fred glenlake wrote: >We are going from one production lpar and one test lpar to two sysplexs, one >plex for production, one plex for test. Currently the RACF databases are >shared (yeah not ideal) but they will be split (prod and test on their own >databases) once we are sysplexed. >In preparation for the split and the new sysplexes I want to split up the >databases ahead of time. I am new to sysplexes so excuse the silly questions. >Currently my primary and backup RACF databases are on DASD, shared DASD >between prod and test. I am going to move them to non-shared DASD so prod >has its own databases and test has its own. In a Sysplex should the RACF >databases still reside on DASD that both sides of the sysplexes share (so both >prod lpars in the plex) or should they reside in the coupling facility or ??
Wait a moment please. First thing first - Do NOT share any RACF DBs across two or more Sysplexes. Ensure one and each Sysplex has its own set of RACF DBs. Each LPARs inside the Sysplex can share that RACF DB or just use its own RACF DB. I recommend that ONE RACF DB is used by all LPARs inside a Sysplex. From what you said, I believe the safest way is - Make an exact copy of the RACF DBs to be used on the other Sysplex. Say you have two RACF DBs (Primary and Backup) on Volser A and B. Copy them to Volser C and D and ensure that one Sysplex is using A and B and another Sysplex is using C and D. In this way you can have 'prod has its own databases and test has its own.' Then when everything is fine and you have IPLed and verified each Sysplex is using its own RACF DBs, now you can get rid of unneeded profiles as needed. About 'splitting' - IBM is using the word 'splitting' for RACF DB in another, but strange way. Let me explain. In your way of 'splitting', do not use IRRUT400 to do a 'split'. That type of 'split' by using IRRUT400 is just to spread out your profiles amongst more than one datasets inside a RACF DB, but all these datasets are used as ONE RACF DB (inside a Sysplex). That type of split is more for performance and resizing. In your scenario, the only way to 'split' is to make identical copy and then at each Sysplex, you can get rid of unneeded profiles from a LPAR inside that Sysplex. Say you have ids Prod1 and Test1 on both copies. Now you delete Prod1 on the test Sysplex RACF DB and also delete Test1 on the Prod RACF DB. When everything is in order and you can verify each Sysplex has its own RACF DBs, then you can setup your XCF so the XCF structures can be used. If you need guidance, please e-mail me privately or you can post on RACF-L for more guidance. >Are there any tools that will help me get to my end state, split up the >databases, report on the databases, etc.?? Normally I just use the RACF >utilities ICH***** but perhaps other sites use different tools I could look >into. zSecure (and Vanguard) can help you there, but to do make copies and setting up the ICHRDSNT and other modules, you need RACF utilities like IRRMIN00 (for templates), IRRUT200 (for making exact copies), IRRUT400 (to re-org the RACF DB indexes during copy), IRRDBU00 (for RACF DB unloads and reporting). Just ensure that all Volsers used by RACF are Non-SMS Volsers (DSORG=PSU) and of course not shared by both Sysplexes. For clarification: I have two Sysplexes. Prod and Sandbox. Each Sysplex has numerous LPARs, but each Sysplex has its own RACF DBs (Primary and Backup). These sets are on different Non-SMS Volsers and are not shared amongst the Sysplex. Each Sysplex RACF DBs are cataloged in its own Sysplex Master Catalogs. Each Sysplex has its own ICHRDSNT module. Think about 'isolating' or think about putting each Sysplex in separate prison cells where nothing is shared at all and you're a heavy handed guard taking no bribes at all. ;-) >Any suggestions, comments are most welcome. Post your questions on RACF-L. I'll check you out there. ;-) Groete / Greetings Elardus Engelbrecht ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
