IBM Z Runtime Environment

Implementation of the Db2 Log Reader Capture agent requires a number of environment specific activities that often involve people and resources from different parts of an organization. This section describes those activities so that the internal procedures can be initiated to complete those activities prior to the actual setup and configuration of the SQData capture components.

Identify Source and Target System and Datastore

Configuration of the Capture Agents, Engines and their Controller Daemon's require identification of the system and type of datastore that will be the source of and target for the captured data. Once this information is available, requests for ports, accounts and the necessary file and database permissions for the Engines that will run on each system should be submitted to the responsible organizational units.

Confirm/Install Replication Related APARS

The Db2 Capture Agent utilizes Db2 logging and LogReader IFI calls. That functionality evolves over time as customers and IBM identify problems. IBM initially creates a problem management report (PMR) when a problem is identified. Next an authorized program analysis report (APAR) is issued containing symptoms and workarounds to document and track its resolution. Eventually IBM may produce a program temporary fix (PTF) to replace the module in error, and the APAR is closed.

Precisely recommends requesting from IBM the list of replication related APAR's associated with your installed version of Db2 to ensure that your system is up to date before beginning to use the Connect CDC SQData Db2 Log Reader Capture. IBM will understand that includes any PTF's related Db2 Logging, IFI 306 calls and IFCID 306 calls. Db2 Version 12 also requires implementation of the 10 Byte Log Sequence Number (LSN).

Modify z/OS PROCLIB Members

Modify the members of the SQDATA.V4nnnn.PROCLIB as required for your environment to set the supporting system dataset names (i.e. Language Environment, IMS, VSAM, Db2, etc.) Each member contains instructions on the necessary modifications. Refer to the SQDLINK procedure for the names of system level datasets as it was updated during the base SQData Installation.

Verify Product is Linked

The SQData product should have been linked as part of the base product installation using JCL similar to sample member SQDLINKA. Verify that the return code from this job was 0.

Bind the Db2 Package

The Db2 Capture Agent and Apply Engines that access Db2 tables require a Db2 Package/Plan in order to access the Db2 system catalogs to obtain information regarding the tables being processed. A common database request module (DBRM) SQDDDB2D is shipped as part of the SQData product distribution in SQDATA.V400.DBRMLIB. The Bnd of the Package/Plan SQDV4000 should be performed using JCL similar to sample member BINDSQD.

Note: Once the Bind is complete, authorization for its use must be granted for started task and job user-ids, see Prepare Db2 for Capture. If the bind is being performed as part of an upgrade from SQData V3 to V4 then the current Capture Cab file must be updated to reflect the new Package and Plan. That can be accomplished using the sqdconf utility modify command with the --plan=SQDV4000 specified:

Verify APF Authorization of LOADLIB

Execution of the SQData on z/OS requires APF authorization of the product's Load Library, which is normally made a permanent part of the IPL APF authorization procedure as part of the base product installation. Verify that SQData is on the list of currently APF authorized files using the z/OS ISPF/SDSF facility. First, enter "/D PROG, APF" at the SDSF command prompt to generate the list. Next, enter "LOG" at the SDSF command prompt. Scroll to the bottom of the log to display the results of the previous command and then back up and to the right to view the complete listing of the command.

Create zFS Variable Directories

The Controller Daemon, Capture, Storage and Publisher agents require a predefined zFS directory structure used to store a small number of files. While only the configuration directory is required and the location of the agent and daemon directories is optional, we recommend the structure described below, where <home> and a "user" named <sqdata> could be modified to conform to the operating environment and a third level created for the Controller Daemon (see note below):

/<home>/<sqdata> - The home directory used by the SQData

/<home>/<sqdata>/daemon - The working directory used by the Daemon that also contains two sub directories.

/<home>/<sqdata>/daemon/cfg - A configuration directory that contains two configuration files.

/<home>/<sqdata>/daemon/logs - A logs directory, though not required, is suggested to store log files used by the controller daemon. Its suggested location below must match the file locations specified in the Global section of the sqdagents.cfg file created in the section "Setup Controller Daemon" later in this document.

