V10.

cover

IBM Training Front cover

Lab Setup Guide

Exploiting the Advanced Features of RACF

Course code ES88G ERC 7.0
Lab Setup Guide

Trademarks
IBM, the IBM logo, and ibm.com are trademarks or registered trademarks of International Business
Machines Corp., registered in many jurisdictions worldwide.
The following are trademarks of International Business Machines Corporation, registered in many
jurisdictions worldwide:
AIX® BatchPipes® BookManager®
C/370™ CICS® DataPower®
DB™ DB2® Domino®
DRDA® eServer™ Express®
FICON® Guardium® IBM SmartCloud®
IMS™ InfoSphere® Language Environment®
Lotus Notes® Lotus® MVS™
NetView® Notes® OS/390®
Parallel Sysplex® PR/SM™ QMF™
RACF® Redbooks® Resource Measurement
Facility™
RMF™ S/390® Sametime®
System z® System z10® System z9®
Tivoli® VTAM® WebSphere®
z/Architecture® z/OS® z/VM®
z/VSE® zEnterprise® z10™
z9® 400®
Intel and Pentium are trademarks or registered trademarks of Intel Corporation or its subsidiaries in
the United States and other countries.
Linux is a registered trademark of Linus Torvalds in the United States, other countries, or both.
Windows is a trademark of Microsoft Corporation in the United States, other countries, or both.
Java™ and all Java-based trademarks and logos are trademarks or registered trademarks of
Oracle and/or its affiliates.
UNIX is a registered trademark of The Open Group in the United States and other countries.
Other product and service names might be trademarks of IBM or other companies.

March 2016 edition

The information contained in this document has not been submitted to any formal IBM test and is distributed on an “as is” basis without
any warranty either express or implied. The use of this information or the implementation of any of these techniques is a customer
responsibility and depends on the customer’s ability to evaluate and integrate them into the customer’s operational environment. While
each item may have been reviewed by IBM for accuracy in a specific situation, there is no guarantee that the same or similar results will
result elsewhere. Customers attempting to adapt these techniques to their own environments do so at their own risk.

© Copyright International Business Machines Corporation 1998, 2016.

This document may not be reproduced in whole or in part without the prior written permission of IBM.
US Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
V10.1
Lab Setup Guide

TOC Contents
Trademarks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . v

Lab setup guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
z/OS system facts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Lab configuration overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Hardware requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Software requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
IDs and passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Verification procedures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Testing the lab exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Performance notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

© Copyright IBM Corp. 1998, 2016 Contents iii

Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Lab Setup Guide

iv Exploiting RACF © Copyright IBM Corp. 1998, 2016

Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V10.1
Lab Setup Guide

TMK
Trademarks
The reader should recognize that the following terms, which appear in the content of this training
document, are official trademarks of IBM or other companies:
IBM, the IBM logo, and ibm.com are trademarks or registered trademarks of International Business
Machines Corp., registered in many jurisdictions worldwide.
The following are trademarks of International Business Machines Corporation, registered in many
jurisdictions worldwide:
AIX® BatchPipes® BookManager®
C/370™ CICS® DataPower®
DB™ DB2® Domino®
DRDA® eServer™ Express®
FICON® Guardium® IBM SmartCloud®
IMS™ InfoSphere® Language Environment®
Lotus Notes® Lotus® MVS™
NetView® Notes® OS/390®
Parallel Sysplex® PR/SM™ QMF™
RACF® Redbooks® Resource Measurement
Facility™
RMF™ S/390® Sametime®
System z® System z10® System z9®
Tivoli® VTAM® WebSphere®
z/Architecture® z/OS® z/VM®
z/VSE® zEnterprise® z10™
z9® 400®
Intel and Pentium are trademarks or registered trademarks of Intel Corporation or its subsidiaries in
the United States and other countries.
Linux is a registered trademark of Linus Torvalds in the United States, other countries, or both.
Windows is a trademark of Microsoft Corporation in the United States, other countries, or both.
Java™ and all Java-based trademarks and logos are trademarks or registered trademarks of
Oracle and/or its affiliates.
UNIX is a registered trademark of The Open Group in the United States and other countries.
Other product and service names might be trademarks of IBM or other companies.

