Warnings regarding volume security for mainframe – HP XP P9500 Storage User Manual
Page 144
Warnings Regarding Volume Security for Mainframe
This section provides specific warnings and advice related to security settings.
WARNING!
1.
Do not apply security to volumes on which any job is running. If you apply security to such a
volume, the job may end abnormally.
2.
When applying security, make sure that your security settings are correct. If incorrect security
settings are made, the system will be difficult or impossible to control.
3.
If the CPU of a mainframe host is upgraded after you apply security settings, you must execute
the system command "D M=CPU" at the mainframe host to obtain the latest information about
the host. Next, you must use the latest information to update host information in the
Add/Change Host dialog box. If you do not update host information, the system will be
impossible to control.
4.
If the port level security is applied to a configuration that has alternate paths, set the port level
security to all ports including alternate paths. If the port level security is not set to alternate
paths, jobs end abnormally on alternate paths.
When making security settings, it is important to be aware of these admonitions.
•
If you are using P9500 copy software (Continuous Access Synchronous Z (Cnt Ac-S Z),
Continuous Access Journal Z (Cnt Ac-J Z), Business Copy for Mainframe (BC Z), and Compatible
FlashCopy or FC Z): When you use Volume Security for Mainframe to make security settings,
you must register the primary volume, the copy source, and the secondary volume, copy
destination volume, in the same LDEV group. For details on how to register volumes in LDEV
groups, see
. If you apply security to a primary volume and a secondary volume of
a pair of Volume Security for Mainframe copy software, some or all mainframe hosts might
be unable to read from and write to the primary volume and a secondary volume. However,
the copy operation will be performed normally and the data will be copied from the primary
volume to the secondary volume.
If you register a primary volume or secondary volume in a security group and then make a
setting for preventing the volume from being used as a secondary volume, this setting will take
effect after the pair is split.
Mainframe hosts cannot access volumes in pool groups. If a volume in a pool group is specified
as a primary volume, the pair creation command might fail.
In the P9000 Continuous Access Synchronous for Mainframe Systems User Guide, primary
volumes (copy source volumes) are often referred to as M-VOLs or main volumes. Also,
secondary volumes (copy destination volumes) are often referred to as R-VOLs or remote
volumes.
In the P9000 Business Copy for Mainframe Systems User Guide, primary volumes (copy source
volumes) are often referred to as S-VOLs or source volumes. Also, secondary volumes (copy
destination volumes) are often referred to as T-VOLs or target volumes.
•
When the license key for the Volume Security for Mainframe program product expires, the
volume setting that cannot be used for a secondary volume (copy target volume) becomes
invalid. After that, the volume can be used as a secondary volume in Continuous Access
Synchronous Z and Continuous Access Journal Z.
•
When security is applied to the volume for a command device, copying from a primary volume
to a secondary volume is performed normally. However, when the port level security is applied
to the volume for a command device, a copy operation that uses the Business Continuity
Manager command can be performed only from a port for which access was permitted.
•
If you are using Virtual LVI/LUN (VLL) volumes: If you apply security to a VLL volume, you will
be unable to change the VLL settings on the volume. If you want to change the VLL settings,
you must use Volume Security for Mainframe to disable security on the VLL volume.
144 Protecting volumes from I/O operations