|
Real-Time Change Management in z/OS
Other Change Management products are mainly electronic
paper and have no capability to prevent unauthorised
and undocumented changes from being made. This can lead to huge delays and
use of resources when trying to locate the cause of a problem that resulted
from an undocumented change.
Unlike other change management products, eventACTION does
not require the use of specific tools to make changes. It works transparently
regardless of the tools used, so that all changes made are tracked, providing
a comprehensive picture.
eventACTION and ussACTION provide:
·
Change event tracking including,
·
A Scan function that quickly shows what
changes have been made to selected resources over a defined period
·
Statistics showing who changed what, when and
how
·
Backups for the critical and/or important
resources
·
An easy Compare feature to determine what was
changed
·
The event tracking process cannot be bypassed,
even if the eventACTION Started Task is stopped
·
Change Control function provides direct
real-time multi-level control over MVS Datasets/Members and zFS or HFS
Directories/Files.
·
Control Options include:
·
Change Request required,
·
and single or multiple Authorization required,
·
and Scheduling Window required for the change
to be made
·
Changes can no longer be made unless the
requirements governing the Dataset/Member have been fulfilled
·
Prevents unauthorized users and/or programs
from making undocumented changes
·
Documents all changes including the Change
Request and Authorization
·
Improves security by advancing the level of
control to the dataset member level
·
The Compare feature easily determines what was
changed
·
Recovery of Datasets/Members to the point of
loss, whether due to damage or deletion
·
Has full reporting suite for various Support
groups and Management, including email for non-TSO staff
Command Tracking and Control Component, can track, control & log MVS operator
commands, which are issued from operator terminals, TSO, batch, or
started tasks.
·
The flexible command definitions include masking, can authorize commands by user and location.
·
Particularly useful for managing the use of
‘SET’, ‘HCD’, and $P type commands.
·
The Command Manager log can be browsed instead
of syslog, to enable a quick search with multiple
selection criteria such as Program, who, console, date/time, etc.
·
The Command Manager log can be
‘printed’ using the Report feature.
Business Product
Specifications and Requirements
Tracking of Changes
Track authorized & unauthorized changes to system
data sets
eventACTION can protect and
automate the management, tracking, and controlling of all changes in the z/OS
system environment.
Product must handle tracking changes cross-LPAR and
cross-SYSPLEXes that access shared DASD
The eventACTION database can be fully shared by the
eventACTION product running on multiple z/OS systems in a shared DASD
environment. Thus eventACTION can track changes across LPARs and SYSPLEXes
that access shared DASD.
Track changes to PDS, PDSE, sequential, VSAM, binary
or text
eventACTION’s tracking and
control support the following z/OS system data set organizations: PDS, PDSE,
sequential, VSAM, and DA, as well as Panvalet and Librarian. Under z/OS Unix
System Services (USS) eventACTION supports HFS and zFS files.
Track dynamic changes made using console commands
eventACTION's Command Tracking
allows you to log/track Operator Commands. The commands can be any system
commands or the operator commands for any subsystem such as JES, IMS, CICS,
etc. In particular the use of the "SET" command can be tracked.
As well, the Dynamic Data Set Definition Facility allows
you to track dynamic changes to the key in-storage lists maintained in a z/OS
environment. These lists include the APF list, the LPA list, the LINK list
and the PARM list. As data sets within these lists change, eventACTION tracks
changes to the revised list of data sets.
Track changes to USS files and file systems down to
file level
The component ussACTION provides automatic change and
reference tracking for USS directories and files down to the file level.
Have the ability to define user groups (i.e. DBA,
CICS, storage, etc.) with multiple products for each and be able to restrict
entries by group and/or products individually
eventACTION’s full masking
capability allows you to easily group together resources which have the same
tracking and control requirements. Using a combination of OID and User Group
you can setup rules to group resources, masking
allows flexibility of definition including sub-groups. With the use of a
perpetual Change Request, changes can be restricted or allowed by group,
dataset, or even to member level.
Specify options for what to track and retention time
period both globally, by groups and down to a member level
eventACTION can track and control
resources at multiple levels. eventACTION tracks and
controls resources using either system wide defaults (global), or definitions
for groups of related or associated resources, or down to a member level.
Quickly be able to determine what changed and details
of when and how changed
The online and real-time “Scan Changes”
function provides the ability to quickly obtain information regarding the
changes that have been made to a data set or a group of data sets.
Information provided includes who made the change, what resource was changed,
when it was changed, what tool or process was used to make the change. As
well the specific details of the change can be displayed with the Compare
facility.
