Global configuration parameters

The global configuration parameters are applicable for every server and agent address space. You can be place them inside a Scope block to define different values for different address spaces.

JCL parameters

Following are the JCL-related parameters:

Parameter

Description

CONFIG 

Recognized by the program as a valid input to execute the parameters

PARM 

Passes input data from the job step into a program (for more information, see the JCL documentation by IBM)

PROG 

Identifies the current processing program (for more information, see the JCL documentation by IBM)

License-related parameters

The following BMC parameters relate to product licensing. The product does not start without valid licensing details.

Parameter

Description

CustomerID

Specify your customer name.

CustomerKey

Specify the authorization key for Resident Security Server in your Installation.
The authorization key allows RSS to run on your systems, so it's important that you specify the key provided by BMC correctly by using this mandatory parameter.

Customer keys consists of a number of eight-character segments separated by hyphens as follows:
00000000-00000000-00000000-00000000

If the key exceeds the space available on one line, you can continue it on the next line provided that the key is separated after a hyphen. For example:

0000000-
0000000

RACF settings

The following parameters define specific RACF settings:

Parameter

Description

ClassName FACILITY|class

By default, the RSS RACF resources are defined in the FACILITY class

If you placed the RSS resources in a different class during RSS product installation, specify it here.

MixedCase Yes|No

(Optional) Specifies whether mixed-case passwords can be used

Yes enables mixed-case passwords. No converts passwords to uppercase before processing.

If you omit MixedCase, the default is No.

RACFAdminUser userID auto|noauto


For RSS-based components that need to issue RACF administrative commands, this parameter defines the user ID under which commands are issued

  • (Optional) userID specifies the user ID that is used to issue commands. If you omit userID, the default is the user ID for the address space in which RSS is running.
  • auto specifies that RSS should use APF authorization to provide the authority for commands.
  • (Default) noauto specifies that RSS should not use APF authorization.

If you omit RACFAdminUser, RACF commands run under the user ID for the address space on which RSS is running, with no APF authorization.

RACFCommandDelay numberOfSeconds

(SPE2107)



The number of seconds that RSS waits between resetting a password (setting a temporary password using the ALU command) and setting a new password

Enter a number from 1 to 60. For systems that synchronize user password changes using the RACF remote sharing facility (RRSF), this gives RRSF time to propagate the first action (reset) before the second action (set) is executed. It applies especially to the BMC AMI Security Self Service Password Reset and BMC AMI Security Privileged Access Manager (formerly BMC AMI Security Breakglass) products if you are using the multiple LPAR facility.

If you omit this parameter, the default is 0.

Security setting

(SPE2107)

Use the CommandSecurity On|Off parameter to specify whether RSS should implement an additional layer of security for MODIFY commands submitted to the started task. When set to On, RSS checks for the RACF or Top Secret profile, RSM.RSSCMD.command, and verifies that the user submitting the MODIFY command has a minimum of READ access to the profile.

If you omit this parameter, the default is Off.

For information about the MODIFY command, see Commands.

Message and tracing parameters

Normally, you would need only information and error messages to be output. However, sometimes BMC might ask you to activate tracing messages, for example, to help track down an issue.

Use the following MessageLevel type type type parameter to specify which messages to output. You can specify as many MessageLevel parameters as required and specify multiple types on a single line.

Parameter

Description

AppTrace

Turns on application specific tracing

BufTrace

Traces data in all traced exchanges and protocol information

DATATrace

(SPE2107)

Traces detailed data buffers during communication

Warning

Use this trace with caution to avoid reporting sensitive data.

DLLTrace

Traces application DLL calls

DSTrace

(SPE2107)

Traces data space activity

Error

Output error messages

HTTPTrace

Traces HTTP traffic generated by user interactions with the RSS browser interface

Info

Output information messages

JSONTrace

(SPE2107)

Traces JSON streams over the REST API

MUTEXTrace

(SPE2107)

Traces mutual exclusion (mutex) operations

RACFTrace

Traces all RACF commands and their output responses

REXXTrace

(SPE2107)

Traces REXX activity and allows the called REXX execs to write additional trace data

SQLTrace

Traces application SQL calls

TCPTrace

Traces all TCP communications including SSL exchanges when using HTTPS protocol

XCFTrace

Traces data sent and received across XCF communications

The recommended settings for normal use are:
MessageLevel Error Info

Internal trace table

(SPE2110)

(Optional) The InternalTrace value parameter specifies the number of entries in the RSS internal trace table. This table tracks events occuring in RSS products and is used by BMC Support for troubleshooting purposes. The contents of the table can be output by command. If an abend occurs it is automatically formatted and prepared for output.

To disable internal tracing, specify a value of 0.

If you omit this parameter, the default value is 4096.

SMF parameters

(Optional) The SMFRecordType type parameter defines the SMF record type written by RSS-based applications. Subtypes can also be used to differentiate records from different applications.

For type, specify a number between 128 and 255.

If you omit this parameter and you are running BMC AMI Security Privileged Access Manager, the default type is 175.

If you omit this parameter and you are running BMC AMI Security Self Service Password Reset, the default type is 175, subtype is 21.

SyslogD Identification

The SyslogId id parameter defines the ID attached to SyslogD records written by this instance of RSS. The id specified is used in the name field of any SyslogD record written by this instance of RSS. The default value is rss.

Application selection

Applications such as BMC AMI Security Administrator, Security PAM, and SSPR can run only in the Server address space, while other applications, such as BMC AMI Security Policy Manager, can run in Server or Agent address spaces.

Use the Activate applicationName parameter to define which applications to activate in the RSS instance being configured. Specify multiple Activate parameters to start multiple applications. The application specified will be activated in this instance of RSS.

Valid applicationName values are:

  • Server
  • racfGUI
  • (SPE2201) PAM
  • (earlier than SPE2201) Breakglass
  • SSPR
  • zDetect

General parameters

(SPE2110)

The following parameters relate to general operation:

Parameter

Description

TCPBufferSize numberOfBytes

Specifies the size in bytes of the TCP receive buffer used by RSS

We recommend that you modify this parameter only if specific applications require a larger buffer to prevent unnecessary overhead.

AbendLimit count

Controls the number of recoverable abends before RSS shuts down

This applies to applications that implement recoverable abend handling. Enter a number from 0 to 256.

If you omit AbendLimit, the default value is 16.

Related topics

Configuring-after-installation

Sample-RSS-configuration-parameters

Installing

Using

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*