z/OS Communications Server Technical Update
1,044 views
69 slides
May 17, 2023
Slide 1 of 69
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
About This Presentation
In this session, the speakers will provide a look at new and coming features in z/OS 3.1 Communications Server. Features to be covered include:
- Networking support for z/OS containers
- Network security enhancements
- z/OS UNIX syslogd support for secure logging over TCP
- Communications Server exp...
Slide Content
© 2023 IBM Corporation 1
z/OS Communications Server
Technical Update
Mike Fitzpatrick –[email protected]
Sam Reynolds [email protected]
May 17, 2023
Enterprise Network Solutions Customer Advocate Program
PDF available on Slideshare:
https://ibm.biz/zOS31CS
z/OS Communications Server
Technical Update
Mike Fitzpatrick –[email protected]
Sam Reynolds [email protected]
May 17, 2023
Enterprise Network Solutions Customer Advocate Program
PDF available on Slideshare:
https://ibm.biz/zOS31CS
© 2023 IBM Corporation 2
Agenda
•Network security enhancements
•FTP Server JES access control
•AT-TLS currency with System SSL
•zERTNetwork Analyzer enhanced upgrade support
•z/OS UNIX syslogdsupport for secure logging over TCP
•Networking support for z/OS containers
•Communications Server support for RoCEExpress3
•Communications Server exploitation of the IBM Function Registry for z/OS
•Function removals
•Additional Information
•Appendix
•Functional removal statements of direction for V2R5 removals
Agenda
•Network security enhancements
•FTP Server JES access control
•AT-TLS currency with System SSL
•zERTNetwork Analyzer enhanced upgrade support
•z/OS UNIX syslogdsupport for secure logging over TCP
•Networking support for z/OS containers
•Communications Server support for RoCEExpress3
•Communications Server exploitation of the IBM Function Registry for z/OS
•Function removals
•Additional Information
•Appendix
•Functional removal statements of direction for V2R5 removals
© 2023 IBM Corporation 3
IBM's statements regarding its plans, directions, and intent are subject
to change or withdrawal without notice at IBM's sole discretion.
Information regarding potential future products is intended to outline our
general product direction and it should not be relied on in making a
purchasing decision. The information mentioned regarding potential
future products is not a commitment, promise, or legal obligation to
deliver any material, code, or functionality. Information about potential
future products may not be incorporated into any contract. The
development, release, and timing of any future features or functionality
described for our products remain at our sole discretion.
IBM's statements regarding its plans, directions, and intent are subject
to change or withdrawal without notice at IBM's sole discretion.
Information regarding potential future products is intended to outline our
general product direction and it should not be relied on in making a
purchasing decision. The information mentioned regarding potential
future products is not a commitment, promise, or legal obligation to
deliver any material, code, or functionality. Information about potential
future products may not be incorporated into any contract. The
development, release, and timing of any future features or functionality
described for our products remain at our sole discretion.
© 2023 IBM Corporation 4
Network Security
Enhancements
Network Security
Enhancements
© 2023 IBM Corporation 5
FTP Server JES
Access Control
FTP Server JES
Access Control
© 2023 IBM Corporation 6
JES interface support in the z/OS FTP server
Submit
Job
Retrieve
output
Query
statusJES
Job
PUT
DIR
GET
z/OS
FTP
Server
JES interface characteristics
•All JES types (Jobs, started tasks, TSO, APPC)
•Details on DIR command output for jobs in input, active, or output status
•JESINTERFACELEVEL determines whether FTP users have access to jobs matching
their logged-in user ID plus one character (JESINTERFACELEVEL=1, the default) or
broader access (JESINTERFACELEVEL=2).
•Filtering and access based on SAF interface
•Filtering of jobs controlled via three SITE options:
–JESJOBNAME (default <userID>*)
–JESOWNER (default <userID>)
–JESSTATUS
FTP-based
RJE to z/OS
JES interface support in the z/OS FTP server
Submit
Job
Retrieve
output
Query
statusJES
Job
PUT
DIR
GET
z/OS
FTP
Server
JES interface characteristics
•All JES types (Jobs, started tasks, TSO, APPC)
•Details on DIR command output for jobs in input, active, or output status
•JESINTERFACELEVEL determines whether FTP users have access to jobs matching
their logged-in user ID plus one character (JESINTERFACELEVEL=1, the default) or
broader access (JESINTERFACELEVEL=2).
