This section describes how to set customizable parameters for Guardium for Mainframes Z-TAP.
After you install the Z-TAP product on z/OS, you can use the NEON Enterprise Software Product Customization Facility to activate the Z-TAP product key. The product will also require some customization.
The NEON Enterprise Software Product Customization Facility has an ISPF interface and runs on any processor that can access the product libraries. To complete the installation and customization process, use the following steps:
Enter the following command at the TSO prompt:
EX '?guardiumhlq.EXEC(NEONCNTL)' '?guardiumhlq'
The ?guardiumhlq variable represents the high-level qualifier for the Guardium for Mainframes product load library. The high-level qualifier is the same as the one used when the product files were unpacked. The facility displays the NEON Products Customization panel shown on the next page.
The panel displays the name of the product load library and lists the products available for installation. You can perform the following tasks for each product:
Type B next to a product name and press Enter to browse the $READxxx member for that product.
Type S next to a product name and press Enter to proceed to the options panels for that product.
Note: You can enter the Select or Browse options for multiple products before you press Enter. The Product Customization Facility displays the panels for each product that you select in the order that they are listed.
|
NEON Products Customization Row 1 to 3 of 3 Command ===> ________________________________________________ Scroll ===> CSR
Product load library. . . ?guardiumhlq.LOAD
Type S to select a product for customization, B to BROWSE the $README member
Product Name / Description Version _ License Management nn.nn.nn _ Guardium for Mainframes 01.01.nn ******************************* Bottom of data ******************************** |
You received a Z-TAP password by e-mail when you purchased Guardium for Mainframes. This password is your product key. The key allows you to run Guardium for Mainframes on your machine and protects the software from unauthorized use. If you do not have the product key, contact Guardium Technical Support. Use the following steps to initiate or update the product license key.
Enter the following command at the TSO prompt:
EX '?guardiumhlq.EXEC(NEONCNTL)' '?guardiumhlq'
The ?guardiumhlq variable represents the high-level qualifier for the product load library. The high-level qualifier is the same as the one used when the product was unloaded.
Type S next to License Management and press Enter.
The customization facility displays the NEON Product Key Update panel.
|
NEON Enterprise Software Product Key Update Command ===>
NEON Administration Library . . ?guardiumhlq.ADMIN Manage Product Keys . . . . Y (Y/N) Manage Product Libraries . . Y (Y/N)
Press ENTER to continue to next selected step or END to cancel |
NEON Administration Library Name: Enter the fully qualified data set name, without quotes. For example:
?guardiumhlq.ADMIN
Manage Product Keys:
Enter Y (Yes) to review, add, or delete product keys.
Enter N (No) to bypass the Product Key Update panel.
Manage Product Keys must be performed when product is initially installed, and when new keys are added or old keys are removed. If the proper product keys are not present the product will fail.
Manage Product Libraries:
Enter Y (Yes) to review, add, or delete product libraries.
Enter N (No) to bypass the Product Libraries panel.
Manage Product Libraries must be performed when the product is initially installed, and when a new installation product load library is added to a users system. This step ensures that there is a locator module (which indicates where the product keys are) in the product load library. Without this module the product will not be able to perform product key validation and the product will fail.
Press Enter.
If you specify Y for the Manage Product Keys option, the NEON Enterprise Software Product Key Update panel displays, listing all product keys currently assigned to your site. Use this panel to enter new product keys or delete obsolete keys.
If you specify N for the Manage Product Keys option, the program bypasses this panel.
The NEON Enterprise Software Product Key Update panel contains a list of available product keys and empty lines where you can enter new product keys. The description of the Product Key is displayed below the Product Key. The Product Key description contains the following fields:
Product name: This field contains the product family name of this key.
CPU Id: This field contains processor id for which this key is valid.
Expires: This field contains the expiration date for this key.
Features: This field contains a list of all feature codes in this key.
Enter or edit the product keys for the products you are installing. After you add or change keys, press Enter to validate your changes.
|
NEON Enterprise Software Product Key Update Row 5 of 37 Command ===> Scroll ===> PAGE
NEON Administration Library . . ?guardiumhlq.ADMIN
Enter SAVE to update END to update (if changes) and exit CANCEL to exit ignoring any changes made since the last update
Product Key Product Name CPU Id Expires Features
NNXXXXPNNNNU123457CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC Guardium Trial 12/01/2009 |
Press the END key (normally the PF3 key) to close the NEON Enterprise Software Product Key Update panel.
