How do I authenticate to and within MVCM?

Version 1
    Share This:

    This document contains official content from the BMC Software Knowledge Base. It is automatically updated when the knowledge article is modified.


    PRODUCT:

    MainView Console Management for zEnterprise - Base



    DETAILS:

    Regarding connection and loggin in, there are 2 basic layers to the MVCM product:
     

       
    1. The part that manages 3270 terminal connections to the mainframe is called Console Consolidation. When you pop up a full 3270 window as in the screenshot below you are talking directly to a Console Consolidation server ("CCS").
    2.  
    3. The part that provides the scrolling message window and more is called Automation. The Automation viewer window in the screenshot is talking to an Automation server, that server in turn connects to multiple CCS servers to get the console messages.
        
    There is a way to configure our CCS component to work with consoles configured to require RACF login: in the Console Consolidation server configuration at the Edit Session level there is an Input Options tab. On the Input Options tab you must first enable the "Keyboard Lockout" option, then enable an "Interact with RACF security" below that, then save the session and server configuration, then restart that CCS server.
     
    With this turned on the CCS server only allows 1 client connection to send commands: any time a different client wants to have control this kicks off a process in which the CCS server does screen clears and LOGOFF commands to get the mainframe to put the login fields in the console command area. Only then is that second client allowed to send input starting with his username/password at the RACF prompts.
     
    You can try this. Up till now every customer that has taken a look at this product feature has wound up not using it because  
       
    1. MVCM has pre-authenticated the users before they even see console data
    2.  
    3. MVCM has an option to enabled console command logging ("Enable Command Auditing" on the CCS Logging tab) that provides an audit trail of who did what commands when
        
    If you wish to use this option it conflicts with sending in commands via Automation so  
       
    1. In the viewer configuration you should disable the viewer input area ("Edit Viewer", "Layout", un-check "Show Command Panel"). Operators must pop up the 3270 window to interact with mainframe security and send in commands
    2.  
    3. Since only humans are allowed to send commands you can't write any automation rules that send commands to the console from the automation server, for example to automate an IPL or shutdown

     


    Article Number:

    000173812


    Article Type:

    Product/Service Description



      Looking for additional information?    Search BMC Support  or  Browse Knowledge Articles