Additional directories will be create for each Capture/Publisher. The recommended structures is described below:

/<home>/<sqdata>/db2cdc - The working directory for the Db2 Capture and CDCStore Storage agents. The Capture and CDCStore configuration (.cab) Files will be maintained in this directory along with small temporary files used to maintain connections to the active agents.

/<home>/<sqdata>/db2cdc/data - A data directory is required by the Db2 Capture. Files will be allocated in this directory as needed by the CDCStore Storage Agent when transient data exceeds allocated in-memory storage. The suggested location below must match the "data_path" specified in the Storage agent configuration (.cab file) described later in this chapter. A dedicated File System is required in production with this directory as the "mount point".

/<home>/<sqdata>/imscdc - The working directory for the IMS Capture and CDCzLOG Publisher agents. The Capture and Publisher (.cab) Files will be maintained in this directory along with small temporary files used to maintain connections to the active agents.

/<home>/<sqdata>/[vsampub | kfilepub] - The working directory for the VSAM and Keyed File Compare Capture's CDCzLOG Publisher agent. The Publisher configuration (.cab) File will be maintained in this directory along with small temporary files used to maintain connections to the active agents.

Create zFS Variable Directories Notes

  1. Consider changing default umask setting in the /etc/profile file, or in your .cshrc or .login file.
  2. While many zFS File systems are configured with /u as the "home" directory, others use /home, the standard on Linux. References in the Connect CDC SQData JCL and documentation will use /home for consistency. Check with your Systems programmer regarding zFS on your systems.
  3. The User-ID(s) and/or Started Task under which the Capture and the Controller Daemon will run must be authorized for Read/Write access to the zFS directories.
  4. A more traditional "nix" style structure may also be used where "sqdata", the product, would be a sub- directory in the structure "/var/opt/sqdata/" with the daemon and data sub-directory structures inside sqdata.
  5. The BPXPRMxx member used for IPLs should be updated to include the mount point(s) for this zFS directory structure.
JCL similar to the sample member ALLOCZDR included in the distribution should be used to allocate the necessary directories. The JCL should be edited to conform to the operating environment.
//ALLOCZDR JOB 1,MSGLEVEL=(1,1),MSGCLASS=H,NOTIFY=&SYSUID
                            //*
                            //*------------------------------------------------------
                            //* Allocate zFS Directories for Daemon and CAB Files
                            //*------------------------------------------------------
                            //* Note: 1) These directories are use by the Controller Daemon,
                            //*          CDCStore and CDCzLog based capture agents
                            //*
                            //*       2) The 1st, 2nd and 3rd level directories can be changed but
                            //*          we recommend the 2nd Level be a User named sqdata.
                            //*
                            //*       3) Leave /daemon and /daemon/cfg as specified
                            //*
                            //*       4) Your UserID may need to be defined as SUPERUSER to
                            //*          successfully run this Job
                            //*
                            //*********************************************************************
                            //*
                            //*---------------------------------------------------------------------
                            //* Delete Existing Directories
                            //*---------------------------------------------------------------------
                            //*DELETDIR EXEC PGM=IKJEFT01,REGION=64M,DYNAMNBR=99,COND=(0,LT)
                            //*SYSEXEC DD DISP=SHR,DSN=SYS1.SBPXEXEC
                            //*SYSTSPRT DD SYSOUT=*
                            //*OSHOUT1 DD SYSOUT=*
                            //*SYSTSIN DD *
                            //* OSHELL rm -r /home/sqdata
                            /*
                            //*--------------------------------------------------------------------
                            //* Create New ZFS Directories for Controller Daemon & Captures
                            //*--------------------------------------------------------------------
                            //CREATDIR EXEC PGM=IKJEFT01,REGION=64M,DYNAMNBR=99,COND=(0,LT)
                            //SYSTSPRT DD SYSOUT=*
                            //SYSTSIN DD * PROFILE MSGID WTPMSG
                            MKDIR '/home/sqdata/' + MODE(7,7,5)
                            MKDIR '/home/sqdata/daemon/' + MODE(7,7,5)
                            MKDIR '/home/sqdata/daemon/cfg' + MODE(7,7,5)
                            MKDIR '/home/sqdata/daemon/logs' + MODE(7,7,5)
                            MKDIR '/home/sqdata/db2cdc/' + MODE(7,7,5)
                            MKDIR '/home/sqdata/db2cdc/data/' + MODE(7,7,5)
                            /*
                            //
                            MKDIR '/home/sqdata/imscdc/' + MODE(7,7,5)
                            MKDIR '/home/sqdata/vsampub/' + MODE(7,7,5)
                            MKDIR '/home/sqdata/kfilepub' + MODE(7,7,5)

