Steps to create the ICSF startup procedure
ICSF provides this job control language program. You can use this code as the basis for your startup procedure.
- member CSF in SYS1.SAMPLIB
//CSF PROC //CSF EXEC PGM=CSFINIT,REGION=0M,TIME=1440,MEMLIMIT=NOLIMIT //CSFPARM DD DSN=SYS1.PARMLIB(CSFPRM00),DISP=SHRStore this startup PROC in SYS1.PROCLIB (or another suitable library).
- Change or use the sample startup procedure
according to your needs.
- In the sample code, the first line is the PROC statement. You can add one or more procedure
variables to the PROC statement. For example, you can allow the system operator to decide at start
time which member of the installation options data set to use. This example allows the operator to
enter START CSF,M=CSFPRM00, specifying an alternate set of start-up options.
//CSF PROC M=CSFPRM00 . . . //CSFPARM DD DSN=MY.ICSF.PARM(&M),DISP=SHRYou can use the same principle to change the name of a sequential data set, if you are not using a partitioned data set.
- The last line is the CSFPARM DD statement. The sample code specifies SYS1.PARMLIB as the data set where the installation options data set is stored. If you stored the installation options data set elsewhere, replace SYS1.PARMLIB with the name of the data set where you stored the installation options.
- The CSFPARM DD statement also specifies member CSFPRM00 as the name of the installation options data set. If you used a different name when you created the installation options data set (or any time you want to use other options), change this member name.
- In the sample code, the first line is the PROC statement. You can add one or more procedure
variables to the PROC statement. For example, you can allow the system operator to decide at start
time which member of the installation options data set to use. This example allows the operator to
enter START CSF,M=CSFPRM00, specifying an alternate set of start-up options.
- Store your startup procedure in SYS1.PROCLIB (or another suitable library) with a member name of your choice. (Depending on installation standards, possible names include CSF, CSFPROD, and CRYPTO.)
- If you use Security Server (RACF), you may need to update the
RACF Started Procedure Table if you define a new started task:
- Add the new started task name
- Add a RACF userid to associate with the started task. See z/OS Security Server RACF System Programmer's Guide for more information.
- Optionally, you can add a RACF group name.
Notes:- SAF uses the userid associated with the ICSF address space when accessing the CKDS and PKDS named in the installation options data set both at ICSF startup and when performing coordinated functions (Coordinated Change-MK, Coordinated Refresh, or Coordinated Convert). When you perform a non-coordinated CKDS or PKDS task (Initialize, Change MK, Refresh, Convert), SAF uses the identity associated with the invoker (TSO userid when using panels under TSO/E or the userid associated with the batch address space when using a batch job).
- If you specify a REMOTEDEVICE entry in the ICSF installation options data set, ICSF will attempt to connect to this device using TCP/IP. Additional setup is required. For more information, see Adding and removing regional cryptographic servers.