If you specify Y in the Manage Product Libraries field, the Product Library Update panel displays.
If you specify N in the Manage Product Libraries field, the program bypasses the Product Library Update panel.
|
NEON Enterprise Software Product Libraries Update Row 15 of 43 Command ===> Scroll ===> PAGE
NEON Administration Library . . ?guardiumhlq.ADMIN
Press ENTER to update END to update if any changes were made and exits. CANCEL to exit ignoring any changes made since the last update
LC Product Library Status
__ ?guardiumhlq.LOAD |
The NEON Enterprise Software Product Libraries Update panel contains the following options:
LC: Use this field to update (U) or delete (D) libraries.
Product Library: Lists all NEON Enterprise Software product LOAD libraries contained in the ADMIN data set library.
Each library contains a locator module, which identifies the location of the ADMIN library.
Status: Describes the status of the locator modules.
Enter one or more product load library data set names. Only hlq.LOAD data sets are valid entries in this panel.
Perform one of the following exit options:
Press Enter to update the information, then press the End key to save and exit.
Press the Cancel key to undo any changes made since the last save and exit.
You have now activated the product key for Guardium for Mainframes on z/OS. Use the information in the next section to set customizable parameters for the product.
The Product Customization Facility lets you set customizable parameters that will be used by each Guardium for Mainframes Z-TAP. Even if you copy parameters from a previous version of Guardium for Mainframes, you must run the Product Customization Facility to save the parameters. To set the customizable parameters, use the following steps.
1. Enter the following command at the TSO prompt:
EX '?guardiumhlq.EXEC(NEONCNTL)' '?guardiumhlq'
The ?guardiumhlq variable represents the high-level qualifier for the NEON product load library. The high-level qualifier is the same as the one used when the product was unloaded.
Type S next to the entry for Guardium for Mainframes.
Press Enter to display the product customization panels.
The Product Customization Facility displays a Customizable Parameters panel, shown in the following figure. To get online help for this panel, press PF1.
|
---------- NEON (NSU) Guardium for Mainframes Customizable Parameters V01.01.nn --------- Command ===> Product Load Library . . ?guardiumhlq.LOAD Options Module Name. . . NSUUOPT Note: These are your current default parameters.
NEON (NSU) Guardium for Mainframes Message Log Parameters: Message Data Set Name . . . . . . . ?guardiumhlq.MSG Message Language . . . . . . . . . . ENU ENU Message Set. . . . . . . . . . . . . NSU01 NSU01 Sysout (NSUPRINT) Message Level . . 3 1 - 3 ( 3 = Verbose ) SQL Related Parameters: Package Collection ID . . . . . . . NSUCOL DB2 Collection Name SQL Retry Delay. . . . . . . . . . . 3 0 - 9999 Seconds Number of SQL Retries. . . . . . . . 5 0 - 9999 Attempts -DISPLAY LOCKS for -913 Retries. . . N N - Never R - For Every retry F - Only for Failure Z2000 Parameters: Z2000 Host Name. . . . . . . . . . . hostname or ip address Z2000 Port Number. . . . . . . . . . 16016 1 to 65535 Communications Timeout . . . . . . . 60 1 to 6000 Seconds
General Operating Options: Max Dataspace size . . . . . . . . . 100 1 to 2048 Megabytes Log Processor Activity Timeout . . . 3 1 to 1440 Minutes Local Rules Dataset Name . . . . . . ?guardiumhlq.RULES DB2 Environment Information: DB2 Version 7 Load Library . . . . . DSN710.SDSNLOAD DB2 Version 8 Load Library . . . . . SYS2.DSN810.SDSNLOAD DB2 Subsystems Selected for Audit. . DGA
Press ENTER to update END to save and exit CANCEL to exit ignoring any changes made since the last update |
If you will be running multiple Z-TAPs on different LPARs, you can override the Product Load Library and the Options Module Name in the following manner:
To override the Product Load Library, on the command line enter NEWOPT <valid library name> and press Enter. A confirmation dialog will appear. Press Enter and the new library name will appear on the Product Load Library line.
