Changes File":
    1. Before you issue the
      INSTUPGR STAGE2 ( PRIME
      command, LINK and ACCESS the
      VM:Secure
      PUBLIC disk at a filemode earlier in the search order than the Y-disk, unless you already deployed the PUBLIC files to the Y-disk. We recommend you LINK at address 888 and ACCESS as X/A.
      LINK VMANAGER 193 888 RR ACCESS 888 X/A
    2. Issue the following command:
      INSTUPGR STAGE2 ( PRIME
      If errors occur,
      VM:Secure
      logs problems in the following file:
      UPGDMIXT $LOGFILE E
      Correct the problems and reissue INSTUPGR.
  13. Perform these changes to Chapter 20, "Update Your Current System With the STAGE2 Changes":
    1. LINK and ACCESS the
      VM:Secure
      PUBLIC disk at a filemode earlier in the search order than the Y-disk, unless you already deployed the PUBLIC files to the Y-disk. We recommend you LINK at address 888 and ACCESS as X/A.
      LINK VMANAGER 193 888 RR ACCESS 888 X/A
      Then proceed to issue:
      INSTUPGR STAGE2 ( COMMIT
    2. After the IPL 190 step, LINK and ACCESS the
      VM:Secure
      PUBLIC disk at a filemode in front of the Y-disk, unless you already deployed the PUBLIC files to the Y-disk. We recommend you LINK at address 888 and ACCESS as X/A. Then proceed to reissue:
      INSTUPGR STAGE2 ( COMMIT
      If errors occur,
      VM:Secure
      logs problems in the following file:
      UPGDMIXT $LOGFILE E
      Correct the problems and reissue INSTUPGR.
  14. Perform the remaining steps in the IBM documentation.
Upgrading z/VM 6.4.0 or z/VM 7.1.0 to z/VM 7.2.0
Follow the steps in this section to upgrade z/VM 6.4.0 or z/VM 7.1.0 to z/VM 7.2.0:
  1. Ensure that the userID MIGMAINT that runs the Upgrade in Place process is authorized to LINK to the VMANAGER 193 disk read-only (RR).
  2. VM:Secure
    requirements that must be met before you begin:
    1. VM:Secure
      3.2 must be installed and deployed.
    2. VM:Secure
      3.2 RSU-2001 must be installed and deployed.
    3. All
      VM:Secure
      3.2 PTFs marked as HIPER must be installed and deployed.
    4. All
      VM:Secure
      3.2 PTFs designated as "z/VM 7.2 Support" must be installed and deployed.
    5. If you are upgrading a SSI cluster, all SSI members must meet these requirements before you begin to upgrade the first member.
  3. Add an ACCOUNT User Exit to
    VM:Secure
    that allows MIGMAINT to add any account code during the Upgrade in Place process.
    The exit EXEC file can be as simple as the following example:
    /* MYACTXIT EXEC */ Exit 0
    Place the file on the
    VMSECURE
    A-disk, and add this line to your PRODUCT CONFIG file (substituting your exit filename):
    USEREXIT ACCOUNT MYACTXIT EXEC
    Note:
    You can remove this exit after the upgrade process is complete.
  4. Verify that all DASD volumes in the existing system that will hold minidisks that will be created during the upgrade process are configured in the DASD CONFIG file.
    These volumes are listed on the worksheets you must complete during the IBM Upgrade in Place procedures. The worksheets are included in the Plan your Installation Upgrade section of the
    z/VM Installation Guide Version 7 Release 2
    .
