IBM expert Ori Pomerantz has been securing computer networks (and showing others how to do it too) since 1995. Pomerantz joined IBM in 2003 and since then, he has written classes on several IBM security products, including IBM Security zSecure™. He is also a co-author of the IBM Press publication Mainframe Basics for Security Professionals: Getting Started with RACF, 2007. In this whitepaper, "IBM Security Key Lifecycle Manager for z/OS 1.1: Operator Commands", Pomerantz helps you learn how to implement operator commands to control IBM Security Key Lifecycle Manager (ISKLM) for z/OS from the console of a mainframe. This task requires two prerequisites that you will discover:
The following sections outline what you will learn in the full white paper. To read the full paper, you can access it from Download.
CARLa is the main reporting engine used within zSecure Admin, zSecure Audit, zSecure Alert, and zSecure Manager for RACF z/VM. The CARLa programming language is sophisticated and can be used to generate your own reports, displays, emails, XML, and actions like RACF, TSO, UNIX®, and IDCAMS commands, WTO and UNIX system log messages, or more CARLa code.
CARLa contains lots of features that you normally find in a data processing language, including statistical and mathematical features. One advantage of CARLa is that you no longer need to write programs by using REXX or CLISTs to mine data from and correlate data sources. CARLa can process huge volumes of data in an efficient way while using only a minimal amount of CPU cycles.
The reports you see in the ISPF interfaces of IBM Security zSecure are all made possible because of and using the CARLa programming language. For any of the standard reports generated, you can copy the original CARLa code that produced that report. You can then adjust the CARLa program to fully meet your reporting needs (this a good way to learn the CARLa programming language).
CARLa is structured, repeatable, and scalable.
The steps you'll learn
Besides showing you how to run CARLa reports, Pomerantz covers the following instructions in this paper:
- How to generate a simple report with all the entities of a particular type (groups)
- Formatting and selecting specific profiles
- Reporting fields from multiple profile segments
- Creating reports that use the ISPF interface
- How to learn from the system reports
- How to automate administration tasks
- Selecting the current state as input
- Identifying inactive accounts
- Creating the RACF commands
- Running the RACF commands
In each of these sections, Pomerantz explains:
- Running the report
- Interpreting the lines
- Exploring the results
- Explore the topics and technologies in this article:
- Explore the IBM Security Framework for cutting-edge knowledge on IT security issues.
- Start your journey to implement IT security through pragmatic, intelligent, and risk-based practices at Security on developerWorks.
- Follow developerWorks on Twitter.
- Watch developerWorks on-demand demos ranging from product installation and setup demos for beginners, to advanced functionality for experienced developers.
Get products and technologies
- Evaluate IBM products in the way that suits you best: Download a product trial, try a product online, or use a product in a cloud environment.
- Get involved in the developerWorks Community. Connect with other developerWorks users while exploring the developer-driven blogs, forums, groups, and wikis.