Preparing zFS for platforms

Before you can create and deploy a platform, you must configure your platform home directory in zFS. Create a dedicated file system, set up the file system security, and set up FTP security for access from CICS Explorer®.

1. Create a z/OS UNIX file system data set to use as the zFS platform home directory.
   This is a dedicated file system for use by all CICS regions in the platform. The default platform home directory is /var/cicsts/CICSplex/platform1, where CICSplex is the name of the CICSplex where the platform will be installed, and platform1 is the name of your platform.

   As a best practice, keep this default.If you use a different directory as the platform home directory, you must change the platform bundle to specify the alternative directory name after you create the CICS Platform project. You do this in the CICS Explorer platform descriptor editor.

   1. If you use non-shared zFS, mount the data set onto /var as /var/cicsts, as a read-write file system.
   2. If you use a shared file system in a multi-system (LPAR) environment, mount the data set onto the root file system (/) as /cicsts, and then for each system that requires access, create a symbolic link from /var/cicsts to the shared /cicsts directory.
   3. If you have a multi-system or cross-sysplex environment where file systems cannot be shared between all the systems, duplicate the structure that you set up for the platform home directory in each of the zFS file systems. Make sure that the contents of the platform home directory are duplicated to each of the zFS file systems whenever you export a platform, application, or CICS bundle. You can repeat the export process in CICS Explorer and select the appropriate z/OS connection for each individual file system.
   4. If the directories do not exist, create the /var/cicsts/CICSplex and /var/cicsts/CICSplex/platform1 subdirectories.
      If you use CICS Explorer, these directories are created for you.
2. Set up file system security.
   This file system security ensures that all CICS regions in the platform, including the CICSPlex® SM CMAS regions, can read the bundle files in the platform home directory.
   1. Change the owner of the directories in /var/cicsts to the user ID that is used to create the bundle files.
   2. Change the group ownership of the directories in /var/cicsts to a group that all the CICS regions in the platform belong to.
   3. Give the owner of the directories read, write, and execute permissions, and give the group read and execute permissions.
      For example, rwxr-x---.
   4. Optional: If write access is required by multiple administrator user IDs, or read access is required by different groups, you can use UNIX System Services (USS) access control list (ACL) entries to add group or owner permissions. You can achieve this by activating the FSSEC resource class and by using the setfacl command.
3. Set up FTP security.
   This level of security ensures that bundles that are exported from CICS Explorer can be written to the platform home directory on zFS, and read by all the CICS regions in the platform.
   1. Set the file mode creation mask for the z/OS FTP daemon to ensure that the owner has write permissions and the group has read permissions.
      To configure this, use the UMASK statement in the FTP.DATA configuration file.
   2. Optional: If you are also using ACL entries to control security, ensure that the default ACLs are inherited from the zFS platform home directory, for example /var/cicsts/CICSplex/platform1, where CICSplex is the name of your CICSplex and platform1 is the name of your platform.