Considerations for Using Multiple RACF Service Machines
The following considerations can help you determine if you want to use more than one RACF® service machine:
- Applications that issue large number of RACF commands
Consider dedicating a server to processing such applications using the RAC command. Multiple applications of this type can share one server, or a server can be dedicated to one application only.
- Code
CPUSE=NOon the RACSERV macro for that RACF service machine. Refer to z/VM: RACF Security Server Macros and Interfaces for information on the RACSERV macro. - Change the application to set the $RAC_SRV global variable to the user ID of the dedicated RACF service machine.
- Code
- RACROUTE service
If you have products or applications that employ the full function RACROUTE interface you should consider dedicating a RACF service machine to process RACROUTE requests. See Dedicating RACF Service Machines for RACROUTE Request Processing if you choose this option.
- Discrete profiles for minidisks with large access lists
If you use RACF to provide access control for minidisks, and the majority of the minidisks have been defined with discrete profiles and contain large access lists, consider using an additional RACF service machine.
- Auditing
If you audit a large number of security relevant events, an additional RACF service machine can help improve the distribution of the overhead in recording the audit records. Each service machine has its own SMF minidisk.
IBM® recommends that you install the RACF product and determine the overall system performance characteristics before you install multiple RACF service machines.
If you plan to install multiple RACF service machines, you should make changes to the RACSERV macro when you install RACF. This procedure is described in RACF Program Directory.
For information on setting up multiple RACF service machines, see Setting Up Multiple RACF Service Machines.