To override the Options Module Name, on the command line enter NEWOPT <1 to 8 character valid module name> and press Enter. A confirmation dialog will appear. Press Enter and the new module name will appear on the Options Module Name line.
Edit the parameters as appropriate for your site and press PF3 to save any changes and exit the customizable parameters panel. CAN or CANCEL will cancel any updates and exit. The following table describes each parameter.
Note: You can reset the parameters to the product defaults at any time by typing DEFAULT on the command line and pressing Enter.
Customizable Parameters for Guardium for Mainframes
|
Parameter |
Description |
Default Value |
|
Message Data Set Name |
The name of the data set that contains the Guardium for Mainframes message descriptions. |
?guardiumhlq.MSG |
|
Message Language |
The language in which Guardium for Mainframes messages should be issued. ENU (U.S. English) is the only valid value for this version of the product. |
ENU |
|
Message Set |
The name of the message set to be used by Guardium for Mainframes. NSU01 is the only valid value for this version of the product. |
NSU01 |
|
Sysout (NSUPRINT) Message Level |
The detail level for messages issued by Guardium for Mainframes. Specify a numeric value between 1 and 3. 1—Least verbose. Only severe messages are displayed. 2—Verbose. Severe and warning messages are displayed. 3—Most verbose. All messages are displayed. |
3 |
|
Package Collection ID |
All packages required for the audit extractor should be bound using the same collection ID. Enter a valid collection ID for the bound packages. The collection ID can be from 1 to 8 alphanumeric characters. |
NSUD11A |
|
SQL Retry Delay |
If Guardium for Mainframes encounters a time out condition, this parameter indicates the number of seconds that the data collector should wait before retrying the operation. Specify a numeric value between 0 and 9999. |
1 |
|
Number of SQL Retries |
The number of times that Guardium for Mainframes will retry an SQL operation before failing. Specify a numeric value between 0 and 9999 |
5 |
|
-DISPLAY LOCKS for -913 Retries |
If a time out condition occurs, the extractor can issue a -DISPLAY LOCKS command to DB2. The output from the command appears in the NSUDLOG file. Specify one of the following values: N—Never display locks. R—Display locks at each retry. F—Display locks only when the operation fails. |
N |
|
Z2000 Host Name |
Fully qualified host name (for example, AUDITAPP.NEONESOFT.COM) or IP address of the Z2000 appliance server. |
|
|
Z2000 Port Number |
Port number on the Z2000 appliance server used for TCP/IP communications with the z/OS mainframe. Specify a numeric value between 1 and 65535. |
16016 |
|
Communications Timeout |
Number of seconds to wait before a communications attempt between the mainframe and the Z2000 appliance will time out. Specify a numeric value between 1 and 6000. |
15 |
|
Max Dataspace Size |
The maximum size allocation, in megabytes, for the data collection dataspace. Specify a numeric value between 1 and 2048. |
100 |
|
Log Processor Activity Timeout |
The length of time in minutes that the log processor will wait for activity before issuing a time-out message. Specify a numeric value between 1 and 1440. |
15 |
|
Local Rules Dataset Name |
The data set name pattern to use for the rules data sets. Specify any valid dataset name that complies with your site naming requirements. |
|
|
DB2 Version 7 Load Library |
Data set name for the DB2 version 7 load library. |
|
|
DB2 Version 8 Load Library |
Data set name for the DB2 version 8 load library. |
|
|
DB2 Subsystems Selected for Audit |
List of one or more DB2 subsystem IDs (or datasharing group IDs) to be audited; use ALL to audit every discovered DB2 subsystem. |
|
Guardium for Mainframes requires that you perform a DB2 bind on those packages it uses during the audit process. Use the following steps to perform the bind:
BIND NSU DB2 Package, as follows:
edit and process ?guardiumhlq.CNTL(NSU1000).
GRANT DB2 user privileges, as follows:
Guardium for Mainframes Z-TAP started task must have EXECUTE authority on the NSU packages in the NSU Collection.
edit and process ?guardiumhlq.CNTL(NS2000).