Case Study

Bank ABC had acquired bank XYZ. Each of the banks will continue having their separate MVS LPARs. The project is to merge their production RACF databases and the two LPARs to share this merged database.

The function MERGE from CONSUL RACF was chosen as a main tool to convert the content of the XYZ RACF database into RACF commands. These commands will then be executed on the ABC RACF database on merger day. The project comprises 5 deliverables:

  1. Prepare a project plan.
  2. Preparation of the Guest d/b (XYZ) to become compatible with Host d/b (ABC), clean up of obsolete groups and userids, using Consul.
  3. Generate merger commands using CONSUL MERGE and edit merger commands on ABC.
  4. Run the Merger commands on ABC LPAR and IPL the XYZ LPAR with the merged RACF d/b.
  5. Post-merger decision.

Merger Scenario

Deliverable One

  1. Discuss and agree on common naming standards (eg. started task userids and profiles in class STARTED, name of shared RACF database SYSS.RACF.PRIM).
  2. Create Backout plan.
  3. Agree merger date/time.

Deliverable Two

  1. Migrate products from internal security to RACF products which have RACF security on ABC (eg convert VPS from its internal security to RACF by creating class $VPS in ICHRRCDE on XYZ
  2. Match SETROPTS controls on XYZ with ABC (For example, change XYZ to
    a) NOOPERAUDIT. Put UAUDIT on users with OPERATIONS from XYZ.
    b) Ret period 0 days
    c) Erase-on-scratch active
    d) Issue SETR AUDIT(*) GENERIC(*) GENCMD(*))
  3. Clean up from obsolete users and groups using Consul.

Deliverable Three

  1. Prepare a flat file of XYZ RACF d/b using Consul
  2. Freeze the updates to RACF db XYZ
  3. Generate and Edit Merger commands on MVSA

    For example, editing may include
    a)change OWNER of groups from XYZ to new names
    b) change ‘&’ to ‘and’ in merger CLIST
    c) define profiles from class TSOPROC residing on XYZ before creating TSO segments.
    d) permits to for dataset profiles imported from XYZ for entitled ABC users
    e) datasets profiles existing on both databases; add users from XYZ.
    f) SYS1 datasets - adoption of the less restricting UACCs
    g) General Resource classes PROGRAM FACILITY OPERCMDS SDSF TSOAUTH. If
    imported from XYZ place ABC users, if already existing on ABC place users from XYZ.
    h) Class STARTED

  4. Identify access for common started task userids to XYZ resources and prepare an
    additional CLIST with ‘PERMIT’ commands.

Deliverable Four

  1. Increase the ABC RACF d/b SYSS.RACF using IRRUT400
  2. Catalog this database on XYZ
  3. Run edited RACF commands (merger output) on ABC.
  4. Run additional CLIST on ABC.
  5. Import passwords for userids from XYZ to ABC using suitable programs.
  6. Assemble and link-edit to SYS1.LINKLIB in XYZ the CDT, ROUTER and ICHRDSNT
    modules for the merged database
  7. IPL the XYZ LPAR with ICHRDSNT pointing to SYSS.RACF

Deliverable Five

If there are difficulties as per criteria for backout, then proceed to BACKOUT plan:

  1. Change ICHRDSNT for XYZ to point to the old name SYS1.RACF
  2. IPL with above name pointing to the latest version of XYZ RACF d/b

If both systems are running without major problems, then proceed to Business Testing

back