Scope of Services

This objective of this service is to provide onsite technical support to assist the isolation and resolution of known performance and stability conditions concerning the CA-Top Secret security system and to establish a software-based monitoring tool whose results (which accumulate), may be used as part of a later, comprehensive effort to identify and remove obsolete entries within the CA-Top Secret security system database.

Security Troubleshooting

For two weeks each, senior consultants will perform problem diagnosis and isolation in four areas where conditions are known to exist which adversely affect the current CA-Top Secret environment.   These conditions are not deficiencies of the product as supplied by CA.  Rather, these conditions are the more likely the result of options or interfaces needing attention. In each of these four problem areas, problem diagnosis and isolation will be limited a best effort basis within the given timetable. Work will be closely coordinated with the CA Support center for CA-Top Secret. TSS traces and SVC-Dumps, initiated via the Operator or via SLIP-Trap commands, will be obtained and studied. IPCS dump analysis software must be available. IBM IIN (a.k.a. Advantis or ATT-Net) network access must be available. Resolutions will be implemented only as per client policies, schedules and practices.

1.       I/O: Excessive I/O appears to be occurring to the CA-Top Secret security file.  Diagnosis will be done to identify the most frequent requests resulting in I/O.  Once understood, the best options for I/O reduction will be identified.   TSS trace options will be enabled for very short periods (< l min) 

2.       DB2: Possibly related to both the known problems of performance and excessive I/O, it was observed that at least one DB2-related userid was performing an excessive number of signon requests each day (+100,000).  The cause of this seemingly excessive signon activity will be diagnosed and isolated as possible.    

3.       Performance: Overall security-file performance and file lock settings (specified via the TIMELOCK control option) will be examined.  Recommendations will be made based on findings.  Production problems have occurred whereby “security file locked” conditions have halted system processing.  The cause of these conditions will be diagnosed to the extent possible.

4.       CPF: A condition is known to exist whereby the Command Propagation Facility  (CPF) of CA-Top Secret fails after, what is termed, a backlog occurs.  Attempts will be made to diagnose this condition and identify its resolution.  Attempts will be made to reproduce this condition.

For each of the four problem areas identified above, a statement of findings and recommendations will be published within 5 days of the completion of onsite analysis.

 

Security Cleanup

Separate from the above activities, two man-weeks will be spent introducing a software tool named The Automated Security Administrator™ (TASA) that monitors the security system to identify obsolete entries within a security database. Implementation of the TASA software will be begun although full implementation will be left for BIGCO staff to complete. Training on TASA software will be provided to BIGCO personnel. Once established, TASA software will develop use dates for all or selected entries within the security database.  Usage dates for the entries within the security file(s) are expected to be a significant role in the later, separate, cleanup effort of the security file(s). Currently, the cleanup project is foreseen to primarily address the removal of unused/unreferenced, as well as duplicate, security file entries.   During this project task, further information concerning the overall cleanup plan will be solicited and documented.  This information will be used to separately prepare a complete proposal for cleanup.

Note that the TASA software is a separately available tool whose limited use will be extended to BIGCO without charge during this service engagement and for the reasonable time between this engagement and the finalization by BIGCO of a separate, comprehensive, cleanup plan.