© Copyright IBM Corp. 1998, 2016 Trademarks v

Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Lab Setup Guide

vi Exploiting RACF © Copyright IBM Corp. 1998, 2016

Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V10.1
Lab Setup Guide

LSG
Lab setup guide

Overview
The purpose of this lab setup guide is to assist the classroom preparer in setting up the ES88G
classroom lab environment.
If you intend to use IBM remote labs instead of manually setting up an environment, do not use this
guide. Instead, refer to the Training Partner Operations Guide for directions to the IBM Remote Lab
Platform (IRLP).
If you intend to manually set up an environment, use this guide. It is separated into the following
parts:
• "Requirements" on page 5
• "Skills required to set up the lab" on page 8
• "Verification procedures" on page 8
The total setup time for this class is approximately 2 hours.

Important

The classroom must be ready to run lab exercises before the first day of class. You might want to
create a virtualized environment that you can maintain and reuse. Test the entire setup thoroughly
to avoid problems during class time. If you experience problems and need assistance, contact the
IBM Help Desk:
Call Center details
There are number of avenues of support. The IBM Training Help Desk uses IBM SmartCloud
Control Desk (SCCD) to manage Service Requests.Service Requests can be submitted directly in
SCCD either using the chat function or the self-service support center.
The URL for SCCD is
https://ibmtrn.sccd.ibmserviceengage.com/maximo_t4hj/webclient/login/login.jsp
Urgent issues can also be reported by telephone:
+ 1-844-335-7094 (US/CAN)
+ 00 1 469-619-2474 (International Number)
Email: [email protected]
The IBM Training Help Desk can be reached 24 hours a day, 365 days a year. The language for
support is English.
Email response time is 24 hours, so for Priority 1 Requests, please call or use the chat functions.

© Copyright IBM Corp. 1998, 2016 Lab setup guide 1

Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Lab Setup Guide

"Requirements" on page 5 provides a summary of the classroom setup by using system labels. A
system label is a name for each unique system included in this classroom setup. The name
identifies a specific system configuration throughout this document. If an instructor system has the
same system label as a student system, they have identical setup requirements.
Each student (or group of students) will have its own z/OS guests to work during the labs.

z/OS system facts

Your system will run z/OS Version 2 Release 2 and will have the following DASD volumes available:
ADDR V=ALL STORAGE FREE FREE FREE LARGEST FREE PCNT
VOLSER ADDR TYPE STATUS USE GROUP EXTS CYLS TRKS CYLS TRKS FREE
ZOS0T0 0500 3390-9 ACT PRIV *NONSMS* 001 1971 29577 1971 29577 20%
MVR001 0501 3390-9 ACT STOR *NONSMS* 002 5 104 4 79 5%
MVR002 0502 3390-9 ACT STOR *NONSMS* 000 0 0 0 0 0%
MVR004 0504 3390-9 ACT STOR *NONSMS* 000 0 0 0 0 0%
MVR005 0505 3390-9 ACT STOR *NONSMS* 007 265 3986 250 3750 53%
MVR006 0506 3390-9 ACT STOR *NONSMS* 007 422 6347 400 6000 85%
SMS001 0508 3390-9 ACT PRIV PRIMARY 014 3213 48242 3213 48200 96%
ZOS0T1 053C 3390-9 ACT PRIV *NONSMS* 001 3347 50214 3347 50214 33%
ZOS0T2 053D 3390-9 ACT PRIV *NONSMS* 005 2204 33084 2131 31965 22%
ZOS0T3 053E 3390-9 ACT PRIV *NONSMS* 006 2438 36597 2237 33555 24%
ZOS0T4 053F 3390-9 ONLN PRIV *NONSMS* 001 10002 150038 10002 150038 100%
ZOS0AB 0BC8 3390-9 ONLN PRIV *NONSMS* 006 7412 111216 6598 98970 74%
ZOS0AA 0BC9 3390-9 ONLN PRIV *NONSMS* 014 7104 106606 6627 99405 71%
ZOS0BA 0BCA 3390-9 ONLN PRIV *NONSMS* 004 6702 100533 6678 100170 67%
MVS0BA 0BCB 3390-9 ONLN PRIV *NONSMS* 014 7778 116717 6678 100177 78%
MVS0BB 0BCC 3390-9 ONLN PRIV *NONSMS* 004 6678 100187 6678 100170 67%
ZOSA00 0BCD 3390-9 ACT PRIV *NONSMS* 011 9620 144339 9520 142800 96%
SMSBK2 0BCE 3390-9 ONLN PRIV *NONSMS* 120 207 3792 178 2686 3%
SMSBK1 0BCF 3390-9 ONLN PRIV *NONSMS* 002 9697 145468 9697 145467 97%
ZOS0T0 is the System residence or IPL volume. It is shared and read only, with the needed
Linklibs and configuration files for all systems.
ZOS0T1 is an extension to the residence volume and contains other target datasets. It is shared
and read only.
ZOS0T2 and ZOS0T3 contain OMVS datasets. They are shared and read only.
SMS001 and SMS002 are SMS work volumes for the students. They are read/write and
contain:
- ES88 class datasets needed for the class: D80WW.**
D80WW.ES88.RRSF.CNTL for the RRSF lab (ex 1 2 3 4)
D80WW.ES88.SIGN.CNTL for the program signature lab (ex 11)
D80WW.ES88V7.PARMLIB for all other ES88 labs
D80WW.ES88V7.RRSF.PARMLIB
MVRxxx are non-SMS volumes: They contain spool, checkpoint, page, sysplex couple, and
SMF datasets.

