Security in MSC and shared-queues environments

In Multiple Systems Coupling (MSC) and shared-queues environments that are made up of multiple IMS systems, each IMS system can receive transactions from terminals and from the other IMS systems in the same environment. The transactions from the other IMS systems require you to take additional security measures.

In an MSC network, each IMS system can be viewed as a local IMS system or a remote IMS system. A local IMS system receives transactions from a terminal. A remote IMS system receives transactions from a local IMS system through an MSC link. Each IMS system in an MSC environment can be local for one type of transaction and remote for another.

Similarly, in a shared-queues environment, each IMS system can function as a front-end IMS system, a back-end IMS system, or both. A front-end IMS system receives transactions from terminals. A back-end IMS system receives transactions from a front-end IMS system through a shared queue. Each IMS system in a shared-queues environment can function as both a front-end IMS system and a back-end IMS system.

In MSC and shared-queues environments, you must implement security separately for each IMS system. The security controls of each IMS system are independent of those of the other IMS systems. Each IMS system is unaware of the security checking that the other IMS systems perform.

Related reading: For more information about MSC and shared queues, see IMS Version 15.4 Communications and Connections.

Local MSC and front-end shared-queues security

Although there are no special security specifications that you need to make for local MSC and front-end shared-queues IMS systems, if the IMS system might also function as a remote MSC or back-end shared-queues IMS system, be sure to implement security appropriately. Otherwise, implement security for local and front-end IMS systems as you would for a standalone IMS system in a DB/DC or DCCTL environment.

Remote MSC and back-end shared-queues security

For remote MSC and back-end shared queues IMS systems, you can use RACF® for security. CHNG and AUTH calls and IMS conversational deferred program switches (that occur in the same IMS as the inputting terminal) perform an authorization check to determine whether the user who entered the transaction is authorized to use the IMS resource.

To perform a RACF authorization from the dependent region, a security environment first must be established. If the dependent region is part of the same IMS as the inputting terminal, and the user who entered the transaction is still signed on, then the security environment that is created in the IMS control region at signon is used for the authorization call. The security environment that is created at signon is not available under the following conditions:

  • The dependent region is part of the same IMS as the inputting terminal, but the user has signed off.
  • The dependent region is part of another IMS, connected to the IMS with the inputting terminal by an MSC link.
  • The dependent region is part of another IMS in a sysplex with IMS shared message queues support.

In these conditions, the security environment must be dynamically created in order to perform the RACF authorization check. Dynamic creation of this security environment increases the time required to process a CHNG or AUTH call. The dynamically created security environment is kept until IMS is done with the message (until the next sync point or GET UNIQUE). Use the Build Security Environment user exit (BSEX) to control when IMS performs the dynamic creation of the security environment.

For input from APPC or OTMA, if security is defined as FULL, the security environment has already been created before any CHNG or AUTH call. If APPC/OTMA security is defined as NONE, RACF is not called. If APPC/OTMA security is defined as CHECK, and a CHNG or AUTH call is made, a dynamic security environment has to be created.

When the following IMS exit routines are called because of an application program CHNG or AUTH call, the address of the CTB is zero when the call is made from an IMS dependent region that is not part of the same IMS as the inputting terminal:

  • Command Authorization exit routine (DFSCCMD0)
  • Transaction Authorization exit routine (DFSCTRN0)
  • Security Reverification exit routine (DFSCTSE0)

Resource Access Security (RAS) security for LTERMs in a shared-queues environment is supported only for LTERMs that are statically defined to that IMS back end.