Enabling sysplex support

With the sysplex support enabled, Debug Manager can establish communication between the client and the debugger if the LPAR that the client is connected to via RSE and the LPAR with a started debug session are different.

To enable sysplex support, complete the following steps:
  1. Ensure that Debug Manager is configured in all LPARs that the debugger runs on or that the user connects to via RSE.
  2. Start Debug Manager instances on all LPARs with HUBIP and HUBPORT parameters equal to the IP address and port number of one of the LPARS. That LPAR will become a primary node and the others will connect to it and act as secondary nodes. Any instance that fails to bind or connect will continue to work stand-alone on its LPAR, periodically trying to connect to the hub. If you want to change the primary node assignment when Debug Manager is running, you can use the Debug Manager console command H. For more information on how to start Debug Manager with a configuration file, see Running Debug Manager as a started task with a configuration file.
Below is how it works after sysplex support is enabled:
  1. Secondary nodes connect to the primary node.
  2. The primary instance is notified when a debug session is started in an LPAR but no RSE connection can be found.
  3. The primary node finds the LPAR with an active RSE connection and connect it to the LPAR where the debug session is waiting.
Figure 1. Debug Manager instances in a sysplex environment.
Debug Manager instances in a sysplex environment.
Start of change

Trusted TCP authentication for sysplex connections

Starting from 16.0.4, Debug Manager supports authentication of other Debug Manager instances connecting to its hub port by using Trusted TCP. To enable it in Debug Manager, set the TRUSTEDTCP parameter to ON and enter the following RACF commands or their equivalents in other security products:
RDEFINE SERVAUTH EZB.IOCTL.sysname.tcpprocname.PARTNERINFO UACC(NONE)
PERMIT EZB.IOCTL.sysname.tcpprocname.PARTNERINFO CLASS(SERVAUTH) ID(IBMUSER) ACCESS(READ)
SETROPTS RACLIST(SERVAUTH) REFRESH
RDEFINE SERVAUTH EZBDOMAIN APPLDATA('EQAZPCMDOMAIN')
SETROPTS RACLIST(SERVAUTH) REFRESH
You can use wildcards in the values for sysname and tcpprocname.
For more information about these commands, see Steps for retrieving partner security credentials.
Note: Debug Manager instances on all LPARS must be started under the same user ID.
End of change