Reserve TCP/IP Ports

TCP/IP ports are required by the Controller Daemons on source systems and are referenced by the Engines on the target system(s) where captured Change Data will be processed. Once the source systems are known, request port number assignments for use by SQData on those systems. Connect CDC SQData defaults to port 2626 if not otherwise specified.

Identify/Authorize zFS User and Started Task IDs

z/OS Capture and Publisher processes can operate as standalone batch Jobs or under a Started Task. Once the decision has been made as to which configuration will be employed, a User-ID and/or Name of the Started Task must be assigned. RACF must then be used to grant access to the OMVS zFS file system.

JCL similar to the sample member RACFZFS included in the distribution can be edited to conform to the operating environment, and be used to provide the appropriate authorizations:
//RACFZFS JOB 1,MSGLEVEL=(1,1),MSGCLASS=H,NOTIFY=&SYSUID
                        //*
                        //*----------------------------------------------------------------------
                        //* Sample RACF Commands to Setup zFS Authorization
                        //*-----------------------------------------------------------------------
                        //* Note: 1) The Task/User Names are provided as an example and
                        //*          must be changed to fit your environment
                        //*
                        //*          Started Tasks included:
                        //*          SQDAMAST - z/OS Master Controller
                        //*          SQDDB2C - DB2 z/OS Capture Agent
                        //*          SQDZLOGC - IMS/VSAM LogStream Publisher
                        //*          SQDAEMON - z/OS Listener Daemon
                        //*          <admin_user> - Administrative User
                        //*
                        //*        2) MMAPAREAMAX Parm required only for DB2 CDCStore Capture
                        //*
                        //*        3) The FSACCESS step may be needed if the RACF FSACCESS
                        //*           class is active. See comments in the step.
                        //*
                        //*--------------------------------------------------------------------------
                        //*
                        //RACFZFS EXEC PGM=IKJEFT01
                        //SYSTSPRT DD SYSOUT=*
                        //SYSPRINT DD SYSOUT=*
                        //SYSUADS DD DSN=SYS1.UADS,DISP=SHR
                        //SYSLBC DD DSN=SYS1.BRODCAST,DISP=SHR
                        //SYSTSIN DD *
                        ADDUSER SQDAMAST DFLTGRP(<stc_group>) OWNER(<owner_name>) 
                        ALTUSER SQDAMAST NOPASSWORD NOOIDCARD
                        ALTUSER SQDAMAST NAME('STASK, SQDATA')
                        ALTUSER SQDAMAST DATA('FOR SQDATA CONTACT:<sqdata_contact_name>') 
                        ALTUSER SQDAMAST WORKATTR(WAACCNT('**NOUID**'))
                        CONNECT SQDAMAST GROUP(<stc_group>) OWNER(<owner_name>) 
                        PERMIT 'SQDATA.*' ID(SQDAMAST) ACCESS(READ) GEN
                        
