set that is RACF-protected by

a

discrete

 

profile

 

must

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

also

be

 

RACF-indicated.

 

 

 

 

 

 

 

 

 

 

 

 

S

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

RACROUTE

macro

 

 

 

.

An

 

assembler

macro

that

 

 

SAF

. System authorization facility.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

provides

 

a

means

of

 

calling

RACF

to

 

provide

 

security

 

 

Seedata

security.

 

 

 

 

 

 

 

 

 

 

 

 

 

functions. See AUDITalso request,AUTH

request,

 

 

 

security .

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

DEFINE

request,DIRAUTH

 

request,

EXTRACT

request,security

 

classification .

 

The

 

use

of

 

security

 

 

 

 

 

FASTAUTH request, LIST

 

request,SIGNON

request,

 

 

 

categories,

a

security

 

level,

or both,

to

impose

STAT

request,

TOKENBLD

 

request,TOKENMAP

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

additional access controls on sensitive resources. An

request,TOKENXTR

request, VERIFY

request,and

 

 

 

 

 

 

alternative

way

to

provide

 

security

classifications i

VERIFYX

request.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

use

 

security

labels.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

remote

 

logical

unit

(remote

LU)

.

 

Seepartner

logical

SFS . Shared file system

 

 

 

 

 

 

 

 

 

 

 

 

 

unit

 

(partner. LU)These

 

two

terms

are

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

interchangeable.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

remote

 

node

 

.

An

RRSF

 

node

that

is

 

logically

 

shared

 

file

 

system

(SFS)

.

 

A

 

part

of

CMS

that lets

 

 

 

 

 

 

 

 

users organize their files into groups known as

 

 

connected

to

a

node

from

 

whose

point of

 

 

 

 

 

 

view

 

you

 

are

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

talking.

For

example,

 

if

MVSX

and

MVSY

are

 

 

directories and selectively share those files and

 

 

two

RRSF

 

 

 

 

with

 

other

users.

 

 

 

 

 

 

 

 

 

 

nodes

that

are

logically

connected,

from

 

 

directories

 

 

 

 

 

 

 

 

 

 

 

MVSX's

 

point

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

of

view

 

MVSY

is

a

 

remote

 

node,

and

from

 

MVSY's

 

point

 

 

OpenEdition

MVS,

a

program

that

 

 

 

 

of

view

 

MVSX

is

a

 

remote

 

nodelocal. Seenode,also

 

 

shell

.

 

(1) In

 

 

 

 

 

 

 

 

 

interprets

and

processes

interactive

commands

 

from

a

target

node.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

pseudoterminal or from lines in a

shell script. (2) A

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Resource

Access

Control

Facility

(RACF)

 

 

.

 

An

 

 

 

 

program

 

that

interprets

sequences

of

text

input

 

as

 

 

 

 

 

 

 

commands.

 

It

may

 

operate

on

an

 

input

stream,

or

it

IBM-licensed

product

 

that

provides

 

for

 

 

 

 

 

 

 

 

access

 

control

by

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

identifying

and

verifying

users

to

 

the

 

 

 

may

 

interactively prompt and read commands from a

 

 

system,

 

authorizing

 

 

withcommand

language

 

 

 

 

 

 

 

 

access

to

protected

resources,

logging

 

 

 

terminal.

 

Synonymous

 

 

 

 

 

 

 

 

detected

 

 

 

 

 

software

 

interface

between

 

a

user

unauthorized

attempts

to

enter

the

system,

interpreter. (3) A

 

 

and

 

logging

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

and the operating system of a computer. Shell

 

 

detected

 

accesses

 

to

protected

 

resources.programs

 

interpret commands and user interactions on

resource

profile

 

 

.

A profile

that

provides

RACF

devices such as keyboards, pointing devices and

 

 

 

touch-sensitive screens and communicate them to the

protection

for

one

or

more

 

resources.

 

 

 

 

User,

group,

and

 

 

 

 

 

 

 

 

command

 

interpreter

that

 

connect

profiles

are

not

resource

 

profiles.

operating

system. (4) The

 

 

 

The

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

information

 

in

a

resource

profile

can

 

 

 

 

provides a user interface to the operating system

 

include the

 

data

(5) The

 

program

 

that

 

reads

a

user's

 

set

 

profile

name,

profile

 

owner,

universal

 

 

its

 

commands.

 

 

 

 

 

 

access

 

 

 

 

and

executes

them.

(6) The

shell

command

 

 

authority,

access

list,

and

other

 

data.

 

 

commands

 

 

 

 

Resource

 

profiles

 

 

 

 

a

specific

instance

of

a

 

shell

can

be

discrete

profiles

or

 

 

 

 

 

 

 

 

language

 

interpreter,

 

 

generdiscreteprofiles. See

 

 

 

above

 

the

kernel,

that

provides

 

a

flexi

profileand generic

profile.

