We do synchronization of password changes for a subset of our users using some home grown exits. If a user is in a particular "VM" RACF group on z/OS, the exit kicks off a z/OS batch job step that essentially does a remote call to each of our z/VM systems to invoke a script to make the password change there.
User adds/deletes are still manual, but we have an administrative process to trigger this and a web front end that can issue the RACF commands to add/delete the user to all of our z/VM LPARs at once. Technically, sharing databases between z/OS and z/VM is possible, but I've always been informed by IBM to avoid doing this. There are also asynchronous things you can do like use some of the RACF unload/load utilities periodically, like via a nightly process. I haven't look into it, but I know we also have some vendor synchronization software to sync RACF z/OS and Active Directory. Not sure if they have a module for interfacing with z/VM. Recently with the newer z/VM versions you also have LDAP overlay of some RACF data. Haven't researched all of the current functionality but guessing at some point that will allow a remote interface to do add/delete/password sync. __________________________________ Tom Stewart Infrastructure Analyst John Deere - z/OS Support Services em: [email protected] __________________________________ -----Original Message----- From: Linux on 390 Port [mailto:[email protected]] On Behalf Of Ayer, Paul W Sent: Thursday, June 04, 2009 10:22 AM To: [email protected] Subject: zVM RACF database synchronization Good morning all, Today we have many zVM systems to using RACF that are all stand alone across our data centers. These zVM are to support our zLinux guests. Is there a way to have the RACF databases (adds, deletes, password changes) kept in sync between all of the zVM's on our network? Is anyone doing this? We have been told that our zOS and zVM databases can not be connected at all so we have not even looked into that. Has anyone done this? Thanks, Paul ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