                        ADDUSER SQDDB2C DFLTGRP(<stc_group>) OWNER(<owner_name>) 
                        ALTUSER SQDDB2C NOPASSWORD NOOIDCARD
                        ALTUSER SQDDB2C NAME('STASK, SQDATA')
                        ALTUSER SQDDB2C DATA('FOR SQDATA CONTACT:<sqdata_contact_name>') 
                        ALTUSER SQDDB2C WORKATTR(WAACCNT('**NOUID**'))
                        CONNECT SQDDB2C GROUP(<stc_group>) OWNER(<owner_name>) 
                        ALTUSER SQDDB2C OMVS(PROGRAM('/bin/sh'))
                        ALTUSER SQDDB2C OMVS(MMAPAREAMAX(262144)) 
                        PERMIT 'SQDATA.*' ID(SQDDB2C) ACCESS(READ) GEN
                        
                        ADDUSER SQDZLOGC DFLTGRP(<stc_group>) OWNER(<owner_name>) 
                        ALTUSER SQDZLOGC NOPASSWORD NOOIDCARD
                        ALTUSER SQDZLOGC NAME('STASK, SQDATA')
                        ALTUSER SQDZLOGC DATA('FOR SQDATA CONTACT:<sqdata_contact_name>') 
                        ALTUSER SQDZLOGC WORKATTR(WAACCNT('**NOUID**'))
                        CONNECT SQDZLOGC GROUP(<stc_group>) OWNER(<owner_name>) 
                        ALTUSER SQDZLOGC OMVS(PROGRAM('/bin/sh'))
                        PERMIT 'SQDATA.*' ID(SQDZLOGC) ACCESS(READ) GEN
                        
                        ADDUSER SQDAEMON DFLTGRP(<stc_group>) OWNER(<owner_name>) 
                        ALTUSER SQDAEMON NOPASSWORD NOOIDCARD
                        ALTUSER SQDAEMON NAME('STASK, SQDATA')
                        ALTUSER SQDAEMON DATA('FOR SQDATA CONTACT:<sqdata_contact_name>') 
                        ALTUSER SQDAEMON WORKATTR(WAACCNT('**NOUID**'))
                        CONNECT SQDAEMON GROUP(<stc_group>) OWNER(<owner_name>) 
                        ALTUSER SQDAEMON OMVS(PROGRAM('/bin/sh'))
                        PERMIT 'SQDATA.*' ID(SQDAEMON) ACCESS(READ) GEN
                        
                        ADDUSER <admin_user> DFLTGRP(<stc_group>) OWNER(<owner_name>) 
                        ALTUSER <admin_user> NOPASSWORD NOOIDCARD
                        ALTUSER <admin_user> NAME('STASK, SQDATA')
                        ALTUSER <admin_user> DATA('FOR SQDATA CONTACT:<contact_name>') 
                        ALTUSER <admin_user> WORKATTR(WAACCNT('**NOUID**'))
                        CONNECT <admin_user> GROUP(<stc_group>) OWNER(<owner_name>) 
                        ALTUSER <admin_user> OMVS(PROGRAM('/bin/sh'))
                        ALTUSER <admin_user> OMVS(MMAPAREAMAX(262144)) 
                        PERMIT 'SQDATA.*' ID(<admin_user>) ACCESS(READ) GEN
                        
