Create a z/OSMF nucleus on your system
This information is intended for a first-time z/OSMF setup. If z/OSMF is already configured on your system, you do not need to create a z/OSMF nucleus on your system.
IBM provides a sample job, IZUNUSEC, to help you set up basic security for a z/OSMF nucleus configuration.
System defaults are used for the z/OSMF environmental settings. Wherever possible, it is recommended that you use the default values. However, if necessary you can override the defaults by supplying an IZUPRMxx member, as described in IZUPRMxx reference information.
The sample jobs that you might use are available from SYS1.SAMPLIB.
System setup requirements
This document assumes that the following is true of the z/OS host system:
- Port 443 is available for use. To check, enter either of the following TSO/E commands to
determine whether the port is being used:
NETSTAT SOCKET
orNETSTAT BYTE
- The system host name is unique and maps to the system on which z/OSMF is being installed. To retrieve this value, enter either "hostname" z/OS UNIX command or TSO/E command "HOMETEST". If your system uses another method of assigning the system name, such as a multi-home stack, dynamic VIPA, or System Director, see Configuring z/OSMF for high availability.
- The global mount point exists. On a z/OS V2R4 system, the system includes this directory by
default at the following location:
/global/zosmf/
.
If you find that a different value is used on your z/OS system, you can edit the IZUPRMxx parmlib member to specify the correct setting. For details, see IZUPRMxx reference information.
Dependencies on other z/OSMF services
- Data set search function
- Requires the z/OS data set and file REST services, which are enabled by running the IZURFSEC security job.
- Change password function
- Requires the TSO/E address space services, which are enabled by running the IZUTSSEC security job.
You can perform this setup after you create a z/OSMF nucleus on your system.