Configuring the CIM server for your system

If your installation is using services that require the CIM server, see this section for additional considerations.

Some z/OSMF tasks require the Common Information Model (CIM) server to be running on the host z/OS® system. Using these tasks requires that you ensure that the CIM server is configured on your system, including security authorizations and file system customization.

Ensure that the administrator role is authorized to the CIM server

If your z/OSMF configuration includes tasks that require the Common Information Model (CIM) server to be active, you must ensure that the z/OSMF administrator group has the proper level of access to CIM server resources. In effect, the z/OSMF administrator is also a CIM administrator. CIM includes the CFZSEC job to help you perform these authorization tasks.

Before you run the CFZSEC job, make the following changes.
  1. Ensure that the first line in CFZSEC includes the appropriate information. Specify values for jobname, MEGCLASS, MSGLEVEL, and NOTIFY.
    //CFZSEC JOB CLASS=A,MSGCLASS=H,MSGLEVEL=(1,1),NOTIFY=&SYSUID
  2. Specify the CIM started procedure in the CFZSEC job. Find the following statement in CFZSEC, and verify that it uses CFZCIM as the started procedure name: 
    RDEFINE STARTED CFZCIM.* STDATA(USER(CFZSRV) GROUP(CFZSRVGP))
  3. Submit the CFZSEC job.
  4. After the job completes:
    1. If necessary, start the CIM server, by using the following command: S CFZCIM
    2. Your security administrator must connect the z/OSMF administrator user IDs to the CFZADMGP group.

If necessary, see the chapter on CIM server quick setup and verification in z/OS Common Information Model User's Guide.

Note: By default, the CFZSEC job issues an ALTUSER command under OMVS(UID(0). In some situations, the CFZSEC job might end with the error message: "Incorrect UID(0). This value is already in use by PDS." If so, edit the CFZSEC job and change UID(0) to UID(0) SHARED. For example: 
ALTUSER CFZSRV DFLTGRP(CFZSRVGP) OMVS(UID(0) SHARED +
   PROGRAM('/bin/sh') +
   HOME('/u/cfzsrv')) NOPASSWORD NOOIDCARD NOPHRASE
If your installation does not plan to run the CFZSEC job, your security administrator can perform these tasks manually, as follows:
  1. Grant the z/OSMF administrator group UPDATE access to the CIMSERV profile in the WBEM class. This access can be granted through an explicit PERMIT command, or, if the CIM administrator group is already permitted with UPDATE access, you can connect the z/OSMF administrator user ID to the group. If necessary, refresh the WBEM class.
  2. Ensure that the user ID under which the CIM server is running has SURROGAT access for the z/OSMF administrator group. If a generic BPX.SRV.** profile is already authorized in the SURROGAT class. No additional action is required. Otherwise, define a discrete profile for the z/OSMF administrator group and authorize it. If necessary, refresh the SURROGAT class.

These updates should be made before logging in to z/OSMF as the administrator.

Customizing the administrator role for running CIM commands

The CIM server commands are UNIX style programs that run in the z/OS UNIX shell. To ensure that the z/OSMF administrator can use the CIM commands, verify that the administrator role is properly set up for the z/OS UNIX shell environment, as described in this topic.

The file profile.add, which is included with the CIM server, provides the environment variables that you need to define for the administrator; see /usr/lpp/wbem/install/profile.add. If your installation used the job CFZRCUST from the installation SAMPLIB to customize the file systems and directories that are used by the CIM server, this setup is already done.

If your installation did not run the CFZRCUST job, you can perform this setup manually. Copy the contents of the profile.add file to the .profile file in the home directory of the z/OSMF administrator user ID. Modify the appropriate settings if you do not plan to use the defaults. The .profile file should be owned by the z/OSMF administrator; this person requires read-write-execute access to the file.

Or, you can use the following command to include the CIM profile settings during a shell session: . /usr/lpp/wbem/install/profile.add

Here, you must enter this command whenever the z/OSMF administrator logs in to the z/OS UNIX shell to run CIM command-line utilities.

Ensure that the CIM server is started

If your configuration includes a service that uses the CIM server, ensure that the CIM server is active on your system when using z/OSMF. You can verify that the CIM server is started by entering the following command from the operator console:
D A,CFZCIM
This example assumes that the CIM server runs as a started task that uses the default name CFZCIM.

If the CIM server is not already started, follow the steps that are described in z/OS Common Information Model User's Guide to start it. This book also includes information about customizing your CIM server start-up procedure and details on how to set environment variables for the CIM server.

It is recommended that you ensure that the CIM server is started automatically at IPL time. For information about customizing the CIM server startup, see z/OS Common Information Model User's Guide.