                        SETROPTS GENERIC (DATASET ) REFRESH
                        /*
                        //
                        //*------------------------------------------------------------------------
                        //* SETUP R/W ACCESS TO THE SQDATA ZFS FILE SYSTEM
                        //*
                        //* If the FSACCESS RACF class is not active, do not run this step.
                        //*
                        //* The FSACCESS class provides coarse-grained control to z/OS USS
                        //* file systems at the file system name level. It is inactive by
                        //* default and is not always used.
                        //*
                        //* If your RACF administrator has activated this class, and if any
                        //* protected file system will be accessed by a capture, publisher,
                        //* daemon, admin user, or other user or task, then you will need to
                        //* grant access to the relevant profile(s). Check with your RACF
                        //* administrator to determine if this is required.
                        //*
                        //* The example below shows the RACF commands to define a new profile
                        //* in the FSACCESS class for the DB2 CDCStore file system and grant
                        //* UPDATE permission to the users that will access it.
                        //*--------------------------------------------------------------------------
                        //FSACCESS EXEC PGM=IKJEFT01
                        //SYSTSPRT DD SYSOUT=*
                        //SYSPRINT DD SYSOUT=*
                        //SYSUADS DD DISP=SHR,DSN=SYS1.UADS
                        //SYSLBC DD DISP=SHR,DSN=SYS1.BRODCAST
                        //SYSTSIN DD *
                        SETROPTS GENERIC(FSACCESS)
                        RDEFINE FSACCESS SQDATA.** UACC(NONE)
                        PERMIT SQDATA.** CLASS(FSACCESS) ID(SQDAMAST) ACCESS(UPDATE) 
                        PERMIT SQDATA.** CLASS(FSACCESS) ID(SQDDB2C) ACCESS(UPDATE) 
                        PERMIT SQDATA.** CLASS(FSACCESS) ID(SQDZLOGC) ACCESS(UPDATE) 
                        PERMIT SQDATA.** CLASS(FSACCESS) ID(SQDAEMON) ACCESS(UPDATE) 
                        PERMIT SQDATA.** CLASS(FSACCESS) ID(<admin_user>) ACCESS(UPDATE) 
                        SETROPTS RACLIST(FSACCESS) REFRESH
                        /*
                        //

Identify/Authorize zFS User and Started Task IDs Notes

  • The RACFZFS sample JCL includes users SQDDB2C and SQDZLOGC. These sections are only required when using the Db2 CDCSTORE Capture or the IMS/VSAM CDCzLog Publisher agents respectively.
  • The Db2 Log Reader Capture avoids "landing" captured data by using memory mapped storage. While Storage is not allocated until memory mapping is active, it is important to specify a value for MMAPAREAMAX using RACF that will accommodate the data space pages allocated for memory mapping of the z/OS UNIX (OMVS) files. Precisely recommends using a value of 262144 (256MB) because the default of 4096 (16MB) will likely cause the capture to fail as workload increases. The RACF ADDUSER or ALTUSER command, included in the sample RACFZFS JCL above, specifies the MMAPAREAMAX limit. You can read more about MMAPAREAMAX process limits and its relationship to MAXPMMAPAREA system limits here https://www.ibm.com/support/knowledgecenter/en/SSLTBW_2.1.0/com.ibm.zos.v2r1.bpxb200/maxmm.htm.

Prepare Db2 for Capture

The Db2 Log Reader Capture requires special user privileges and preparation to access and read the Db2 Recovery Logs using the Db2 Instrumentation Facility Interface (IFI) calls. SQData (version 4) also requires some system tables to be captured to support Schema Evolution.

The following GRANTS are required:

  1. GRANT MONITOR2 TO < sqdata_user>;
  2. GRANT EXECUTE ON PLAN SQDV4000 TO < sqdata_user>;
  3. GRANT SELECT ON SYSIBM.SYSTABLES TO < sqdata_user>;
  4. GRANT SELECT ON SYSIBM.SYSCOLUMNS TO < sqdata_user>;
  5. GRANT SELECT ON SYSIBM.SYSINDEXES TO < sqdata_user>;
  6. GRANT SELECT ON SYSIBM.SYSKEYS TO < sqdata_user>;
  7. GRANT SELECT ON SYSIBM.SYSTABLESPACE TO < sqdata_user>;

Db2 Reorg and Load procedures may need to be updated:

  • KEEPDICTIONARY=YES parameter must be used by all Db2 REORG and LOAD Utilities. If the CDC process is run asynchronously, for some reason gets behind or is configured to recapture older logs, the proper Compression Dictionary must be available.