2 Exploiting RACF © Copyright IBM Corp. 1998, 2016

Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V10.1
Lab Setup Guide

LSG MVR005 contains the ES88 parmlib and proclib datasets:

- SYS2.PARMLIB
- SYS2.PROCLIB

Important

PARMLIB and PROCLIB will be named SYS2.xxxx, and will use PARMLIB and PROCLIB
concatenation. Make sure the students understand that they will have to make any update to SYS2
datasets during the labs, as the SYS1 datasets are on read-only volumes!

TSO user IDs

These are the TSO user IDs available on each MVSR## system.
The user IDs RACFADM and RACFAD2 both have SPECIAL and AUDITOR and have full authority
in SDSF.
RACFADM PW=SECADMIN. Main ID used by students. Systems programmer ID with
RACF special, and OMVS superuser attributes.
RACFAD2 PW=SECADMIN. Secondary ID used by students. Systems programmer ID
with RACF special, and OMVS superuser attributes.
RACFU01-06 PW=ENDUSER. Ordinary IDs for labs. Does not have RACF special
authority, nor OMVS superuser.

Product documentation requirements

Below lists the documentation that is needed to conduct the class. They can be accessed online
using Internet access.

Manuals
GA32-0884 z/OS UNIX System Services Planning
SA23-2285 z/OS UNIX System Services File System Interface Reference
SA23-2280 z/OS UNIX System Services Command Reference
SC24-6887 z/OS Distributed File Service zSeries File System Administration
SA38-0666 z/OS MVS System Commands
SA23-1379 z/OS MVS Initialization and Tuning Guide
SA23-1380 z/OS MVS Initialization and Tuning Reference
SA32-0990 z/OS V2R2.0 JES2 Commands
SA32-0974 z/OS TSO/E System Programming Command Reference

© Copyright IBM Corp. 1998, 2016 Lab setup guide 3

Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Lab Setup Guide

SA23-1385 z/OS V2R2.0 MVS JCL Reference

SA38-0668 z/OS V2R2 MVS System Messages Vol 2
SA38-0671 z/OS V2R2 MVS System Messages Vol 4(CBD-DMO)
SA38-0673 z/OS V2R2 MVS System Messages, Vol 6 (GOS-IEA)
SA38-0675 z/OS V2R2 MVS System Messages, Vol 8 (IEF-IGD)
z/OS UNIX System Services:
http://www-01.ibm.com/support/knowledgecenter/SSLTBW_2.2.0/com.ibm.zos.v2
r2.bpx/bpx.htm?lang=en
SA23-2289-01 z/OS V2R2 Security Server RACF Security Administrator's Guide
SA23-2290-01 z/OS V2R2 Security Server RACF Auditor's Guide
SA23-2287-01 z/OS V2R2 Security Server RACF System Programmer's Guide
SA23-2292-01 z/OS V2R2 Security Server RACF Command Language Reference
SA23-2293-01 z/OS V2R2 Security Server RACF Callable Services Reference
SA23-2288-01 z/OS Security Server RACF Macros and Interfaces Reference
SG24-8041 RACF Remote Sharing Facility over TCP/IP (Redbooks)
With this intranet link, you have access to all z/OS manuals:
z/OS 2.2 information center http://publib.boulder.ibm.com/infocenter/zos/v2R2/index.jsp
Online version of z/OS V2.2 reference manuals in PDF format
http://www-03.ibm.com/systems/z/os/zos/bkserv/V2R2pdf/
z/OS V2R2 Publications http://www-03.ibm.com/systems/z/os/zos/bkserv/v2R2books.html
z/OS Resource Access Control Facility
http://www-03.ibm.com/systems/z/os/zos/features/racf/
The messages and codes are online but broken into many volumes. The manuals are named as
follows:
SA22-7631 System Messages, Vol 1 (ABA-AOM)
SA22-7632 System Messages, Vol 2 (ARC-ASA)
SA22-7633 System Messages, Vol 3 (ASB-BPX)
SA22-7634 System Messages, Vol 4 (CBD-DMO)
SA22-7635 System Messages, Vol 5 (EDG-GFS)
SA22-7636 System Messages, Vol 6 (GOS-IEA)
SA22-7637 System Messages, Vol 7 (IEB-IEE)
SA22-7638 System Messages, Vol 8 (IEF-IGD)
SA22-7639 System Messages, Vol 9 (IGF-IWM)
SA22-7640 System Messages, Vol 10 (IXC-IZP)

