What's New in Copy Services Manager 6.2.5

View Only

What's New in Copy Services Manager 6.2.5

By Archive User posted Wed March 20, 2019 04:21 PM

Like

Originally posted by: RandyBlea

In March, 2019 IBM GA'd the next version of IBM Copy Services Manager, version 6.2.5

IBM Copy Services Manager is a storage replication product that provides a single place to manage all the replication across your IBM storage environment. With IBM Copy Services Manager customers can simplify the management of their replication solutions while providing disaster recovery and high availability to their applications.

What's New in IBM Copy Services Manager 6.2.5

As always, we're very excited to provide the following key features being released in this new version. We develop Copy Services Manager in an agile development cycle and as such have included a number of customer requested features!!!

Session Operators can only see sessions they can manage

CSM provides four different user roles that a Administrator or User Administrator can assign to users with access to the server. One of these roles is the Session Operator. When granting a user the Session Operator role, the Administrator will specify which specific sessions the user can manage. In previous releases, when the Session Operator logged into the CSM server, they could see ALL of the sessions that were created on the server, but could only issue commands to the ones specified by the Administrator.

More often than not though, in environments where customers used the Session Operator, there is no need for that Session Operator to actually view the other sessions. In fact, it can be considered a security risk in multi-tenancy environments. So in 6.2.5, CSM has modified both the GUI and CLI so that Session Operators will only be able to see those sessions that they are authorized to manage. All other sessions will remain hidden from the user.

Facility Class Support for CSM CLI running on z/OS

When using the CSM CLI a user name and password must be provided on either the command line or in an encrypted file. While providing a file for authentication made running CSM CLI commands from batch jobs easier for some customers, when a customer had to change their password, they had to ensure that they changed it in CSM as well. Not only is this extra work for the customer, but if they forget to modify the password in CSM, it could lead to failures in their batch processing which may impact their Service Level Agreements.

In 6.2.5 we added in the request for CSM to support Facility Class authentication. A Facility Class can be setup under z/OS that indicates which users have authorization to run certain programs. You can now specify a specific Facility Class for CSM and launch the CLI indicating that instead of providing a password, the currently logged in user into the OMVS shell, or the user specified in the BPXBATCH job, will be checked against the specified Facility Class. If that user is in the Facility Class, a password will not need to be specified. This allows customers to easily setup CSM for their batch processing on z/OS without having to maintain the password under CSM.

Removing Practice relationships in CSM Practice sessions

CSM Practice sessions allow customers to issue a Flash command which will create a consistent copy of the data at the remote site so that they can practice their disaster recovery processes while still maintaining disaster recovery capability. If No Copy is specified in the session properties for the Flash Copy relationship at the remote site, the data will not be hardened on the Hx practice volume unless there is an update to the Ix volume. This means that the relationship may exist on the hardware for the life of the session.

When using Extent Space Efficient volumes on the Hx practice volumes, it is recommend to use the No Copy option in order to limit the amount of backend space that gets consumed. However, if the relationship remains on the hardware it could eventually consume more backend space than expected.

In CSM 6.2.5, there is now a Terminate HxIx command available on Practice sessions. This command allows customers to remove the FlashCopy relationship from the hardware when they have completed their practice testing. Please note that customers that wish to keep a 'golden' copy of the data at the remote site should not use the Terminate HxIx command. When the command is issued the practice volumes will no longer be consistent. If a consistent copy is necessary at the remote site then do not issue the new Terminate command.

Dual Control Support for increased security

In CSM 6.2.5 we have added Dual Control support for a server. When you enable Dual Control on a server all actions that could have negative impacts on the replication environment will require two users with proper authority to authorize the action. This helps prevent a malicious user from being able to issue destructive or disruptive commands. It also can help as a way to "double check" non malicious user actions, by ensuring at least two people agree to a particular action such as suspending a session, before the action is executed.

While Dual Control is enabled, when an action is issued a Dual Control Request is created that shows up under the new Notifications->Dual Control Requests page in the CSM GUI for any users that are authorized to issue that same action. If a user isn't authorized to issue that action, the Dual Control Request will not be visible. The person that initiated the request can also cancel the request if they decide they do not want to do the action any more.

The following actions will create Dual Control Requests when Dual Control is enabled.