Schema Evolution Requires DATA CAPTURE CHANGES on Two (2) Catalog Tables:

  1. SYSIBM.SYSTABLES
  2. SYSIBM.SYSCOLUMNS
Note:
  • A common database request module (DBRM) SQDDDB2D ships as part of the product distribution and a Bind must be performed on the SQDV4000 Package and Plan. Use the BINDSQD member in the CNTL Library to bind the Package and Plan to Db2.
  • Each Db2 table to be captured also requires:
    ALTER TABLE <schema.tablename> DATA CAPTURE CHANGES;
JCL similar to sample member DB2GRANT included in the distribution can be edited to conform to the operating environment, and be used to provide the appropriate Db2 user Authorizations.
//DB2GRANT JOB 1,MSGLEVEL=(1,1),MSGCLASS=H,NOTIFY=&SYSUID
                        //*
                        //*
                        //* Grant Db2 Authorizations for SQDATA Userid(s)
                        //*-----------------------------------------------------------------
                        //* Note:  MONITOR2 for IFI Calls
                        //*        Execute on the SQDATA PLAN SQDV4000
                        //*        SELECT on Catalog Table SYSIBM.SYSTABLES
                        //*        SELECT on Catalog Table SYSIBM.SYSCOLUMNS
                        //*        SELECT on Catalog Table SYSIBM.SYSINDEXES
                        //*        SELECT on Catalog Table SYSIBM.SYSKEYS
                        //*        SELECT on Catalog Table SYSIBM.SYSTABLESPACE
                        //*-----------------------------------------------------------------
                        //*
                        //DB2GRANT EXEC PGM=IKJEFT01,DYNAMNBR=20
                        //STEPLIB DD DISP=SHR,DSN=DSNC10.SDSNLOAD
                        //SYSTSPRT DD SYSOUT=*
                        //SYSTSIN DD * 
                        DSN SYSTEM(DBCG)
                        RUN PROGRAM(DSNTIAD) PLAN(DSNTIA11) - 
                        LIB('DSNC10.RUNLIB.LOAD')
                        //SYSPRINT DD SYSOUT=*
                        //SYSUDUMP DD SYSOUT=*
                        //SYSIN DD *
                        
                        GRANT MONITOR2                               TO <db2_user>; 
                        GRANT EXECUTE ON PLAN SQDV4000               TO <db2_user>; 
                        GRANT SELECT ON SYSIBM.SYSTABLES             TO <db2_user>; 
                        GRANT SELECT ON SYSIBM.SYSCOLUMNS            TO <db2_user>; 
                        GRANT SELECT ON SYSIBM.SYSINDEXES            TO <db2_user>; 
                        GRANT SELECT ON SYSIBM.SYSKEYS               TO <db2_user>; 
                        GRANT SELECT ON SYSIBM.SYSTABLESPACE         TO <db2_user>;

Generate z/OS Public / Private Keys and Authorized Key File

The Controller Daemon uses a Public / Private key mechanism to ensure component communications are valid and secure. A key pair must be created for the SQDaemon Job System User-ID and the User-ID's of all the Agent Jobs that interact with the Controller Daemon. On z/OS, by default, the private key is stored in SQDATA.NACL.PRIVATE and the public key in SQDATA.NACL.PUBLIC. These two files will be used by the Daemon in association with a sequential file containing a concatenated list of the Public Keys of all the Agents allowed to interact with the Controller Daemon. The Authorized Keys file must contain at a minimum, the public key of the SQDaemon job System User-ID and is usually created with a first node matching the user name running the SQDaemon job, in our example SQDATA.NACL.AUTH.KEYS.

The file must also include the Public key's of Engines running on z/OS or other platforms. The Authorized Keys file is usually maintained by an administrator using ISPF.

