|Communications Access Methods for SAS/CONNECT and SAS/SHARE Software|
|Creating the Server VM Directory Entry for the Server Virtual Machine|
You must include the following statements in the VM directory entry for the server virtual machine:
USER SASSHARE XXXXXXX 20M 20M G 100 MACHINE XA IPL CMS PARM AUTOCR OPTION MAXCONN 1024 IUCV *IDENT SHR1 GLOBAL IUCV ALLOW CONSOLE 009 3215 SPOOL 00C 2540 READER * SPOOL 00D 2540 PUNCH A SPOOL 00E 1403 A LINK MAINT 19E 19E RR LINK MAINT 19D 19D RR LINK MAINT 190 190 RR MDISK 191 3380 707 5 VM0800 MR XXXXXXX MDISK 192 3380 501 3 VM0450 MR XXXXXXXSeveral lines that are specific to the APPC access method are explained in more detail.
IUCV *IDENT SHR1 GLOBAL IUCV ALLOW OPTION MAXCONN 1024
The first line specifies the name of the server that will run in the virtual machine. The server name, shown as SHR1 in this example, is specified by the SERVER= option of the SERVER procedure in the SAS program that creates the server. The server-id is typically the name of the server virtual machine (the VM userid). If you specify server-id as RESANY, any valid server name can be specified for the SERVER= option.
The second line allows users to establish IUCV connections to the server virtual machine.
The third line specifies the maximum number of simultaneous connections to the server that you want to allow. Generally, you should allow four to five connections for each user who accesses data through the server. The number shown is only a guideline. The default MAXCONN value is 64. The maximum MAXCONN value is 65535.
SAS/SHARE does not specifically limit the number of simultaneous connections to a server.
|Modifying an Entry in the VM Directory for Each User|
Modify the VM directory entry by including the following statement in the VM directory entry for each user who will access a server:
OPTION MAXCONN 128
This statement specifies the maximum number of simultaneous connections to a server that you want to allow. Generally, you should allow four to five connections for each server. The default MAXCONN value is 64. The maximum MAXCONN value is 65535.
|Creating a System Communications Directory File|
You must create a system communications directory file with an entry for each server that your users will access. The system communications directory file is named SCOMDIR NAMES by default. It should reside on a system minidisk that is accessible to all CMS users.
Specify an entry for a server within the TSAF collection in the following form:
:NICK.server-id :LUNAME.*IDENT :TPN.server-id :SECURITY.level :MODENAME.modename
Specify an entry for a server outside the TSAF collection in the following form:
:NICK.server-id :LUNAME.gateway server-id :TPN.SASTP62 :MODENAME.modename :SECURITY.level
See the IBM publication VM/ESA Connectivity Planning, Administration, and Operation (SC24-5448) for more information about creating and processing communications directories. Contact IBM for information about obtaining this documentation.
|Setting Security for Connecting Clients|
Each user who connects to a server that is running in secured mode must specify a userid and a password that are valid on the system on which the server is running. A secured server requires a userid and password from each user, which it validates on the system where it is running.
You can specify a user's userid and password for the server's system in any of the following:
You can specify both a user's userid and password for the server's system in an APPCPASS statement in the user's VM directory as follows:
APPCPASS LU-name userid password
|Creating a User Communications Directory File|
You can specify both a user's userid and password for the server's system in a user communications directory file on the user's A-disk. The file, named UCOMDIR NAMES by default, should contain an entry for each secure server that the user will connect to. An entry in a user communications directory file has the same format as one in a system communications directory file with the addition of these two fields:
This method is less secure than an APPCPASS statement because any other user who can read the UCOMDIR NAMES file can obtain the user's userid and password for the server's system. You can limit this exposure by restricting access to the file, the minidisk, or the SFS directory in which the UCOMDIR NAMES file resides (for example, by putting a read password on the minidisk where the file resides).
A user can perform this procedure, thereby, eliminating a system administrator's support. Users can modify their own communications directories if they subsequently change passwords for the server's systems. This procedure also requires that users maintain other fields such as server-id, gateway, and modename.
See the IBM publication VM/ESA Connectivity Planning, Administration, and Operation (SC24-5448) for more information about the creation and processing of communications directories. Contact IBM for information about obtaining this documentation.
|Defining a VTAM Gateway|
See Defining a VTAM Gateway for information about defining a VTAM outbound gateway (N01SASOG) for CMS clients to reach specific servers, as well as for defining a VTAM inbound gateway (APPL statements similar to N01SASPG) for connecting inbound to a specific CMS server.
|Defining Logon Mode Table Entries|
See Defining Logon Mode Table Entries for information about setting up a logon mode table to contain session properties.
See References for a list of documentation references.
Top of Page
Copyright 1999 by SAS Institute Inc., Cary, NC, USA. All rights reserved.