4 Exploiting RACF © Copyright IBM Corp. 1998, 2016

Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V10.1
Lab Setup Guide

LSG Requirements
The following section provides information about how to manually create the lab environment that is
needed to conduct the lab exercises in this course. As the classroom provider, you are responsible
for providing the following configuration for this class. The instructor requires one configuration, and
each student in the class requires a separate configuration. Depending on the course requirements,
instructor and student configurations might be identical.
The ES88 lab environment consists of a set of z/OS V2R2 systems, where each team of students in
a class will use the same shared system. The set of guest systems permits to run several classes in
parallel.
The systems run as VM guest machines on the POKEDVM2 VM host situated in IRLP
Poughkeepsie (US). There are two sets of lab systems, supporting each a maximum of 12 lab
teams, that can be reserved for a class. The systems are cloned from a master system before each
class and therefore no instructor setup or customization is necessary (although it is recommended
for the instructor to IPL the student systems for the first time, rather than leaving it to the students).
IRLP provides a set of 12 systems, each being able to support one class independently.
ES88G H01 MVSR01-12 (set 1)
ES88G H02 MVSR21-32 (set 2)
This information should tell you (the instructor!) how to IPL the team lab systems, and how to
LOGON to a TSO session.
No special system setup/cleanup is needed; classes will get a fresh copy of day-1 image.

Set up and test a team lab system

This information should tell you (the instructor) how to IPL the team lab systems, and how to log on
to a TSO session.
• No special system setup/cleanup is needed; classes will get a fresh copy of day-1 image.
• * Labs require access to the one of the student delivery system which run on a z/OS 2.2
• * Student Delivery Systems: MVSR01-12 (set 1) - MVSR21-32 (set 2)
• Student systems are cloned as identical copies of the production master for a class. For this
class each student system supports one class.
• Student delivery systems are normally IPL’ed before the class start by the operations team.
• You are normally not required to IPL or re-IPL your student systems during the course of this
class.
• Student systems are cloned as identical copies of the production master for a class.
The delivery environment for this course is one lab system per student. The master will be
configured to support multiple delivery systems. This will provide the capability to have multiple
offerings of this course in multiple locations during any given week. Student systems are cloned as
identical copies of the production master for a class. SYS2.PARMLIB(IEASYM01) on the master
system contains symbolic definitions to make cloned systems unique, as necessary, at IPL time.

© Copyright IBM Corp. 1998, 2016 Lab setup guide 5

Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Lab Setup Guide

To access a team system, each student team will use a VM surrogate user ID of SMVSR## that is
authorized to log on or start the MVSR## system.

Note

For actual classes, the passwords are auto-generated based on the format B4cccc4B, where cccc
is the 4-digit class number assigned to a class. (That is, for class number A1RT, auto-generated
password would be B4A1RT4B).

You should check when scheduling a class how you will be informed of the surrogate ID password.

