Db2 z/OS Source Prerequisites

The IIDRClosed IBM Infosphere Data Replication. This is a solution to efficiently capture and replicate data, and changes made to the data, on relational source systems. Used to move data from DataBases to the In-Memory Data Grid. Db2 z/OSClosed A relational database management system that runs on the IBM® zSystems platform. A relational database is a database in which all of the data is logically contained in tables. These databases are organized according to the relational model. agent can be installed on a remote Linux machine without a need to install any IIDR software on the z/OS machine itself.

However, there is a need to create users on a z/OS machine itself in order to ensure a transparent connectivity of the IIDR z/OS agent to the Db2 on z/OS.

The recommended approach is to create two different users on a z/OS side with each having a different set of privileges, as outlined in the table below:

User # User Type User Name Privileges Usage
1

IIDR Administrator User.

Does not need to be used to run CDCClosed Change Data Capture. Primarily used for data that is frequently updated, such as user transactions Replication.

GSHI Owns an extended set of privileges. All of the privileges for installing the external stored procedure.

Required for IIDR agent configuration during the installation process.

Only used one time during the setup phase. Owns an extended set of privileges.

2

IIDR User for Continuous Operations.

CDC Replications User.

GSLO Required for ongoing IIDR Agent operations only. Does not require any privileges for installing the external stored procedure. Ongoing IIDR Agent operations.

A CDC Replication instance can be created with using the User ID that has the most privileges and then reconfigured with the user ID that has the least privileges.

GSHI User Prerequisites

  • TSO logon

  • OMVS logon

  • Read (r) and write (w) access to the OMVS /tmp directory

  • ALTER access on a high-level qualifier

  • UPDATE access on the catalog

  • READ access on SCEELKED (often CEE.SCEELKED)

  • READ access on SCEELKEX (often CEE.SCEELKEX)

  • READ access on SCEECPP (often CEE.SCEECPP)

  • READ access on SYS1.CSSLIB

  • UPDATE access on an APF-authorized library unless you use the staging configuration option

  • UPDATE access on a staging library if you use the staging configuration option

  • READ access on subsystem.WLM_REFRESH.wlm_environment_name in CLASS(DSNR) where subsystem is the Db2 group or Db2 subsystem ID and wlm_environment_name is the WLM environment for CDC Replication

  • For Db2 database required privileges for the user GSHI, refer to Db2 ZOS Schema Privileges

Generic Prerequisites

Name Description
hostname

The hostname or IP address for the Db2 for z/OS system. The host name can be either a host name or an IP address. This host must be accessible from the Linux machine where IIDR z/OS agent is installed.

name (LOCATION)

The Name field is the location name of the Db2 instance. Please provide the Db2 location name. The location (LOCATION) and corresponding TCP/IP port for database connections (TCPPORT) can be obtained with the Db2 command -DISPLAY DDF.

Db2 Port Db2 port - the TCP/IP port number for Db2 database connections. This can be either an unencrypted port or a port with TLSClosed Transport Layer Security, or TLS, is a widely adopted security protocol designed to facilitate privacy and data security for communications over the Internet. A primary use case of TLS is encrypting the communication between web applications and servers. encryption.
SSH Port SSH must be configured to allow remote connections from the system where IIDR will be installed, except when choosing the manual configuration option. The IIDR automatic configuration will transfer files with SFTP and execute the LINK command using the tso utility through SSH. Please provide the TCP/IP port number for SSH (default is 22).

Configuration User

(GSHI)

This could be the existing user account of the person who will be the IIDR administrator. The account does not need to be that of a TSO interactive user but requires the ability to issue TSO commands through SSH. This user ID will also be used as the product’s schema within Db2, which will need to exist beforehand.

IIDR will copy pre-compiled object modules onto z/OS using SFTP (over SSH) into a temporary partitioned data set under the IIDR user’s high-level qualifier. IIDR will link-edit the object modules to create the load module for the external stored procedure into the specified WLM load library.

IIDR will refresh the WLM environment after creating the external stored procedure. The IIDR user must be granted permission to execute the SYSPROC.WLM_REFRESH stored procedure with the WLM environment.

Continuous Operation User (GSLO) For continuous operation, IDR only needs access to Db2.

WLM (Workload Manager) Special Prerequisites

IIDR will remotely install and execute an external stored procedure. The stored procedure will run in a Workload Manager (WLM) environment.

The WLM environment must be dedicated to a single instance of IIDR to avoid interactions with other applications.

The WLM environment can be created by following the Db2 documentation. Please provide the name of the WLM environment.

OMVS access and segment need to be granted to user GSLO and create a home directory.

Process

  1. Create a new WLM environment (POM.M.12)

  2. Define the RACF resource DB2.CDBG.gscdcenv uacc(READ) class(server)

  3. Give the permission to DB2.CDBG.gscdcenv to default STC user

  4. RACF refresh the CLASS

  5. Create the JCL procedure in the relevant PROCLIB

    @ USER.Z24C.PROCLIB(GSCDC1)
    DB2.DBCG.GSCDCENV
    
  6. IIDR cannot start the WLM environment. Use the VARY command to start (resume) the WLM environment.

    /v wlm,applenv=GSCDCENV,resume
    /d wlm,applenv=GSCDCENV

APF Authorized Libraries Prerequisites

The WLM address space must be APF-authorized. The JCL for the WLM address space must have an APF-authorized load library in its STEPLIB concatenation and the library must be created prior to configuring the product. Also, the user ID under which the WLM address space runs must be granted EXECUTE permission to that load library.

For ease of use, provide the fully-qualified name of the APF-authorized load library to the IIDR administrator (GSHI). The product will automatically update the stored procedure’s load module in that library and refresh the WLM environment as needed. No administrative steps are needed on z/OS or Db2 with new maintenance - the updated stored procedure will be in effect immediately. The user credentials are stored on disk and must be protected from unauthorized access since writing to an APF-authorized library is a powerful capability.

For added security, provide the fully-qualified name of a staging library to the IIDR administrator. The product will update the stored procedure's load module in that library but will fail to start. The IIDR administrator will need your help to copy CHCRLRSP from the staging library to the APF-authorized library associated with the WLM environment. The IIDR administrator will be able to start the product after the copy is complete. This manual copy step will be required every time the IDR administrator applies a patch to IDR.

 

APF authorized libraries dynamically or permanently (in PROGxx)

/setprog apf,add,dsname=G00.IIDR.LOAD,volume=GWK001
/setprog apf,add,dsname=G00.IIDR.LOAD,SMS

OMVS Access

Verify OMVS access to the user GSLO.