Track SVC changes
The eventACTION SVC update interface allows you to track
all changes made to the system SVC and ESR tables, including those made using
the z/OS SVCUPDTE facility and those made by code that directly changes the
SVC table. This facility helps you to understand the dynamic changes made to
a z/OS system where there are a large number of products from multiple vendors.
The facility can be very useful for problem resolution.
Interfaces with existing systems/software
Execute on z/OS 1.9 – 1.11 system with JES3 and
shared DASD, non-shared USS file systems
eventACTION supports any version
of z/OS supported by IBM, including the JES3 environment. eventACTION
can track non-shared DASD as long as the eventACTION database is shared.
Interface with tape system for storage of previous
levels with built-in ability to easily restore
eventACTION includes facilities
that can transparently back up data sets or members whenever a change is made.
Unique resource profile values can be defined which allow individual data
sets or members to have varying numbers of backup copies available. These
backup copies can exist on either disk or tape storage media, or any
combination of both.
Long-term backups are stored on tape. When a user wishes to
restore or recover backup data from a tape, eventACTION automatically builds
a restore job, which contains all of the information required to identify the
tape and the location of the backup data.
Ability to interface with ITIL compliant Service Center product. This is the choice for scheduling and
authorizing changes
eventACTION provides a
bi-directional interface to IBM's Info/Management change management function.
We have in development an API to Distributed products. Action Software would
work with client staff to implement the ITIL compliant Service Center product interface.
If no interface to ITIL compliant Service Center
product, minimally must be able to enter a cross-reference field to match up
with the ITIL compliant Service
Center product identifier
eventACTION’s change request process allows for user
defined data fields, thus a cross-reference field to match up with the ITIL
compliant Service Center product identifier could be defined.
E-mail interface to alert staff to authorized and unauthorized
changes that are made
With the Email feature of eventACTION even management and
staff, who don't have TSO access or who aren't regularly logged onto TSO, can
receive information from eventACTION. In particular, email messages can be
sent when tracked data is changed.
Web browser interface for management reporting
eventACTION does not have a web
browser interface. However, management reporting data can be extracted from
eventACTION. All of eventACTION reports can use the email feature to send the
reports directly to your desktop. Or you can use the External Language
Interface (ELI) to extract management data from the eventACTION database and
this data could be used as input into your general purpose reporting system.
Reporting
eventACTION has powerful reporting
features that allow the user to define custom reports for change and
reference activity to eventACTION defined resources.
Ability to group for control and reporting purposes by
functional group (i.e. DBA, CICS, MVS, etc) and by product within those
groups
eventACTION provides a series of
fixed output report types for which the user may specify various selection
criteria to customize the report output. With masking there is a great deal
of flexibility in the selection criteria to select by functional group, by
sub-group, by dataset and/or member name.
“Canned” and/or sample reports to answer
classic audit questions
eventACTION has sample reports.
Action Software has worked with our clients over the last few years to
customize (as required) the reports to meet the clients’ SOX compliance
requirements.
Ability to compare IPL volumes, data set product
libraries
eventACTION's batch compare
utility has the ability to compare IPL volumes and product libraries down to
the member level including load modules.
The compare utility within eventACTION is a file comparison
tool whose primary purpose is to indicate where differences occur between two
data sets. These data sets may be sequential, VSAM, partitioned or other library
organizations including Librarian and Panvalet files. When comparing
partitioned or library-type data sets, the members are processed individually
to indicate which members are different. Under batch, this utility is
extended to perform comparisons of multiple data sets residing on different
volumes, locatable by specific volume table of contents (VTOC) or through the
catalog. The data sets may physically reside at two different changeplexes.
Access
Two types of users require access to the data –
Mainframe Systems Engineers who actually use the product and write to the
tracking database, and auditors and others who might be interested in reading
the information about what changed
eventACTION has the facility to
accommodate the two types of users. Your Mainframe Systems Engineers would be
given the appropriate access to use the eventACTION features and facilities.
While users such as auditors would just be given 'read' access to view the
information about changes or who may be using a product. Users who have read
access can view the eventACTION data, however they
will not be able to view the actual data set or members unless they have read
access to the actual data set.
As well, some of your Mainframe Systems Engineers would be
eventACTION administrators. eventACTION can be
administered at two levels: globally and by Owner/Resource ID (OID). The
Global Administrator assumes overall control of the eventACTION product,
while the OID Administrator is responsible for administering tracking and
control options for a group of resources.
|