Lab configuration overview

Hardware requirements
Table 1 lists the hardware needed to prepare one student lab set. When preparing for a class,
multiply the items below by the number of lab sets needed for the class.
Table 1: Hardware for one student lab set
Machine type/model or Minimum free DASD or
Minimum memory Features
processor type disk space
PC (>1 GHz) 512 MB 100 MB Network connection
Table 2 lists the hardware required for an instructor machine.
Table 2: Hardware for instructor machine
Machine type/model or Minimum free DASD or
Minimum memory Features
processor type disk space
PC (>1 GHz) 512 MB 400 MB Network connection
Table 3 lists other host or server hardware required to conduct the class.
Table 3: Hardware for host or server system
Machine type/model or Minimum free DASD or
Minimum memory Features
processor type disk space
zSeries or System z 512 MB 1 GB Network Connection

Software requirements
Table 4 lists the software needed to prepare the student lab sets. When preparing for a class, be
sure you have the correct number of licensed copies of any non-IBM software.
Table 4: Software for one student lab set
Software product Version Licensing requirement
Windows 7 or VISTA
IBM Personal Communication 5.7 or higher

6 Exploiting RACF © Copyright IBM Corp. 1998, 2016

Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V10.1
Lab Setup Guide

LSG Table 4: Software for one student lab set

Software product Version Licensing requirement
Internet Explorer 8 and 9
Mozilla Firefox ESR 17
TCP/IP support for TELNET and
FTP clients

Adobe Reader 6.0 or higher

Table 5 lists the software needed to prepare the instructor machine.
Table 5: Software for instructor machine
Software product Version Licensing requirement
Windows 7 or Vista
IBM Personal Communication 5.7 or higher

Internet Explorer 8 and 9

Mozilla Firefox ESR 17
TCP/IP support for TELNET and
FTP clients

Adobe Reader 6.0 or higher

Table 6 lists the software needed to prepare the host or server machine.
Table 6: Software for host machine
Software product Version Licensing requirement
z/OS V2R2M0

IDs and passwords

Table 9 lists the various IDs that IBM suggests for this class and any requirements that they have.
Some might be automatically created during the installation process.
During the labs you will be asked to log on different types of user IDs. In the table below you will see
the list of users (some of which you will create yourself), their attributes, and their default password.
These are the TSO user IDs available on each MVSR## system.
The user IDs RACFADM and RACFAD2 both have SPECIAL and AUDITOR and have full authority
in SDSF.
RACFADM PW=SECADMIN. Main ID used by students. Systems programmer ID with
RACF special, and OMVS superuser attributes.
RACFAD2 PW=SECADMIN. Secondary ID used by students. Systems programmer ID
with RACF special, and OMVS superuser attributes.
RACFU00-06 PW=ENDUSER. Ordinary IDs for labs. Does not have RACF special
authority, nor OMVS superuser.

© Copyright IBM Corp. 1998, 2016 Lab setup guide 7

Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Lab Setup Guide

Skills required to set up the lab

The following specialized skills are required to set up the lab:
The Instructor should be able to:
• IPL and operate an z/OS System under VM.
• Use RACF to help students in their student systems.
• Contact the help desk or phone to operations contact.
The Student should be able to:
• Log on under and operate a z/OS System.
• End user familiarity with Windows 7, XP,2000, VISTA desktop.
Note that the lab systems are cloned for the beginning of each class and should be immediately
ready to run.

System verification procedures

Provided the team lab system IPLs and you can LOGON to TSO, no further lab setup is needed. I
wish you the best of luck with the labs.

Verification procedures
Use the following information to verify the installation and configuration of the student and instructor
lab environments.

LOGON as TSO user on an IRLP lab system

1. Make sure Citrix is running on your workstation.
2. Start a PCOMM communication session to VM host POKEDVM2.
This section describes the steps involved in logging on to the lab system.
The following screen shows the Menu of Applications.

8 Exploiting RACF © Copyright IBM Corp. 1998, 2016

Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V10.1
Lab Setup Guide

LSG

Netid= USIBMES IBM Training Terminal= SLIPA215

Host = ESSCMC1 POK IRLP PAGE 1
To Disc = LOGOFF 09:44 Friday - February 12, 2016
APPLNAME STATUS ! APPLNAME STATUS ! APPLNAME STATUS
--------------------------------------------------------------------------------
TSOE UP 13:31 ! !
VM2 UP 13:31 ! !
ESSMVS1 UP 13:31 ! !
POKEDVM1 UP 13:31 ! !
POKEDVM2 UP 13:31 ! !
ESSMVS7 UP 13:31 ! !
XTSOE UP 13:31 ! !
CMC1 UP 13:31 ! !
CMC2 UP 13:31 ! !
NVMVS UP 03:30 ! !
NVCMC1 UP 05:10 ! !
NVCMC2 UP 13:31 ! !
! !
! !
--------------------------------------------------------------------------------
Help Desk (Intl)001 469 619 2474 IRLPHELPàUS.IBM.COM (US/CAN) 844-335-7094
IBM Mgt Approved Usage Only
==>
PF1=Help PF2=ESSMVS1 PF3=Return PF4=VM2 PF7=Backward PF8=Forward

__ 3. Once you get to this screen proceed to the next page.

__ 4. You should see POKEDVM2 as one of the options to select. Enter POKEDVM2 on the
command line (===>) or press the F4 key.

