ACF2 security scan, without the mainframe tax

The trigger. “Run the ACF2 security configuration scan (MRISEASC) on this LPAR and get a clean result file ready to upload for our Security Essentials assessment.”

The old way

Michal runs the full four-system relay. He downloads the toolkit in the web UI, FTP-uploads the two ACF2 transmit files with hand-set allocations, and RECEIVEs them in TSO. Then he rewrites the MRISEASC job card and the HLQ/SYSPLEX variables in the JCL editor, submits the job, and digs through the return codes to work out what happened.

There is also a trap underneath all of it. He reuses the toolkit already on the LPAR without realizing it is back-level. So even a “successful” run can produce a file the web UI later rejects, which sends him into a support ticket and a redo from scratch.

The Flow way

He opens the MRI Toolkit: ACF2 Security Scan template, or he types his “I need to…” into the generate screen. The graph runs these steps:

Prepare MRI Toolkit (Action) → Upload SEA.CNTL.XMI → Upload SEA.LOAD.XMI (Zowe) → Render install JCL (Action) → Submit install JCL → Poll install status (Zowe) → Submit MRISEASC scan → Poll scan status (Zowe) → Download scan spool. It also has a built-in failure branch to Download spool (on failure) for when the scan return code is not clean.

He sets his connection and HLQ once and hits Play. The toolkit is fetched fresh and pinned across every step, so there is no stale copy or half-upgraded mismatch. The result file lands locally and is ready to upload. If anything fails, the diagnostic spool is already downloaded.

Payoff

	Old way	Flow way
Tools touched	4	1
Manual steps	~12	1 (Play) + one-time config
JCL / allocation editing	By hand, every run	Templated, filled once
On failure	Manual log hunt	Spool auto-downloaded
Version drift	Silent fail, ticket, full redo (days)	Fetched + pinned per run; fix pushed via hub update