  5. Add GRANT *ALL TO MIGMAINT to the AUTHORIZ CONFIG file.
  6. Issue the
    VMSECURE
    RULES SYSTEM command and make sure that these entries are present:
    ACCEPT MIGMAINT LINK * * ( NOPASS ACCEPT MAINT640 LINK * * ( NOPASS - or - ACCEPT MAINT710 LINK * * ( NOPASS ACCEPT BLDSEG LINK * * ( NOPASS ACCEPT BLDNUC LINK * * ( NOPASS ACCEPT BLDCMS LINK * * ( NOPASS
  7. Run these steps in the following sections of the
    z/VM Installation Guide Version 7 Release 2
    :
    1. Chapter 12: "Plan Your Upgrade Installation"
    2. Chapter 13: "Set Up For Your Upgrade Installation"
    3. Chapter 14: "Install a z/VM V7.2 Work System For Your Upgrade Installation".
  8. Perform these changes to Chapter 15, "Step 2. Generate the STAGE1 Table":
    1. Before you issue the
      INSTUPGR STAGE1 ( PRIME
      command, LINK and ACCESS the
      VM:Secure
      PUBLIC disk. Use a filemode that is earlier in the search order than the Y-disk, unless you already deployed the PUBLIC files to the Y-disk. We recommend you LINK using virtual address 888 and ACCESS the disk as X/A.
      LINK VMANAGER 193 888 RR ACCESS 888 X/A
    2. Issue the following command:
      INSTUPGR STAGE1 ( PRIME
      If errors occur,
      VM:Secure
      logs problems in the following file:
      UPGDMIXT $LOGFILE E
      Correct the problems and reissue INSTUPGR.
  9. Perform these changes to Chapter 16, "Update Your Current System With the STAGE1 Changes" in "Step 2. Use the INSTUPGR command to make your STAGE1 system changes":
    1. Before you issue the
      INSTUPGR STAGE1 ( COMMIT
      command, examine files with the filetype $DIRADD$. STAGE1 PRIME processing generates these files.
    2. Look at all MDISK statements to determine the volume serial numbers of all 720RLx volumes where minidisks exist.
    3. Update the
      VM:Secure
      DASD CONFIG file to include information for z/VM 7.2.0 volumes. Issue VMSECURE CONFIG DASD and do the following tasks:
      1. Add all the 720RLx volumes to the
        VM:Secure
        DASD CONFIG file. Doing so allows minidisks on those volumes to be allocated.
      2. Assign the 720RLx volumes to an allocation subpool.  You can put the 720RLx volumes in the same allocation subpool that contains the 640RLx or 710RLx volumes. Alternatively, you can put the 720RLx volumes in their own subpool.
      3. Allow any full pack minidisks in the MAINT720 directory entry to be created. To do so, add an IGNORE record in the DASD CONFIG file. Examine the list of full pack minidisks in the MAINT720 $DIRADD$ file on MIGMAINT 2CF0. For each of these minidisks, add an IGNORE record such as:
        IGNORE MAINT720 131 IGNORE MAINT720 132
    4. LINK and ACCESS the
      VM:Secure
      PUBLIC disk. Use a filemode that is earlier in the search order than the Y-disk, unless you already deployed the PUBLIC files to the Y-disk. We recommend you LINK as address 888 and ACCESS as X/A
      LINK VMANAGER 193 888 RR ACCESS 888 X/A
    5. Issue the following command:
      INSTUPGR STAGE1 ( COMMIT
      If errors occur,
      VM:Secure
      logs problems in the following file:
      UPGDMIXT $LOGFILE E
      Correct the problems and reissue INSTUPGR.
  10. Perform these changes to Chapter 17, "Finish the STAGE1 Upgrade":
    1. Issue
      VMSECURE
      RULES SYSTEM and add the following line:
      ACCEPT MAINT720 LINK * * ( NOPASS
    2. Rework your local modifications, including the CP components added to your system by
      VM:Secure
      . Update the
      VM:Secure
      CP components by using the HCPxxx TEXT files generated by the command:
      VMXCPG ZVM720
      Use the VMXRPI CONFIG file that was used on the system you are upgrading as input to the VMXCPG utility. If you have z/VM 6.4.0 or 7.1.0 related user IDs in the VMXRPI CONFIG (for instance, MAINT640 or MAINT710), add the z/VM 7.2.0 counterparts to the VMXRPI CONFIG before creating the new CP component text decks.