•Filtering and access based on SAF interface
•Filtering of jobs controlled via three SITE options:
–JESJOBNAME (default <userID>*)
–JESOWNER (default <userID>)
–JESSTATUS
FTP-based
RJE to z/OS
© 2023 IBM Corporation 7
FTP JES interface -Sample DIR command output
ftp> quote site filetype=jes jesjobname=testjob*
200 SITE command was accepted
ftp> dir
200 Port request OK.
125 List started OK for JESJOBNAME=TESTJOB*, JESSTATUS=ALL and JESOWNER=USER1
JOBNAME JOBID OWNER STATUS CLASS
TESTJOB1 JOB00051 USER1 OUTPUT A RC=000 4 spool files
TESTJOB2 JOB00050 USER1 OUTPUT A RC=000 4 spool files
TESTJOB2 JOB00049 USER1 OUTPUT A ABEND=806 3 spool files
TESTJOB2 JOB00048 USER1 OUTPUT A (JCL error) 3 spool files
TESTJOB4 JOB00055 USER1 INPUT A -DUP-
TESTJOB4 JOB00054 USER1 ACTIVE A
TESTJOB3 JOB00053 USER1 ACTIVE A
TESTJOB2 JOB00052 USER1 ACTIVE A
250 List completed successfully.
ftp: 500 bytes received in 0.22Seconds 2.27Kbytes/sec.
ftp>
FTP JES interface -Sample DIR command output
ftp> quote site filetype=jes jesjobname=testjob*
200 SITE command was accepted
ftp> dir
200 Port request OK.
125 List started OK for JESJOBNAME=TESTJOB*, JESSTATUS=ALL and JESOWNER=USER1
JOBNAME JOBID OWNER STATUS CLASS
TESTJOB1 JOB00051 USER1 OUTPUT A RC=000 4 spool files
TESTJOB2 JOB00050 USER1 OUTPUT A RC=000 4 spool files
TESTJOB2 JOB00049 USER1 OUTPUT A ABEND=806 3 spool files
TESTJOB2 JOB00048 USER1 OUTPUT A (JCL error) 3 spool files
TESTJOB4 JOB00055 USER1 INPUT A -DUP-
TESTJOB4 JOB00054 USER1 ACTIVE A
TESTJOB3 JOB00053 USER1 ACTIVE A
TESTJOB2 JOB00052 USER1 ACTIVE A
250 List completed successfully.
ftp: 500 bytes received in 0.22Seconds 2.27Kbytes/sec.
ftp>
© 2023 IBM Corporation 8
FTP Server JES interface
§Some security experts have expressed concern over this interface
§There are existing mechanisms to control access to FTP JES mode:
•SAF JESJOBS and JESSPOOL classes (with FTP
JESINTERFACELEVEL 2)
•FTP server exits (FTCHKJES, FTCHKCMD)
-Many customers do not like solutions based on the use of exits
§Customers have requested a simple way to disable FILETYPE=JES, or at
least limit the users who can access it
•RFE 125660 Increasing Security and Control for FTP JES Interface
-Aha! Idea ZOS-I-482
-54
FTP Server JES interface
§Some security experts have expressed concern over this interface
§There are existing mechanisms to control access to FTP JES mode:
•SAF JESJOBS and JESSPOOL classes (with FTP
JESINTERFACELEVEL 2)
•FTP server exits (FTCHKJES, FTCHKCMD)
-Many customers do not like solutions based on the use of exits
§Customers have requested a simple way to disable FILETYPE=JES, or at
least limit the users who can access it
•RFE 125660 Increasing Security and Control for FTP JES Interface
-Aha! Idea ZOS-I-482
-54
© 2023 IBM Corporation 9
FTP Server JES interface
§A SERVAUTH class resource is added to z/OS V2R3-V2R5 via
APAR PH42618 to explicitly control user access to FTP JES mode:
§Permission to this resource allows a user to enter JES mode. Without it,
any attempt to enter JES mode is rejected:
§This new resource is NOT a replacement for the JESJOBS or JESSPOOL
classes! Those classes (and FTP JESINTERFACELEVEL 2) should still
be implemented as they control JES access well beyond FTP
EZB.FTP.sysname.ftpdaemonname.ACCESS.JES
200 –User username is not allowed to use FILETYPE=JES
FTP Server JES interface
§A SERVAUTH class resource is added to z/OS V2R3-V2R5 via
APAR PH42618 to explicitly control user access to FTP JES mode:
§Permission to this resource allows a user to enter JES mode. Without it,
any attempt to enter JES mode is rejected:
§This new resource is NOT a replacement for the JESJOBS or JESSPOOL
classes! Those classes (and FTP JESINTERFACELEVEL 2) should still
be implemented as they control JES access well beyond FTP
EZB.FTP.sysname.ftpdaemonname.ACCESS.JES
