Before executing an action command, SHC-OSD checks the configuration of the storage volumes to prevent incorrect operation. Action commands are executed for detached and non-generated units only if this was expressly permitted by means of appropriate security settings.
The basic setting is “secure mode”: action commands are only executed for attached units. They are not executed for devices which are detached or not generated.
Action commands on which a security check is performed
Command | Function |
Activates a clone pair | |
Activates a snap pair | |
Interrupts remote copy mode | |
Changes the processing mode and remote copy parameters | |
Re-creating a clone pair | |
Reconstructs an original from a clone unit | |
Reconstructs an original from a snap unit | |
Resumes remote copy mode | |
Sets the access path to the data of a remote copy pair | |
Creates a clone pair | |
Creates remote copy pairs | |
Creates a snap pair | |
Cancels a clone pair | |
Cancels a remote copy pair | |
Cancels a snap pair | |
Swaps a clone pair | |
Swaps a remote copy pair |
Default setting
By default, actions are permitted for attached units only.
The presetting for this is set in the SHC-OSD parameter file (see "Configuration of SHC-OSD"). The security settings can be changed with /MODIFY-SHC-PROCESSING during ongoing operation (see also "MODIFY-SHC-PROCESSING Changes settings of SHC-OSD").
For these security settings there is a global, cross-task parameter (SYSTEM-ADMIN-SCOPE, parameter file and command) and a task-specific operand (TASK-ADMIN-SCOPE, command only).
Changes to the security setting are logged at the console. The task-specific settings remain valid until the next /EXIT-JOB or /LOGOFF.
If no setting is made for the current task, the global default setting (SYSTEM-ADMIN-SCOPE) is assumed.
The setting for logging state changes at the console is independent of the global settings and can be changed using the STATE-CHANGE-POLLING=*PAR(SELECT-DEVICES=*ALL/*ATTACHED) operand of /MODIFY-SHC-PROCESSING.
Actions for detached units
The presetting for this is set in the SHC-OSD parameter file (see "Configuration of SHC-OSD"). It can be changed with /MODIFY-SHC-PROCESSING during ongoing operation (see also "MODIFY-SHC-PROCESSING Changes settings of SHC-OSD").
For this, the SYSTEM-ADMIN-SCOPE parameter deploys the DETACHED-DEVICES=REJECT/ACCEPT setting.
The global default setting can be overridden by a task-specific setting:
TASK-ADMIN-SCOPE=*PARAMETERS(DETACHED-DEVICES=*ACCEPT / *REJECT)
Only if units are attached is it possible to check whether a disk formatted for BS2000 is being used by another system at the same time.
Actions for non-generated units
The presetting for this is set in the SHC-OSD parameter file (see "Configuration of SHC-OSD"). It can be changed with /MODIFY-SHC-PROCESSING during ongoing operation (see also "MODIFY-SHC-PROCESSING Changes settings of SHC-OSD").
For this, the SYSTEM-ADMIN-SCOPE parameter deploys the NOT-DEFINED-DEVICES=REJECT/ACCEPT setting.
The global default setting can be overridden by a task-specific setting:
TASK-ADMIN-SCOPE=*PARAMETERS(NOT-DEFINED-DEVICES=*ACCEPT / *REJECT)
If the security functions are not used, users should consider the possible impact of actions on other systems that are also using a given disk. Use of these functions is the responsibility of SHC-OSD users.
Selection with command input
If the serial number of a storage system and the internal device number are specified in the command, the following entry affects both generated and non-generated units:
LOGICAL-VOLUME=*ALL-SOURCE-UNITS/*ALL-TARGET-UNITS
SHC-OSD responses
The rules governing how SHC-OSD responds to certain security settings and how units are configured for commands that trigger local and remote replications are described below.
The following general rules apply
If the unit is changed by the action, it must be attached.
If it is not attached or not generated, the appropriate security level must be set.
Note
In secure mode the local mirror units must always be attached, the normal or original units only when they are being modified.
If the local or remote mirror units are to be renamed, they must be generated and attached.
Following releases for the local or remote mirror units, no implicit
/UNLOCK-DISKcommand can be executed internally to remove system assignments of the unit if it is not attached.
Displaying units
Default setting
In SHOW commands
*BY-VOLUME / *BY-PUBSET / <alphanum-name 2..2> / <x-text 4..4>displays only generated units.In SHOW commands
UNIT=*BY-SYMMETRIX/*BY-STORAGEdisplays all selected units of the storage system that are generated.Only state changes to attached storage system units are displayed on the console (
NDE0xxxmessages).
The display default settings for the SHOW commands can be changed using /MODIFY-SHC-PROCESSING DEVICE-PRESELECTION=*ANY or by specifying the SELECT=*BY-ATTRIBUTES (DEVICE=*ANY) operand in any SHOW command.
The default setting for console display also can be changed using /MODIFY-SHC-PROCESSING.
The following setting also displays state changes of non-generated and detached units:
/MODIFY-SHC-PROCESSING STATE-CHANGE-POLLING=*PARAMETERS(SELECT-DEVICES=*ALL)