Chapter Contents

Previous

Next
Communications Access Methods for SAS/CONNECT and SAS/SHARE Software

System Configuration for the APPC Access Method for SAS/SHARE

VTAM Systems Personnel
To configure resources for the CMS system that will enable it to behave as either a SAS/SHARE server or a client using the APPC access method, perform the following tasks:
  1. At a CMS server, create a VM directory entry for the server's virtual machine.

  2. At a CMS client, create an entry in the VM directory for each user who will access the server.

  3. At a CMS client, modify a system communications directory file with an entry for each server that users will access.

  4. At a CMS client, set security for connecting clients.

  5. At both a CMS client and a server, define a VTAM gateway.

  6. At both a CMS client and a server, define logon mode table entries.


Creating the Server VM Directory Entry for the Server Virtual Machine

You must include the following statements in the VM directory entry for the server virtual machine:

USER SASSHARE XXXXXXX 20M 20M G 100
MACHINE XA
IPL CMS PARM AUTOCR
OPTION MAXCONN 1024
IUCV *IDENT SHR1 GLOBAL
IUCV ALLOW
CONSOLE 009 3215
SPOOL   00C 2540 READER *
SPOOL   00D 2540 PUNCH A
SPOOL   00E 1403 A
LINK MAINT 19E 19E RR
LINK MAINT 19D 19D RR
LINK MAINT 190 190 RR
MDISK 191 3380 707 5 VM0800 MR XXXXXXX
MDISK 192 3380 501 3 VM0450 MR XXXXXXX
Several lines that are specific to the APPC access method are explained in more detail.
IUCV *IDENT SHR1 GLOBAL
IUCV ALLOW
OPTION MAXCONN 1024

The first line specifies the name of the server that will run in the virtual machine. The server name, shown as SHR1 in this example, is specified by the SERVER= option of the SERVER procedure in the SAS program that creates the server. The server-id is typically the name of the server virtual machine (the VM userid). If you specify server-id as RESANY, any valid server name can be specified for the SERVER= option.

The second line allows users to establish IUCV connections to the server virtual machine.

The third line specifies the maximum number of simultaneous connections to the server that you want to allow. Generally, you should allow four to five connections for each user who accesses data through the server. The number shown is only a guideline. The default MAXCONN value is 64. The maximum MAXCONN value is 65535.

SAS/SHARE does not specifically limit the number of simultaneous connections to a server.


Modifying an Entry in the VM Directory for Each User

Modify the VM directory entry by including the following statement in the VM directory entry for each user who will access a server:

OPTION MAXCONN 128

This statement specifies the maximum number of simultaneous connections to a server that you want to allow. Generally, you should allow four to five connections for each server. The default MAXCONN value is 64. The maximum MAXCONN value is 65535.


Creating a System Communications Directory File

You must create a system communications directory file with an entry for each server that your users will access. The system communications directory file is named SCOMDIR NAMES by default. It should reside on a system minidisk that is accessible to all CMS users.

Specify an entry for a server within the TSAF collection in the following form:

:NICK.server-id :LUNAME.*IDENT
                :TPN.server-id
                :SECURITY.level
                :MODENAME.modename

where

server-id
is the server-id as specified in the IUCV *IDENT VM directory entry record for the server virtual machine.

level
specifies whether to use security in a SAS/SHARE session. The two values for level are PGM, which indicates program security, or NONE. Specify PGM if the server is running secured (requiring a userid and password from each connecting user). Specify NONE if the server is running unsecured (not requiring a userid and password from each connecting user). See Setting Security for SAS/CONNECT and SAS/SHARE for more information about userid and password security.

Specify an entry for a server outside the TSAF collection in the following form:

:NICK.server-id :LUNAME.gateway server-id
                :TPN.SASTP62
                :MODENAME.modename
                :SECURITY.level

where

server-id
is the name of the LU for the server.

gateway
is the global gateway to the SNA network.

TPN.SASTP62
indicates the transaction program name as it is known to the target LU.

modename
is the communications mode for the SNA session that connects the gateway to the LU that is defined for the server.

level
specifies whether to use security in a SAS/SHARE session. The two values for level are PGM, which indicates program security, or NONE. Specify PGM if the server is running secured (requiring a userid and password from each connecting user). Specify NONE if the server is running unsecured (not requiring a userid and password from each connecting user). See Setting Security for SAS/CONNECT and SAS/SHARE for more information about userid and password security.

See the IBM publication VM/ESA Connectivity Planning, Administration, and Operation (SC24-5448) for more information about creating and processing communications directories. Contact IBM for information about obtaining this documentation.


Setting Security for Connecting Clients

Each user who connects to a server that is running in secured mode must specify a userid and a password that are valid on the system on which the server is running. A secured server requires a userid and password from each user, which it validates on the system where it is running.

You can specify a user's userid and password for the server's system in any of the following:


Specifying an APPCPASS VM Directory Statement

You can specify both a user's userid and password for the server's system in an APPCPASS statement in the user's VM directory as follows:

APPCPASS LU-name
userid password

where

LU-name
specifies the gateway and server identifier that is defined in the :LUNAME specification in the communications directory. Gateway and server identifier names are restricted to eight characters each.

userid
specifies a user's userid for the system where the server is running.

password
specifies the password for the userid.


Creating a User Communications Directory File

You can specify both a user's userid and password for the server's system in a user communications directory file on the user's A-disk. The file, named UCOMDIR NAMES by default, should contain an entry for each secure server that the user will connect to. An entry in a user communications directory file has the same format as one in a system communications directory file with the addition of these two fields:

:USERID.userid
:PASSWORD.password

This method is less secure than an APPCPASS statement because any other user who can read the UCOMDIR NAMES file can obtain the user's userid and password for the server's system. You can limit this exposure by restricting access to the file, the minidisk, or the SFS directory in which the UCOMDIR NAMES file resides (for example, by putting a read password on the minidisk where the file resides).

A user can perform this procedure, thereby, eliminating a system administrator's support. Users can modify their own communications directories if they subsequently change passwords for the server's systems. This procedure also requires that users maintain other fields such as server-id, gateway, and modename.

See the IBM publication VM/ESA Connectivity Planning, Administration, and Operation (SC24-5448) for more information about the creation and processing of communications directories. Contact IBM for information about obtaining this documentation.


Defining a VTAM Gateway

See Defining a VTAM Gateway for information about defining a VTAM outbound gateway (N01SASOG) for CMS clients to reach specific servers, as well as for defining a VTAM inbound gateway (APPL statements similar to N01SASPG) for connecting inbound to a specific CMS server.


Defining Logon Mode Table Entries

See Defining Logon Mode Table Entries for information about setting up a logon mode table to contain session properties.


References

See References for a list of documentation references.


Chapter Contents

Previous

Next

Top of Page

Copyright 1999 by SAS Institute Inc., Cary, NC, USA. All rights reserved.