200 –User username is not allowed to use FILETYPE=JES
© 2023 IBM Corporation 10
AT-TLS Currency
with System SSL
AT-TLS Currency
with System SSL
© 2023 IBM Corporation 11
AT-TLS currency -Support for x25519 and x448 KEX under TLSv1.2
§System SSL provides support for:
•x25519 and x448 elliptic curves (ecurves) key exchange for TLSv1.0, TLSv1.1,
and TLSv1.2 protocols
•Option to limit the TLS server’s allowable ecurves
§AT-TLS is exposing this functionality through AT-TLS configuration
parameters
AT-TLS currency -Support for x25519 and x448 KEX under TLSv1.2
§System SSL provides support for:
•x25519 and x448 elliptic curves (ecurves) key exchange for TLSv1.0, TLSv1.1,
and TLSv1.2 protocols
•Option to limit the TLS server’s allowable ecurves
§AT-TLS is exposing this functionality through AT-TLS configuration
parameters
© 2023 IBM Corporation 12
AT-TLS currency -Support for x25519 and x448 KEX under TLSv1.2 …
§AT-TLS allows elliptic curves x25519 and x448 to be used in key
exchange negotiation during handshake process for TLSv1.0, TLSv1.1,
and TLSv1.2 protocol
§AT-TLS server also has the ability limit its curve list used for key exchange
negotiation
§This function is available in z/OS V2R5 with APAR PH45902
•System SSL APAR (OA61783) is required
•NCA APAR PH47400 provides the ability to configure the new parameters for
V2R5
AT-TLS currency -Support for x25519 and x448 KEX under TLSv1.2 …
§AT-TLS allows elliptic curves x25519 and x448 to be used in key
exchange negotiation during handshake process for TLSv1.0, TLSv1.1,
and TLSv1.2 protocol
§AT-TLS server also has the ability limit its curve list used for key exchange
negotiation
§This function is available in z/OS V2R5 with APAR PH45902
•System SSL APAR (OA61783) is required
•NCA APAR PH47400 provides the ability to configure the new parameters for
V2R5
© 2023 IBM Corporation 13
AT-TLS currency –TLSv1.3 sysplexsession ticket caching
§Up through TLSv1.2 System SSL supported sysplex-wide Session ID
(SID) caches
§TLSv1.3 protocol supports session resumption through a different
approach
•Uses “session tickets” that contain all the information the server needs to
resume a TLSv1.3 session
•No server-side cache
•Client caches one-time-use “session tickets” returned by server
•Session ticket is encrypted and decrypted by server using AES
•To perform an abbreviated handshake, the client sends a Client Hello message
to the server that contains a cached session ticket from the client cache
•If the server recognizes the ticket and can successfully decrypt it, it continues
with the abbreviated handshake with many of the same advantages seen in
previous TLS versions
§AT-TLS supported TLSv1.3 beginning in V2R4 including support for
session resumption using session tickets but only within the scope of a
single application address space. There was no sysplex-wide support.
AT-TLS currency –TLSv1.3 sysplexsession ticket caching
§Up through TLSv1.2 System SSL supported sysplex-wide Session ID
(SID) caches
§TLSv1.3 protocol supports session resumption through a different
approach
•Uses “session tickets” that contain all the information the server needs to
resume a TLSv1.3 session
•No server-side cache
•Client caches one-time-use “session tickets” returned by server
•Session ticket is encrypted and decrypted by server using AES
•To perform an abbreviated handshake, the client sends a Client Hello message
to the server that contains a cached session ticket from the client cache
•If the server recognizes the ticket and can successfully decrypt it, it continues
with the abbreviated handshake with many of the same advantages seen in
previous TLS versions
§AT-TLS supported TLSv1.3 beginning in V2R4 including support for
session resumption using session tickets but only within the scope of a
single application address space. There was no sysplex-wide support.
