S 4.208 Protecting the start process of z/OS systems

Initiation responsibility: Head of IT, IT Security Officer

Implementation responsibility: Administrator

The start procedure of a z/OS system starts with the IML procedure (Initial Microcode Load), continues with the IPL procedure (Initial ProgramLoad) of a z/OS operating system, up to the start of the individual System Tasks. The following information should be taken into account for the start procedure:

IML and IPL parameters

The IML and IPL parameters must be known to the operating personnel. Up-to-date documentation must be present.

Fallback configuration

A fallback configuration must be available at all times. The fallback configuration must have been used to successfully start the system prior to the most recent modification.

IOCDS file

There must be a valid IOCDS file (Input/Output Configuration DataSet) in the HMC dialogue (Host Management Console) that can be used to start the system.

LPAR

The system to be started must be configured as LPAR (Logical Partition) on the zSeries hardware and configured accordingly.

MVS master console

There must be an MVS master console (Multiple Virtual Systems) so that the messages can be checked during the NIP phase (Nucleus Initialization Program). Additionally, a backup console must be defined which the Master can be switched to automatically if the normal master console is not available for technical reasons (see S 4.207 Use and protection of system-related z/OS terminals).

Automation procedures

If automation procedures are being used, there must be documentation detailing which system tasks must be started in which sequence. The required commands must be documented as well in order to be able to compensate possible automation errors (or even a complete failure) at least partially.

Completion of the start procedure

At the end of the start procedure, a message should be displayed indicating that the start procedure is complete.

Checklist

There should be an up-to-date checklist that can be used to check the system status after the start procedure. The check ensures that the z/OS system has been activated as designed without any errors (target-actual comparison). If there are automation procedures, functions from these procedures may also be used to this end.

Review questions:

• Have the current IML and IPL parameters been documented and are they known to the operating personnel?
• Are an MVS master console and a backup console available in order to check messages during the start procedure of the z/OS system?
• Has a backup console been defined in the z/OS system which the master may be switched to automatically if the normal master console is not available?
• Is a message displayed at the end of the start procedure indicating that the start procedure of the z/OS system is complete?
• Is there an up-to-date checklist that can be used to check the system status upon the start procedure?