    3. Add the new CP components from VMXCPG to your VMSES CP component. See the procedures in the Rules Facility documentation, in Installing Access Control Interface Exits in the VM Control Program.
      At this time, complete the text deck replacements as indicated in the Rules Facility documentation.
      Do
      not
      run SERVICE or PUT2PROD
      . The IBM Upgrade In Place procedure performs these steps when needed.
    4. If on this system you have installed other
      VM:Manager Suite
      products that require CP modifications, prepare and rework those local modifications for use on z/VM 7.2.0. For more information, see the Product Maintenance and Upgrade sections of the Installation information for each product.
      Verify that you have the VMANAGER VM Product Manager directory diagnose logic for z/VM 7.2.0 available to include in your z/VM 7.2.0 system. Ensure that this file, VMNDLK72 TEXT, is placed on your z/VM 7.2.0 PARM disk. Also ensure that the CPXLOAD statement for the member you are upgrading is updated to reference VMNDLK72 TEXT. See Implementing the Directory Reader and System Information Diagnose Code and When Upgrading z/VM in Place in the
      Mainframe VM Product Manager
      Installation documentation.
      If you run
      VM:Spool
      V/Seg Plus Component,
      you must also update the V/Seg Plus CP local modifications (LOCALMODS) at this time
      . See
      When Upgrading z/VM in Place
      in the
      VM:Spool
      V/Seg Plus Component
      Installation Documentation.
    5. After you review and complete Chapter 17 Steps 1, 2 and 3, then go to Chapter 17 "Step 4. Rework your local modifications" to complete that work. If the IBM
      z/VM Installation Guide
      indicates that this step should be skipped, then skip to item 11 below.
      The SYSLMOD Table entries should resolve as you rework the local modifications. Resolve any other local modification to CP if they are presented in the SYSLMOD table entries panel.
      Failure to resolve all entries that are presented in the SYSLMOD Table results in back-level CP modifications being included in your z/VM 7.2.0 CP nucleus. Back-level modifications can cause system abends and other unpredictable results.
  11. Run the steps in Chapter 18, "Stop Your Production Workload And Backup Your System."
  12. Perform these changes to Chapter 19, "Generate the STAGE2 Changes File":
    1. Before you issue the
      INSTUPGR STAGE2 ( PRIME
      command, LINK and ACCESS the
      VM:Secure
      PUBLIC disk at a filemode earlier in the search order than the Y-disk, unless you already deployed the PUBLIC files to the Y-disk. We recommend you LINK at address 888 and ACCESS as X/A.
      LINK VMANAGER 193 888 RR ACCESS 888 X/A
    2. Issue the following command:
      INSTUPGR STAGE2 ( PRIME
      If errors occur,
      VM:Secure
      logs problems in the following file:
      UPGDMIXT $LOGFILE E
      Correct the problems and reissue INSTUPGR.
  13. Perform these changes to Chapter 20, "Update Your Current System With the STAGE2 Changes":
    1. LINK and ACCESS the
      VM:Secure
      PUBLIC disk at a filemode earlier in the search order than the Y-disk, unless you already deployed the PUBLIC files to the Y-disk. We recommend you LINK at address 888 and ACCESS as X/A.
      LINK VMANAGER 193 888 RR ACCESS 888 X/A
      Then proceed to issue:
      INSTUPGR STAGE2 ( COMMIT
    2. After the IPL 190 step, LINK and ACCESS the
      VM:Secure
      PUBLIC disk at a filemode in front of the Y-disk, unless you already deployed the PUBLIC files to the Y-disk. We recommend you LINK at address 888 and ACCESS as X/A. Then proceed to reissue:
      INSTUPGR STAGE2 ( COMMIT
      If errors occur,
      VM:Secure
      logs problems in the following file:
      UPGDMIXT $LOGFILE E
      Correct the problems and reissue INSTUPGR.
  14. Perform the remaining steps in the IBM documentation.