z/Secure 3.1 Install Guidance

View Only

Expand all | Collapse all

1. z/Secure 3.1 Install Guidance

0 Like
Joseph Sumi
Posted Fri November 17, 2023 03:31 PM

Reply
Hello - i have always installed Command Verifier separately but with z/Secure 3.1, I decided to install Admin, Audit, Alert, and Cmd Verifier at same time.

My SHOPZ order included all 4 products. After the install, I could not find the C4R modules (Cmd Verifier). I went back to the apply and noticed JC4R310 was not in the sample apply job (but HC4R310 was - Command Verifier Base). I started over and re-did the install and included JC4R310 for the apply but the apply check failed because there is missing DDDEFs, etc for C4R.

What is the best path forward ? Do i find the sample ZALL, and ZDDD jobs for Command Verifier and run those before the APPLY using my existing 3.1 SMPE environment ? Or is Command Verifier meant to be a separate install ?

thanks. Joe

------------------------------
Joseph Sumi
------------------------------
2. RE: z/Secure 3.1 Install Guidance

0 Like
RENE van TIL
Posted Fri November 17, 2023 05:38 PM

Reply
Hi joe

Command Verifier is a product on its own, with its own Program Directory and has its own set of sample jobs which you you can find in youhlq.JC4R310.F3. You can just install it in the same target/dlib zones as zSecure.

You can find the Program Directory here

https://www.ibm.com/docs/en/szs/3.1.0?topic=directories-program-directory-security-zsecure-commandverifier

If you do decide to install it all in the same zones you will see that DLIB AC4RLNK was allready allocated as part of the CV base FMID (and its DDDEF) so you will probably have to take that out of the samples provided.

Hope this helps

Rene

------------------------------
RENE van TIL
------------------------------

Original Message
3. RE: z/Secure 3.1 Install Guidance

0 Like
Jeroen Tiggelman
Posted Mon November 20, 2023 03:09 AM

Reply
Hi Joe,

The CKRZ* install jobs are for the so-called "CARLa-driven components", which are those products that use the CARLa engine. zSecure Command Verifier is not one of them.

zSecure Command Verifier shares some code to parse RACF commands with the CKGRACF program that is part of zSecure Admin and zSecure Visual. For that reason, the code in HC4Rvrm is included in the CKRZ* jobs, while the rest of the Command Verifier code in JC4Rvrm is not. (HCKRvrm has a REQ for HC4Rvrm.)

Command Verifier also does not follow the naming convention that install jobs have a Z in position 4, but has C4RJ* jobs in SC4RINST.

It is up to you if you want the product in the same SMP/E zones or not. But indeed, because of the overlap some adjustments need to be made if you do install them "together".

Regards,
Jeroen

P.S. "CARLa-driven components" may be a somewhat awkward term, but the original meaning of "zSecure" in Consul parlance was only Admin and Audit, while in IBM parlance it refers to the entire suite.

------------------------------
Jeroen Tiggelman
IBM - Software Development Manager IBM Security zSecure Suite
Delft
------------------------------

Original Message
4. RE: z/Secure 3.1 Install Guidance

0 Like
Joseph Sumi
Posted Mon November 20, 2023 08:24 AM

Reply
Thank you both for the explanations ! Joe

------------------------------
Joseph Sumi
------------------------------

Original Message

IBM Security

Join our 16,000+ members as we work together to overcome the toughest challenges of cybersecurity.

IBM Security Z Security

z/Secure 3.1 Install Guidance

Joseph SumiFri November 17, 2023 03:31 PM

RENE van TILFri November 17, 2023 05:38 PM

Jeroen TiggelmanMon November 20, 2023 03:09 AM

Joseph SumiMon November 20, 2023 08:24 AM

1. z/Secure 3.1 Install Guidance

2. RE: z/Secure 3.1 Install Guidance

3. RE: z/Secure 3.1 Install Guidance

4. RE: z/Secure 3.1 Install Guidance

Join our 16,000+ members as we work together to
overcome the toughest challenges of cybersecurity.