 

 

 

 

 

 

 

 

 

 

 

(7) A

 

layer,

 

 

 

 

 

 

 

 

 

 

 

 

 

interface

between

users

and

the

rest

of

 

the

syste

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

root

.

(1) The

starting

point

of

the

file

 

 

(8) Software

that

 

allows

a

kernel

 

program

to

run

under

 

system.

(2) The

 

 

 

 

system

 

environments.

 

 

 

 

 

 

first directory in the systemappropriate. (3) See

 

 

 

different

operating

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

privileges.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

SIGNON

 

request

 

.

 

The

 

issuing

 

of

the

RACROUTE

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

RRSF

.

SeeRACF

remote

 

sharing

facility.

 

 

 

 

macro

 

with

REQUEST=SIGNON

specified.

A

SIGNON

 

 

 

 

 

 

 

 

 

 

request

 

is

used to provide management of the

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

RRSF

logical

node

connection

 

 

 

.

 

Two

RRSF

 

nodes

 

 

signed-on

 

lists associated with persistent verification

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

(PV),

a

 

feature

 

of

 

the

APPC

architecture

of

LU

6.2

are logically connected when they are properly

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

configured

to

communicate

via

APPC/MVS,

and

each

 

 

 

 

 

 

 

RRSF

node

 

 

.

 

An

RRSF

node

consisting

 

 

 

has

been

 

configured

via

the

TARGET

command

 

 

single-system

 

 

 

 

 

 

 

 

 

to

have

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

an

OPERATIVE

connection

to

the

other.

 

 

 

 

of

one MVS system image.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

RRSF

network

 

 

.

 

Two

or

more

RRSF

nodes

that

 

SMF

 

records

 

 

.

SeeRACF

 

SMF

 

data

 

unload

utility.

 

 

 

 

 

 

 

 

 

have

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

established

RRSF

logical

node

connections

to

 

each

 

 

 

 

 

.

 

The

issuing

of

the

RACROUTE

macro

 

 

other.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

STAT

 

request

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

with REQUEST=STAT specified. A STAT request

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

RRSF

node

.

 

One

or

more MVS

system

 

images

 

 

determines

if

RACF

 

is

active

and,

optionally,

 

whether

 

 

 

with

 

 

 

resource

class

 

is

 

defined

to

RACF

and

 

active.

MVS/ESA

4.3

or

later

installed,

RACF

2.2

 

 

 

given

 

 

 

installed,

 

and

request

replaces

the

RACSTAT

function.

 

 

 

 

the

 

RACF

 

subsystem

address

space

 

active.

 

 

The

 

STAT

 

 

 

 

 

 

 

 

 

See

 

also

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

RRSF

 

logical

node

connection.

 

 

 

 

 

 

 

 

 

 

structure .

 

Seecache

 

structure.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

44

OS/390

V2R4.0

Security

Server

(RACF)

Planning:

 

Installation

 

and

Migration

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Page 64
Image 64
IBM OS/390 manual Classification, Verifyx, File System, Root, Structure

OS/390 specifications

IBM OS/390, a versatile operating system, was a cornerstone in enterprise environments and played a pivotal role in mainframe computing. Released in the mid-1990s, OS/390 combined the strengths of IBM's MVS (Multiple Virtual Storage) with new features and enhancements, targeting scalability, reliability, and performance in demanding business applications.

One of the key features of OS/390 was its robust support for multiple users and processes. The system allowed thousands of concurrent users to access applications and data, ensuring high availability and minimizing downtime—a critical requirement for many large organizations. This scalability was supported through various enhancements in memory management and processor scheduling, enabling optimal resource allocation across diverse workloads.

OS/390 was known for its superior workload management capabilities. The Workload Manager (WLM) component allowed administrators to define service policies, specifying how system resources would be allocated according to the priority of tasks. This ensured that critical business processes received the necessary resources while less critical tasks were managed more flexibly.

Another significant characteristic of OS/390 was its commitment to security. The operating system provided comprehensive security features, including user authentication, data encryption, and auditing capabilities. This focus on security was vital for organizations handling sensitive data, ensuring compliance with regulations and safeguarding against unauthorized access.

OS/390 also supported advanced technologies that facilitated integration and development. The system included features like the IBM CICS (Customer Information Control System) for transaction processing and IMS (Information Management System) for database management. These technologies allowed organizations to build robust, high-performance applications tailored to specific business needs.

The ease of network integration was another strength of OS/390. With the advent of the Internet and global connectivity, OS/390 systems could easily interface with various network protocols, enabling businesses to operate in a connected world. This inclusion paved the way for many organizations to expand their capabilities and offer new services, driving digital transformation.

In conclusion, IBM OS/390 represented a significant advancement in mainframe technology, combining scalability, security, and robust workload management. Its rich feature set and support for critical enterprise applications solidified its role as a vital component of many organizations' IT infrastructures, ensuring they could meet their operational challenges head-on while supporting future growth. As technology continues to evolve, the legacy of OS/390 remains influential in the realm of computing.