System requirements are: z/OS 2.x RACF (each stand) DB2 V9 up LE370

The effort is about one 1/2 day each for a system programmer, a DB2 administrator and an RACF administrator. All tasks to be performed are generated by a dialog and the result must be implemented by the employee. Each step is explained. After the next IPL, the monitor is available.

no. This software is designed for RACF on z/OS computers.

None.

Naturally.  

no. The evaluation of the data can be carried out on any z/OS system that meets the system requirement DB/2. So it can also happen on a sandbox system away from production.

low. We haven't used any customer to spend more than 60 CPU seconds per LPAR per LPAR, even though the number of RACHECKS was close to a billion.

This depends on the amount of data and the amount of changes to the RACF database. It goes from a few minutes with minor changes to the RACF database to 60 minutes for volatile databases. It shouldn't be any more than that. However, the charging process is completely time-independent and can run outside any peak time.

All security checks that run through the IBM RACF exits. This means that it is even possible to collect and evaluate the accesses to your DB2 databases if the setting is appropriate. As of release 3.1 also all RACF commands collected at the RACF Command exit.

A program accesses a resource. The protection of the resource is done by a global specification, a profile. Any change in the existing RACF database by inserting or deleting a profile can change this connection resource profile. In order to perform an evaluation, this connection must be recalculated in case of change. Without this relation, no DB/2 evaluation can be performed. With DB/2, it is very easy to calculate multiple connections between users, roles, groups, profiles, and resources. Since the number of resources and profiles is very high, the calculation is extremely minimized by our approach. Our data model supports us in this. And this is unique in opusR Monitor.

no. So far and for the foreseeable future.

no. Performance and cost studies have shown that moving the batch to the unused time on z/OS saves CPU costs. These costs are usually counteracted by a processor rental on server systems, which is load-independent. This may be different in individual cases.

The data will only be used for administrative purposes. Therefore, the access information is stored without the access time (time). A concrete evaluation of the performance of employees is therefore excluded. It must be agreed with the works council and the data protection officer whether there are objections to the use of the data. Excerpt from the BSI M 2.40: All measures which, in principle, make it possible to monitor the behaviour or performance of employees, e.g. logging, require the co-determination of the staff representatives. Measures that are likely to enable an employee to monitor the behaviour or performance of an employee require the co-determination of the staff representation.

You can select information with several thousand selection criteria using DATASET, USER, GROUP, GENERAL RESSOURCE, Condensed USAGE, Job USAGE, COMMAND with several thousand selection criteria. From each selection it is possible to further select, reduce, expand. We have made every data in the data warehouse selectable and any further processing from it. You can turn each of these displays into a report that brings their queries back in batch. If you don't have a report that can be done with the available data: ask us.

On the further processing of data we have in Rel. 3.1 very special value. You can output the data to different platforms. The default is the output to dataset on the host. We also support the issue on USS. If you have mapped a USS drive to your network, you can edit the output immediately in Windows. Then, of course, translated in the right character set. And as a third option, if you are authorized to do so, you can send via mail as an attachment. The formats of the output we support are: List, XML, CSV, Excel is in preparation.

Naturally. We will be happy to provide you with a trial installation for 6 weeks.

We license individual sysplexes. So you don't have to expect any additional costs for a CPU upgrade.

Of course, we like to.