© Copyright IBM Corp. 1998, 2016 Lab setup guide 9

Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Lab Setup Guide

__ 5. You should see a screen similar to the one on the next page.

z/VM ONLINE

==== ======== ==== ====

==== ========= ===== =====
== == == ===== =====
== ======== ====== ======
== ======== == ======= ==
== == == == ===== ==
==== ========= === === === POKEDVM2
==== ======== === = === z/VM
6.3.0
IBM Training
Poughkeepsie - New York
(US/CAN - 1-844-335-7094
International 00 1 469-619-2474)
Use of this system is for IBM
Management approved purposes only.

Fill in your USERID and PASSWORD and press ENTER

(Your password will not appear when you type it)
USERID ===>
PASSWORD ===>

COMMAND ===>
RUNNING POKEDVM2

__ 6. Substitute your MVSR letters for the lowercase yy you see below in the dial command.
__ 7. Enter the following on the command line on the lower left of this screen. The command line
begins with ==>.
DIAL MVSRyy

3. TSO user IDs on the lab systems

These are the TSO user IDs available on each MVSR## system.
The user IDs RACFADM and RACFAD2 both have SPECIAL and AUDITOR and have full authority
in SDSF.
RACFADM PW=SECADMIN. Main ID used by students. Systems programmer ID with
RACF special, and OMVS superuser attributes.

10 Exploiting RACF © Copyright IBM Corp. 1998, 2016

Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V10.1
Lab Setup Guide

LSG RACFAD2 PW=SECADMIN. Secondary ID used by students. Systems programmer ID

with RACF special, and OMVS superuser attributes.
RACFU01-06 PW=ENDUSER. Ordinary IDs for labs. Does not have RACF special
authority, nor OMVS superuser.

The ‘enter application request’

__ 8. By now you should have arrived at the Enter Application Request screen below.

ENTER APPLICATION REQUEST COM SERVER V2R2

IIII BBBBBBB MM MM IT EDUCATION SERVICES

II BB BB MMM MMM
II BB BB MM M M MM
II BBBBBB MM M M MM
II BB BB MM MM MM
II BB BB MM MM
IIII BBBBBBB MM MM

z/OS V2R2.0

EEEEEE DDDDD UU UU CCCCCC AAAAAAA TTTTTTTT IIII OOOOOO NN NN

EE DD DD UU UU CC CC AA AA TT II OO OO NNN NN
EE DD DD UU UU CC AA AA TT II OO OO NN N NN
EEEEE DD DD UU UU CC AA AA TT II OO OO NN N NN
EE DD DD UU UU CC AAAAAAA TT II OO OO NN N NN
EE DD DD UU UU CC CC AA AA TT II OO OO NN NNN
EEEEEE DDDDD UUUUUUUU CCCCCC AA AA TT IIII OOOOOO NN NN

TSO RACFADM

__ 9. At the lower left of this screen enter TSO and your user ID RACFADM.

© Copyright IBM Corp. 1998, 2016 Lab setup guide 11

Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Lab Setup Guide

Step 3 The logon screen

__ 10. By now you should have arrived at the TSO/E LOGON screen below.

------------------------------- TSO/E LOGON -----------------------------------

Enter LOGON parameters below: RACF LOGON parameters:

Userid ===> RACFADM

Password ===>

Procedure ===> $TSPROC Group Ident ===>

Acct Nmbr ===> 00000000000000

Size ===> 4096

Perform ===>

Command ===>

Enter an 'S' before each option desired below:

-New Password -Nomail -Nonotice -Reconnect -OIDcard

PF1/PF13 ==> Help PF3/PF15 ==> Logoff PA1 ==> Attention PA2 ==> Reshow
You may request specific help information by entering a '?' in any entry field

__ 11. You are now required to provide your user ID (if not already done,) and the corresponding
password SECADMIN.
__ 12. Your initial password SECADMIN will be expired and you will be required to enter a new
password to proceed with the logon. TSO will prompt you twice to enter your new password.

