I refrained from answering earlier because we're an all-RACF shop. However, I can comment the extent of (RACF) database sharing. We have a bronze-plex that resulted from bolting together two previously independent parallel sysplexes, one with two members and another with only one. These sysplexes were independent for business reasons. RACF databases could not be combined because a given userid or dataset might be defined in both with different access levels.
The result is a single parallel sysplex in which the two like members share everything, while the third shares only enough to qualify for sysplex licensing. (An IBM-invented game.) This arrangement is far from ideal, but the two birds-of-a-feather share RACF while the odd man out has his own non-shared database. It's been working OK for several years. . . . J.O.Skip Robinson Southern California Edison Company Electric Dragon Team Paddler SHARE MVS Program Co-Manager 626-302-7535 Office 323-715-0595 Mobile jo.skip.robin...@sce.com -----Original Message----- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Elardus Engelbrecht Sent: Wednesday, July 29, 2015 12:07 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: Different Security Products in a Sysplex Givens, Dennis W. wrote: >I have been asked if both RACF and Top Secret can run on different LPARs in >the same parallel sysplex. I recall that NO that is not permitted but am >having trouble finding where it is written. It could be possible as long each database of each security system is *NOT* shared by more than one LPAR. You can only share ONE RACF DB in a Sysplex. Other LPARs can also share the same database or use their own *NON-SHARED* RACF database. What I wrote in previous sentence is *only* about RACF. I'm not sure how you could use different security products in one Sysplex, I also lost my sources [1] about this, but I believe you should setup standards for each LPAR and ensure nothing is shared at all - GRS, catalogs, security DBs, volsers, etc. You may have trouble managing your JES2/3 + HSM + SMS + Tape management resources across those LPARs using different security systems and standards as enforced by them. I may be wrong, but I have been in a Sysplex where each LPAR is having own RACF DB (only RACF in all LPARs) and that is already a dangerous, but manage-able minefield. [2] In fact - Sysplex is just this - sharing resources across LPARs - RACF or TopSecret, JES2/3, HSM, SMS, GRS/MIMS, Catalogs, volsers, etc. You could post your questions on RACF-L, I certainly know that there are good gurus who successfully converted from one security system to RACF. They would have a lot to tell you what to do... Good luck. Groete / Greetings Elardus Engelbrecht [1] - Google does not help me here - too much false search results... [2] - I eventually got standards the same across all those LPARs and then have one after the other LPARs move over to one *shared* RACF database in the Sysplex. Eventually all unshared databases were deleted. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
