I’m a bit curious about the no-datasharing advice. The history of sysplex here is that before sysplex, there was literally no sharing of *anything*. Even DASD was genned as non-shared even in the same glass house. Pretty extreme I suppose, but security admins were altogether unaccustomed to refreshing 'other systems' because there were none. Moreover, an intricate RYO enterprise-wide security mechanism that everyone relied on had no provision for refreshing any system other than the one where an update command was issued.
We implemented sysplex by splitting existing systems into multiple members, so for us datasharing was crucial to maintaining business as usual: no new refresh actions required. This has worked well on our bronzeplex, where two systems out of three data-share RACF. If all the RACF systems in a sysplex use the same database, what problems are likely with sysplex datasharing? . . . J.O.Skip Robinson Southern California Edison Company Electric Dragon Team Paddler SHARE MVS Program Co-Manager 626-302-7535 Office 323-715-0595 Mobile [email protected] -----Original Message----- From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of Bruce Hewson Sent: Friday, July 31, 2015 9:45 PM To: [email protected] Subject: Re: Different Security Products in a Sysplex Hi, Yes, you can run multiple Top-Secret and multiple RACF environments in a single SYSPLEX. For multiple RACF environments it is best not to do SYSPLEX DATASHARING - just remember you need to REFRESH manually on all systems after change. Commands issued from TOP-SECRET systems via MVS ROUTE will fail on RACF systems. This is happening today in multiple sysplexes. Regards Bruce ps: and these systems are GDPS-PPRC / GDPS-XRC enviroments (or whatever latest marketing names are). ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