Step 4 The logon screen 2

ICH70001I RACFADM LAST ACCESS AT 08:04:10 ON FRIDAY, FEBRUARY 12, 2016

RACFADM LOGON IN PROGRESS AT 09:47:08 ON FEBRUARY 12, 2016
NO BROADCAST MESSAGES
Allocating ISPF/PDF environment...
Test for Netmail
You have no messages or data sets to receive.
***

__ 13. When you are presented with this panel simply press Enter to continue the TSO logon
processing.

12 Exploiting RACF © Copyright IBM Corp. 1998, 2016

Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V10.1
Lab Setup Guide

LSG Step 5 The ISPF primary option menu

Menu Utilities Compilers Options Status Help

Menu Utilities Compilers Options Status Help
------------------------------------------------------------------------------
z/OS 02.02.00 ISPF Primary Option Menu MVS System: MVSR01

0 Settings Terminal and user parameters User ID . : RACFADM

1 View Display source data or listings Time. . . : 09:47
2 Edit Create or change source data Terminal. : 3278
3 Utilities Perform utility functions Screen. . : 1
4 Foreground Interactive language processing Language. : ENGLISH
5 Batch Submit job for language processing Appl ID . : ISR
6 Command Enter TSO or Workstation commands TSO logon : $TSPROC
7 Dialog Test Perform dialog testing TSO prefix: RACFADM
8 LM Facility Library administrator functions System ID : R01
D DB2 Menus DB2 Applications MVS acct. : 00000000
E ITS MENU ITS extended menu Release . : ISPF 7.2
S SDSF System Display and Search Facility
10 SCLM SW Configuration Library Manager

Enter X to Terminate using log/list defaults

Option ===>
*ISRàPRI

__ 14. You are at the ISPF Primary Option Menu. Proceed to the assigned lab exercise.
Apart from normal ISPF/PDF selections, other important ones are
- S - Starts SDSF
- E - Jumps to second panel with links to RACF
__ 15. Lots more information about student environment can be found in Lab 1.

IPL a team system

To perform an IPL, follow those instructions:
__ 1. Make sure Citrix is running on your workstation.
__ 2. Start a PCOMM communication session to VM host POKEDVM2.

© Copyright IBM Corp. 1998, 2016 Lab setup guide 13

Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Lab Setup Guide

z/VM ONLINE

==== ======== ==== ====

==== ========= ===== =====
== == == ===== =====
== ======== ====== ======
== ======== == ======= ==
== == == == ===== ==
==== ========= === === === POKEDVM2
==== ======== === = === z/VM
6.3.0
IBM Training
Poughkeepsie - New York
(US/CAN - 1-844-335-7094
International 00 1 469-619-2474)
Use of this system is for IBM
Management approved purposes only.

Fill in your USERID and PASSWORD and press ENTER

(Your password will not appear when you type it)
USERID ===>
PASSWORD ===>

COMMAND ===>
RUNNING POKEDVM2

__ 3. Tab down to the command line and type: LOGON MVSR## BY SMVSR## (where you replace
## by the lab team number).
__ 4. When you are prompted, enter the surrogate ID password.

LOGON MVSR## BY SMVSR##

Enter your password,

or
To change your password, enter: ccc/nnn/nnn
where ccc = current password, and nnn = new password

_
CP Read POKEDVM2

14 Exploiting RACF © Copyright IBM Corp. 1998, 2016

Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V10.1
Lab Setup Guide

LSG __ 5. When/if you see the text Holding at the bottom of the screen, press Pause/Break key to
continue.
__ 6. The VM profile will set up the necessary definitions and then halt on this panel.

*****************************************************************
* *
* TO IPL YOUR MVSA1T SYSTEM, PLEASE ENTER THE FOLLOWING: IPLR01 *
* *
*****************************************************************
* Enjoy... and if you have any problems, Please call our Help *
* Desk at 8/526-5822 or (888) 502-5511. *
*****************************************************************

Ready;

ipla1t
RUNNING POKEDVM2

__ 7. Type the name of the IPL EXEC used for your lab system on the command line and then
press enter. The IPL EXEC name is IPLR## where ## = team number.
__ 8. After a short while, the VM screen should be replaced by the MVS NIP LOGON console
display. IPL should be completely automated - a procedure VTAMAPPL will do a staged
start of all the primary tasks. After system messages have stopped, do a J,L. It should look
like this:

