Subsystem Control Point (SCP)
SCP stands for the Subsystem Control Point. SCP is a part of the DSM architecture. The SCP process is a central point through which management applications and subsystems exchange Subsystem Programmatic Interface (SPI) messages
Management processes send SPI messages to an SCP process, which routes each message to a specified subsystem process. Subsystems return response messages to the SCP process, which sends each response to the originator of the corresponding request.
The SPI standard definitions are provided by HP in files of source declarations in DDL and in the programming languages that support Distributed Systems Management (TAL, C, Pascal, COBOL85, and TACL). They consist of six definition files “ “one in each language plus the DDL definition file.
RISK If SCP is not active, SPI messages will not function properly.
SCP is made up of the following components :
SCP
SCPTC
SCPTCOL
SCP
An SCP trace creates a record of an object's activity, such as messages sent and received by SCP. Traces are initiated by the subsystem communicating with SCP, but SCP starts and initializes the collector process that receives the trace records.
SCP is generally run as the process $ZNET.
A tracing environment consists of:
The trace procedure called by the tracing process
The extended data segment to which the trace data is written
A disk file for recording the trace records
A collector process that copies trace data from the extended data segment into the disk file.
SCPTC and SCPTCOL
SCPTC and SCPTCOL are trace collectors.
The older SCP Trace-Collector object file is SCPTC.
The newer SCP Trace-Collector object file is SCPTCOL.
RISK SCP will not function properly unless the SCPTC and SCPTCOL object files both reside in the same subvolume as SCP and have the same software release version as the SCP object file.
Securing SCP Components
BP-PROCESS-SCP-01 $ZNET process should be running.
BP-FILE-SCP-01 SCP should be secured "UUNU".
BP-OPSYS-LICENSE-01 SCP must be LICENSED.
BP-OPSYS-OWNER-01 SCP should be owned by SUPER.SUPER.
BP-OPSYS-FILELOC-01 SCP must reside in $SYSTEM.SYSnn
BP-FILE-SCP-02 SCPTC should be secured "UUCU".
BP-OPSYS-LICENSE-01 SCPTC must be LICENSED.
BP-OPSYS-OWNER-01 SCPTC should be owned by SUPER.SUPER.
BP-OPSYS-FILELOC-01 SCPTC must reside in $SYSTEM.SYSnn
BP-FILE-SCP-03 SCPTCOL should be secured "UUCU".
BP-OPSYS-LICENSE-01 SCPTCOL must be LICENSED.
BP-OPSYS-OWNER-01 SCPTCOL should be owned by SUPER.SUPER.
BP-OPSYS-FILELOC-01 SCPTCOL must reside in $SYSTEM.SYSnn
If available, use Safeguard software or a third party object security product to grant access to SCP only to users who require it in order to perform their jobs.
BP-SAFE-SCP-01 Add a Safeguard Protection Record to grant appropriate access to the SCP object file.
BP-SAFE-SCP-02 Add a Safeguard Protection Record to grant appropriate access to the SCPTC object file.
BP-SAFE-SCP-03 Add a Safeguard Protection Record to grant appropriate access to the SCPTCOL object file.
| Discovery Questions | Look here: | |
|---|---|---|
| PROCESS-SCP-01 | Is the $ZNET process running? | Status |
| OPSYS-OWNER-01 | Who owns the SCP object file? | Fileinfo |
| OPSYS-OWNER-01 | Who owns the SCPTC object file? | Fileinfo |
| OPSYS-OWNER-01 | Who owns the SCPTCOL object file? | Fileinfo |
| OPSYS-LICENSE-01 | Is the SCP object file licensed? | Fileinfo |
| OPSYS-LICENSE-01 | Is the SCPTC object file licensed? | Fileinfo |
| OPSYS-LICENSE-01 | Is the SCPTCOL object file licensed? | Fileinfo |
| FILE-POLICY | Who is allowed to run SCP on the system? | Policy |
| FILE-SCP-01 | Is the SCP object file correctly secured with the Guardian or Safeguard system? | Fileinfo Safecom |
| FILE-SCP-02 | Is the SCPTC object file secured correctly? | Fileinfo |
| FILE-SCP-03 | Is the SCPTCOL object file secured correctly? | Fileinfo |
Related Topics
SCF
