Optional Items in the CICS Resources Definition File

Micro Focus recommends disabling features you don't need, particularly for production regions, by editing your various Enterprise Server for .NET configuration files. These are items you can disable in the resources definition file used by one or more CICS regions.

A CICS resources definitions file contains many types of resources. Resources are collected into groups. At region startup, a region's system initialization table (SIT) specifies a startup list of groups, and all the resources from the groups on that list are installed (made available). Some of these will be system resources that are required for CICS operation or are normally present (though some of the latter can be disabled if the administrator wants to restrict user access more than normal). Others are resources that have been created for your CICS applications.

The sample CICS resources definition file contains a large number of system and sample resources, and several startup lists and SITs. Administrators typically create the SIT and startup list for their regions by copying and modifying entries from the sample resources definition file, which may leave your regions defining and installing resources they don't need. You can remove unneeded resources by removing unnecessary groups from your startup list or deleting the groups or resources entirely. Note that if users have access to the CICS system transaction CINS or the EXEC CICS CREATE system APIs, they can install additional resources after startup, so removing groups from the startup list may not be sufficient, depending on your threat model.

Groups you may wish to remove from your CICS regions include:

DFH$ACCT

ACCT sample application.

DFH$APCT

CICS PL/I sample application. PL/I is not currently supported in Enterprise Server for .NET (so this sample cannot be used anyway).

DFH$IMQS and DFHMQS

IBM MQ sample application and MQ trigger transaction. MQ is not currently supported in Enterprise Server for .NET.

DFH$IVP

This group currently contains only a TN3270 printer definition.

DFHBRDG

Samples for the 3270 Bridge, which is not currently supported in Enterprise Server for .NET.

DFHCDDE, DFHCIPX, DFHCNETB, and DFHCTCP

Empty groups included for compatibility with the sample resource definitions for the native Enterprise Server product.

DFHCIVP

Samples for Distributed Program Link (DPL) and Function Shipping (FS). Enterprise Server for .NET does not currently support DPL or FS.

DFHELCG

Samples for Micro Focus Enterprise Link Component Generator, which is not currently supported by Enterprise Server for .NET.

DFHEXCI

The CPMI system transaction for EXCI, and the HR01 sample for CICS REST web services. If you do not use EXCI or REST web services, you do not need to install this group for your region.

DFHEZA

Definitions for IBM EZ Sockets APIs. EZ Sockets is not currently supported in Enterprise Server for .NET.

DFHISC

Used for Micro Focus Inter-System Communication, a CICS-to-CICS communication protocol for native Enterprise Server. It is not currently supported by Enterprise Server for .NET.

DFHSPI

The CINS transaction for dynamically installing resources, and the CFCR transaction for creating VSAM files. Normally these are included in a region, but an administrator might remove them to make these operations unavailable to users.

IMSGRP

CICS/IMS sample. IMS is not currently supported by Enterprise Server for .NET.

MCOASM

Assembler program sample. Assembler is not currently supported by Enterprise Server for .NET.

MCOGROUP

A single transaction, CMAP, which is used to display BMS maps on the terminal. Usually there is no exposure associated with this utility, but administrators might want to remove it from a locked-down region for completeness.