IBM OS/390 User Manual
25.4.2.1 Enforcing Installation Standards
You will continue to refine the standards developed above, and should use RACF
to protect critical resources. You can also use installation exits to enforce
standards not controlled by RACF, but keep in mind that it is often easier to
enforce them through other procedures.
to protect critical resources. You can also use installation exits to enforce
standards not controlled by RACF, but keep in mind that it is often easier to
enforce them through other procedures.
25.4.2.2 Implementing System Security
OS/390 users have access to all data sets in the system unless specifically
restricted via the security product. Intentional or unintentional modification of
system data sets can compromise system availability.
restricted via the security product. Intentional or unintentional modification of
system data sets can compromise system availability.
You should use RACF (now called the OS/390 Security Server) to protect critical
resources such as system data sets, catalogs, and access to valuable, sensitive
or confidential data. You should identify all users of the system, whether they are
TSO, on-line, batch job owners, or console operators.
resources such as system data sets, catalogs, and access to valuable, sensitive
or confidential data. You should identify all users of the system, whether they are
TSO, on-line, batch job owners, or console operators.
Security (RACF) can also be used to enforce the installation standards. See
Appendix D “Security for System Data Sets” in
Appendix D “Security for System Data Sets” in
OS/390 Security Server (RACF)
Security Administrator, SC28-1915.
See the following RACF books for more information:
•
OS/390 Security Server (RACF) Introduction, GC28-1912
•
OS/390 Security Server (RACF) Planning: Installation and Migration,
GC28-1920
GC28-1920
•
OS/390 Security Server (RACF) General User
′
s Guide, SC28-1917
•
MVS 3.1.3 and RACF 1.9 Security Implementation Guide, GG24-3585
•
RACF V2.2 Installation and Implementation Guide, SG24-4580
25.4.2.3 Backing Up Your System
Periodic system backups are critical to maintaining access to critical resources
and protecting your investments in systems programming and migration efforts.
You should take full-volume dumps of all system packs except paging data sets,
and JES2 spool and checkpoint volumes. This should be part of your SMS
strategy, and developed early in the project along with your disaster recovery
goals and requirements.
and protecting your investments in systems programming and migration efforts.
You should take full-volume dumps of all system packs except paging data sets,
and JES2 spool and checkpoint volumes. This should be part of your SMS
strategy, and developed early in the project along with your disaster recovery
goals and requirements.
25.4.2.4 Creating an Emergency Backup System
As careful as you are, there may be a time that you can not IPL your OS/390
system because the IPL text in the SYSRES is damaged, the master catalog is
deleted, or the JES2 procedure has a JCL error. (There are many other reasons
why you may not be able to IPL.)
system because the IPL text in the SYSRES is damaged, the master catalog is
deleted, or the JES2 procedure has a JCL error. (There are many other reasons
why you may not be able to IPL.)
In any case, you should have a backup OS/390 system that you can IPL to
diagnose and fix the problem. Many installations have a simple one or two-pack
MVS system that can support a TSO user and a few batch jobs. Another
strategy is to use your system maintenance environment to provide a simple but
usable backup system. There are also vendor products such as SAE, which
provide
diagnose and fix the problem. Many installations have a simple one or two-pack
MVS system that can support a TSO user and a few batch jobs. Another
strategy is to use your system maintenance environment to provide a simple but
usable backup system. There are also vendor products such as SAE, which
provide
″
rescue
″
systems.
410
VSE to OS/390 Migration Workbook