Default language.

Creating the Host Server startup procedure

The Host Server is a mainframe started task that provides access to BMC AMI Ops product data. It runs as an address space on IBM z/OS systems with a running CAS and must be started in order to support its clients:

  • MainView Explorerprovides access to BMC AMI Ops product data via specific views.
  • Discovery Agent provides communications via the infrastructure APIs.

Multiple servers can run in a system and communicate with the same or different CASs.

Related topic

Manual-customization

Launching-MainView-Explorer

 

Important

Host Server must be running in order to access all BMC AMI Ops products.

To create a Host Server startup procedure

You can use member BBMXPJCL as a model for the Host Server startup procedure.

  1. Copy BBSAMP member BBMXPJCL to a procedure library. You can modify the member name to suit your organization. The member name is the name that you specify in the START command when you start the Host Server.

  2. Modify member BBMXPJCL as follows:

    Parameter

    Tasks

    SSID

    Change SSID=?SSID to SSID=ssid, where ssid is the subsystem ID of the CAS to which you want to connect. The default is BBCS.

    PORT

    Change PORT=?PORT to PORT=nnnnn, where nnnnn is a unique port number for the Host Server. You can use any integer between 1024 and 65535. The default is 3940.

    Important

    If you change the port number from the default of 3940, you must:

    • Specify a unique port number for each application that runs on a given system image.
    • Specify the new port number when you start the client.

    USERDS

    (Optional) Use or remove the USERDS parameter to control the allocation of user data sets. The BBVDEF and BBCDEF user data sets contain customized views and configurations, respectively. You can specify the USERDS parameter as follows:

    • USERDS=template defines a template that can be made up of the TSO prefix (%UPFX), the TSO user ID (%USERID), and the data set name (%BBDEF). You can specify one or both of the user tokens, and they can appear in any order. %BBDEF, which resolves to BBVDEF or BBCDEF, is required. The default template is %UPFX.%USERID.%BBDEF. The template that you specify appears in the MainView Explorer Logon dialog box. Users cannot change the template.
    • USERDS=NO disables the allocation of user data sets. The MainView Explorer Logon dialog box is truncated; the fields that are related to the allocation of user data sets do not appear.

    If you remove the USERDS parameter from the Host Server startup procedure, users can define their own data set template when they log on to MainView Explorer.

    Example

    The following are examples of valid templates and the user data sets that they would allocate for a user ID of MYID01:

    • %USERID.TEST.%BBDEF allocates MYID01.TEST.BBVDEF (and BBCDEF).
    • PROD.U%BBDEF.%USERID allocates PROD.UBBVDEF.MYID01 (and UBBCDEF).
    • %USERID.&SYSNAME.%BBDEF allocates MYID01.SYSC.BBVDEF (on SYSC).

    Including the system variable &SYSNAME., as shown in the last example, enables you to use the same data set template on different system images.

    ATTLS 

    Use the ATTLS parameter to leverage the IBM AT-TLS policy that enables you to create secure connections between MainView Explorer and the Host Server.

    The options are:

    • N does not use the ATTLS protocol (this is the default).
    • Y uses the ATTLS protocol to handle the TLS sessions for the Host Server.
    • D uses the ATTLS protocol and accepts a client certificate for logon.
    • R uses the ATTLS protocol and requires a client certificate for logon.
       

    Important

    IBM AT-TLS policy provides encryption and decryption of data based on the policy statements that are coded in the Policy
    Agent (PAGENT). AT-TLS provides greater integrity and privacy for data transfers between the MVE client and the Host Server. Therefore, we recommend using the ATTLS parameter in place of the TLS parameter.

    • If used, the ATTLS parameter value overrides the TLS parameter value.
    • The server TLS certificate and the keyring are defined in the Policy Agent’s configuration.
    • The BBMMVE parameter is not required for ATTLS.

    You can run MainView Explorer in secure mode (HTTPS) by using IBM Application Transparent Transport Layer Security (AT-TLS). For more information, see Running MainView Explorer with IBM-ATTLS.

    TLS

    (Optional) Use the TLS (Transport Layer Security) parameter to enable secure connections between MainView Explorer and the Host Server.

    The options are:

    • N does not use the TLS protocol (this is the default).
    • Y uses the TLS protocol.
    • D uses the TLS protocol and accepts a client certificate for logon.
    • R uses the TLS protocol and requires a client certificate for logon.

    SSL

    (Optional) Use the SSL (Secure Sockets Layer) parameter in place of TLS to enable secure connections between MainView Explorer and the Host Server. 

    The options for SSL are Y or N.

    Best practice
    SSL protocol has been deprecated and we recommend using ATTLS or TLS instead.

    TIMEOUT

    (Optional) Use the TIMEOUT parameter to enable the timeout check for MainView Explorer users.

    The options are Y, N, or hhmm.

    • Y sets the time out to the TWT value from SMFPRMXX if it is specified, or to the JWT value if not. 
    • N is the default. 
    • hhmm is hours and minutes, in the range of 0005-2400.
      For example, a TIMEOUT value of 0100 would timeout a user after one hour of inactivity.
       

    If the user has AUTO REFRESH enabled with a shorter time interval than the timeout, the user will never be logged off due to the continuous activity made by AUTO REFRESH. To learn more about AUTO REFRESH, see Refreshing-view-data-in-MainView-Explorer.

    BBMMVE

    (Optional) Use the BBMMVE parameter when TLS=YD, or R is used to indicate where the TLS certificate-related information is coded.

    Specify the 2-digit member suffix (xx) for the parameter member BBMMVExx.

  3. If you changed the member name to something other than BBMXPJCL, update the PROC statement with the new member name.
  4. Save the member.

Running MainView Explorer with IBM AT-TLS 

You can run MainView Explorer in secure mode (HTTPS) by using IBM Application Transparent Transport Layer Security (AT-TLS). Define the security parameters for AT-TLS in the Host Server startup procedure. The ATTLS=Y parameter value is used when the user is authorized to access the Host Server

However, while running the MainView Explorer with the ATTLS=D or ATTLS=R parameter values, which allows a client certificate to be used,  you must register the client certificate into the z/OS security manager (for example, IBM RACF, CA ACF2, or CA TSS). For more information about the certificate registration, contact your z/OS security administrators.

For MVE to run with ATTLS, you must edit the configuration in the MVE started task containing the JCL member that starts the Host Server. Use the ATTLS parameter to leverage the IBM AT-TLS policy to create secure connections between MVE and Host Server.

The following table describes the AT-TLS parameters:

Parameter

Description

ATTLS=N

ATTLS is not active or used for MVE server.

This is a default value.

ATTLS=Y

ATTLS is enabled to handle the TLS sessions for MVE server.

ATTLS=D

ATTLS is enabled and a client certificate can be used to access MVE server.

ATTLS=R

ATTLS is enabled and a client certificate is required to access MVE server.

The following Policy Agent AT-TLS configuration sample shows the required client certification:

TTLSEnvironmentAction eAct1~MVE_ClientAuth
{
TTLSEnvironmentAdvancedParms
{
ClientAuthType PassThru #Client certificate is requested
ApplicationControlled Off
}
HandshakeRole ServerWithClientAuth #Application verifies the certificate
TTLSKeyringParmsRef keyMVE01
}

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*