JCL similar to sample member NACLKEYS included in the distribution executes the SQDutil utility program using the keygen command and should be used to generate the necessary keys and create the Authorized Key List file. The JCL should be edited to conform to the operating environment and the job must be run under the user-id that will be used when the Controller Daemon job is run.
//NACLKEYS JOB 1,MSGLEVEL=(1,1),MSGCLASS=H,NOTIFY=&SYSUID
                        //*
                        //*----------------------------------------------------------------
                        //* Generate NACL Public/Private Keys and optionally AKL file
                        //*----------------------------------------------------------------
                        //* Required DDNAME:
                        //*    SQDPUBL DD - File that will contain the generated Public Key
                        //*    SQDPKEY DD - File that will contain the generated private Key
                        //*                 ** This file and its contents are not to be shared
                        //*
                        //* Required parameters:
                        //*    PARM - keygen *** In lower case ***
                        //*    USER - The system USERID or high level qualifier of the
                        //*           SQDATA libraries IF all Jobs will share Private Key.
                        //*
                        //* Notes:
                        //*   1) This Job generates a new Public/Private Key pair, saves
                        //*      them to their respective files and adds the Public Key
                        //*      to an existing Authorized Key List, allocating a new
                        //*      file for that purpose if necessary.
                        //*
                        //*    2) An optional first step deletes the current set of files
                        //*
                        //*    3) Change the SET parms below for:
                        //*       HLQ - high level qualifier of the CDC Libraries
                        //*       VER - the 2nd level qualifier of the CDC OBJLIB & LOADLIB
                        //*       USER - the High Level Qualifier of the NACL Datasets
                        //*--------------------------------------------------------------------
                        //*
                        //    SET HLQ=SQDATA
                        //    SET VER=V400
                        //    SET USER=&SYSUID
                        //*
                        //JOBLIB DD DISP=SHR,DSN=SQDATA..&VER..LOADLIB
                        //*
                        //*--------------------------------------------------------------------
                        //* Optional: Delete Old Instance of the NACL Files
                        //*-------------------------------------------------------------------
                        //*DELOLD EXEC PGM=IEFBR14
                        //*SYSPRINT DD SYSOUT=*
                        //*OLDPUB DD DISP=(OLD,DELETE,DELETE),DSN=&USER..NACL.PUBLIC
                        //*OLDPVT DD DISP=(OLD,DELETE,DELETE),DSN=&USER..NACL.PRIVATE
                        //*OLDAUTH DD DISP=(OLD,DELETE,DELETE),DSN=SQDATA.NACL.AUTH.KEYS
                        //*--------------------------------------------------------------------
                        //* Allocate Public/Private Key Files and Generate Public/Private Keys
                        //*--------------------------------------------------------------------
                        //SQDUTIL EXEC PGM=SQDUTIL
                        //SQDPUBL DD DSN=&USER..NACL.PUBLIC,
                        //           DCB=(RECFM=FB,LRECL=80,BLKSIZE=21200),
                        //           DISP=(,CATLG,DELETE),UNIT=SYSDA,
                        //           SPACE=(TRK,(1,1))
                        //SQDPKEY DD DSN=&USER..NACL.PRIVATE,
                        //           DCB=(RECFM=FB,LRECL=80,BLKSIZE=21200),
                        //           DISP=(,CATLG,DELETE),UNIT=SYSDA,
                        //           SPACE=(TRK,(1,1))
                        //SQDPARMS DD *
                        keygen 
                        //SYSPRINT DD SYSOUT=*
                        //SYSOUT DD SYSOUT=*
                        //SQDLOG DD SYSOUT=*
                        //*SQDLOG8 DD DUMMY
                        //*-------------------------------------------------------------------
                        //* Allocate the Authorized Key List File --> Used only by the Daemon
                        //*-------------------------------------------------------------------
                        //COPYPUB EXEC PGM=IEBGENER
                        //SYSPRINT DD SYSOUT=*
                        //SYSIN DD DUMMY
                        //SYSUT1 DD DISP=SHR,DSN=&USER..NACL.PUBLIC
                        //SYSUT2 DD DSN=SQDATA.NACL.AUTH.KEYS,
                        //          DCB=(RECFM=FB,LRECL=80,BLKSIZE=21200),
                        //          DISP=(MOD,CATLG),UNIT=SYSDA,SPACE=(TRK,(5,5))
  • Since the Daemon and Capture Agents and zOS Apply Engines may be running in the same LPAR/system, they frequently run under the same System User-ID, in that case they would share the same public/private key pair.
  • Changes are not known to the Daemon until the configuration files are reloaded, using the SQDmon Utility, or the sqdaemon process is stopped and started.