David
I'm paying attention here mainly because VTAM is mentioned.
I wonder exactly what the concern of your "VTAM guy" is. I don't believe
there are any timing specifications under VTAM control which can affect
established sessions[1]. There is only one which can affect idle
connections, the DISCNT operand of the PU statement.
Thus you are going to have to resolve this problem application by
application.
If your "VTAM guy" is concerned about the number of resources tied up
supporting your CICS and TSO applications, he - or she I guess - could be
sure only to define resources when they are needed. If the SSCP-dependent
LUs are supported on platforms which connect over media which requires the
use of switched procedures in VTAM, the VTAM exit which supports the dynamic
definition of adjacent link stations along with the SSCP-dependent PU can be
used. This is the ISTEXCCS, the so-called "configuration services", exit.
Then, in order to support only active SSCP-dependent LUs and assuming the
platform supports the function, the ISTEXCSD, the "dynamic definition of
dependent LUs" exit, can be used.
That's the best I can do. I can't help if the sessions are there but the
keyboard is untroubled.
Chris Mason
[1] Unless they are LU type 6.2 sessions where it's *conversations* which
count rather than sessions and so there is an operand, LIMQSINT, of the APPL
statement with APPC=YES (that is, *not* CICS, note) which can be used to
terminate sessions which are not supporting conversations after a delay -
assuming the sessions pass over at least one link which has indicated it
would like not to be kept active when idle, normally indicated with the
LIMRES=YES operand of the PU statement or equivalent on SNA platforms other
than VTAM.
----- Original Message -----
From: "David Speake" <[EMAIL PROTECTED]>
Newsgroups: bit.listserv.ibm-main
To: <[email protected]>
Sent: Monday, June 18, 2007 6:20 PM
Subject: CMS/DOD idle connection requirements
Can anyone point me to the actual government documents (CMS and DOD)
pertaining to the security requirement for unattended (15 minutes)
connections.
There are two interpretations here:
1) kick the user completely out (CICS TSO)
2) require the user to enter a (Secure Serve Validated) password to
continue.
The first may be difficult/expensive machine/software wise.
The second is monstrously disruptive to the session user.
Have these issues been addressed with IBM - CICS/TSO?
My VTAM guy tells me idle LU's are also a concern.
My concern is productivity of 4 or 5 hundred TSO users and several
thousand
CICS users.
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