08.03.19 STC00632 EZZ6003I TELNET LISTENING ON PORT 23

- 08.03.19 STC00629 EZD1290I TCPIP ICSF SERVICES ARE CURRENTLY UNAVAILABLE
- FOR AT-TLS GROUP gAct1
- 08.03.19 STC00629 EZZ4250I AT-TLS SERVICES ARE AVAILABLE FOR TCPIP
- 08.03.19 STC00633 EZZ8771I PAGENT CONFIG POLICY PROCESSING COMPLETE FOR
- TCPIP : TTLS
- 08.03.19 STC00633 EZD1586I PAGENT HAS INSTALLED ALL LOCAL POLICIES FOR
- TCPIP
- 08.03.19 STC00633 EZD1576I PAGENT IS READY FOR SERVICES CONNECTION
- REQUESTS
00- 09.49.58 d a,l
09.49.58 IEE114I 09.49.58 2016.043 ACTIVITY 628 C
JOBS M/S TS USERS SYSAS INITS ACTIVE/MAX VTAM OAS
00001 00009 00001 00028 00006 00001/00050 00007
LLA LLA LLA NSW S VLF VLF VLF NSW S
JES2 JES2 IEFPROC NSW S NET NET VTAM NSW S
RACF RACF RACF NSW S SYSLOGD STEP1 OMVSKERN NSW AO
TSO TSO STEP1 OWT S TCPIP TCPIP TCPIP NSW SO
TELNET TELNET TN3270 NSW SO PAGENT PAGENT PAGENT OWT SO
RACFADM OWT
IEE612I CN=R013A0 DEVNUM=03A0 SYS=R01

© Copyright IBM Corp. 1998, 2016 Lab setup guide 15

Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Lab Setup Guide

Working with z/OS console under VM

Students might not be familiar with running an MVS system as a VM Guest. When the students log
on to VM they are actually IPL'ing their MVS guest system. After VM logon, the session displays the
MVS console. If this session times out, the MVS system is shut down so it is advisable to
disconnect once the MVS system IPL completes. To do this:
__ 1. Enter PA2 from keyboard. You can do a right-click the PCOMM panel to get a pop-up that
will generate various 3270 special keys, including a PA2 and ATTN. Use any of those two
special keys (depending on your emulator customization, normally ATTN). Screen display
should blank out with CP READ displayed in bottom corner.
__ 2. Then type DISC in command line and press Enter. The system is disconnected and the VM
LOGON panel should be displayed.
This process ends the terminal session but leaves the MVS machine running under VM.
__ 3. If the student needs to access the console again they can reconnect by starting a new
PCOMM session and entering:
LOGON MVSR## BY SMVSR## HERE
on the command line of the VM logon screen (## = team number). When the message
RECONNECTED is displayed, type the characters ATTN, and then press Enter. The MVS
console screen will display again.

Testing the lab exercises

Complete all of the lab exercises in the Student Exercises Guide provided with the course, and
verify that they produce the expected results.
The instructor, or someone else with skills in the products that are involved, should conduct these
tests; the lab setup technician might not be qualified.

Important

You should completely verify all of the lab exercises whenever you build the environment as
described in this document. If you create the environment by restoring a backup copy, you should
run enough of the exercises to demonstrate that the copy was properly restored.
The lab exercises were tested in the development environment that is described in this guide. You
should test each exercise in your own lab environment to confirm the setup. Failure to complete an
end-to-end test of the labs might result in unexpected behavior during class.
Be sure to allocate enough time to complete these instructions. The classroom must be ready to
run lab exercises before the first day of class.

16 Exploiting RACF © Copyright IBM Corp. 1998, 2016

Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V10.1
Lab Setup Guide

LSG Performance notes

Verify that every lab workstation meets or exceeds the minimum hardware requirements.
Insufficient processor speed, memory, or disk space can affect the performance of the lab system.
Consider shutting down any running software on the workstation that is not needed or might be
using system resources.
Security or antivirus software can affect system performance, especially during the installation of
the environment.
Firewalls or proxy servers in the network can cause connectivity and performance issues. If
possible, consider disconnecting the lab workstations from the network.
Disconnect any open file shares, external USB drives, or disks that are connected to the
workstation.

© Copyright IBM Corp. 1998, 2016 Lab setup guide 17

Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Lab Setup Guide

18 Exploiting RACF © Copyright IBM Corp. 1998, 2016

Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
V10.1

backpg
Back page