© 2023 IBM Corporation 14
AT-TLS currency –TLSv1.3 sysplexsession ticket caching …
§System SSL is adding sysplex-wide support for TLSv1.3 session tickets
§AT-TLS is exposing this functionality through AT-TLS configuration
parameters
•To enable sysplex-wide TLSv1.3 session ticket caching for an AT-TLS server
-Configure the new AT-TLS parameter GSK_SYSPLEX_SESSION_TICKET_CACHE
on the TTLSGskAdvancedParmsstatement
-Optionally configure GSK_SESSION_TICKET_CLIENT_MAXCACHED parameter on
the client to specify the maximum number of session tickets that are allowed to be
cached by the client for each unique TLSv1.3 session
-Can also be configured through the NCA
-GSKSRVR task must be started for all systems in the sysplexthat require TLS
session resumption
AT-TLS currency –TLSv1.3 sysplexsession ticket caching …
§System SSL is adding sysplex-wide support for TLSv1.3 session tickets
§AT-TLS is exposing this functionality through AT-TLS configuration
parameters
•To enable sysplex-wide TLSv1.3 session ticket caching for an AT-TLS server
-Configure the new AT-TLS parameter GSK_SYSPLEX_SESSION_TICKET_CACHE
on the TTLSGskAdvancedParmsstatement
-Optionally configure GSK_SESSION_TICKET_CLIENT_MAXCACHED parameter on
the client to specify the maximum number of session tickets that are allowed to be
cached by the client for each unique TLSv1.3 session
-Can also be configured through the NCA
-GSKSRVR task must be started for all systems in the sysplexthat require TLS
session resumption
© 2023 IBM Corporation 15
zERTNetwork
Analyzer Enhanced
Upgrade Support
zERTNetwork
Analyzer Enhanced
Upgrade Support
© 2023 IBM Corporation 16
Background: Encrypting TCP/IP network traffic on z/OS
z/OS provides 4 mechanisms to cryptographically
protect TCP/IP traffic:
TLS/SSL direct usage
•Application is explicitly coded to use these
•Configuration and auditing is unique to each application
•Per-session protection
•TCP only
Application Transparent TLS (AT-TLS)
•TLS/SSL applied in TCP layer as defined by policy
•Configured in AT-TLS policy via Configuration Assistant
•Auditing through SMF 119 records
•Typically transparent to application
•TCP/IP stack is user of System SSL services
Virtual Private Networks using IPSecand IKE
•“Platform to platform” encryption
•IPSecimplemented in IP layer as defined by policy
•Auditing via SMF 119 records at tunnel level only
•Completely transparent to application
•Wide variety (any to all) of traffic is protected
•IKE negotiates IPSectunnels dynamically
Secure Shell using z/OS OpenSSH
•Mainly used for sftpon z/OS, but also offers secure terminal
access and TCP port forwarding
•Configured in sshconfiguration file and on command line
•Auditing via SMF 119 records
•TCP only
TCP/IP
Comm
Server
z/OS
Application
JSSE
DB2, CICS, IMS Connect,
Guardium, FTP, TN3270,
JES/NJE, RACF RRSF, ….
AT-TLS
ProtectedProtected
TLS/SSL
System SSL
System SSL
1
2
IPSec
Systems
Protected
Any application
or subsystem
VPN
IKE
IPSec3
Open SSH
SSH
Protected
4
MQ, CICS,
Connect:Direct, …
WAS, Java
applications
1
2
3
4
sftp, TCP
appls(port
forwarding)
Background: Encrypting TCP/IP network traffic on z/OS
z/OS provides 4 mechanisms to cryptographically
protect TCP/IP traffic:
TLS/SSL direct usage
•Application is explicitly coded to use these
•Configuration and auditing is unique to each application
•Per-session protection
•TCP only
Application Transparent TLS (AT-TLS)
•TLS/SSL applied in TCP layer as defined by policy
•Configured in AT-TLS policy via Configuration Assistant
•Auditing through SMF 119 records
•Typically transparent to application
•TCP/IP stack is user of System SSL services
Virtual Private Networks using IPSecand IKE
•“Platform to platform” encryption
•IPSecimplemented in IP layer as defined by policy
•Auditing via SMF 119 records at tunnel level only
•Completely transparent to application
•Wide variety (any to all) of traffic is protected
•IKE negotiates IPSectunnels dynamically
Secure Shell using z/OS OpenSSH
•Mainly used for sftpon z/OS, but also offers secure terminal
access and TCP port forwarding
•Configured in sshconfiguration file and on command line
•Auditing via SMF 119 records
•TCP only
TCP/IP
Comm
Server
z/OS
Application
JSSE
DB2, CICS, IMS Connect,
Guardium, FTP, TN3270,
JES/NJE, RACF RRSF, ….
AT-TLS
ProtectedProtected
TLS/SSL
System SSL
System SSL
1
2
IPSec
Systems
Protected
Any application
or subsystem
VPN
IKE
IPSec3
Open SSH
SSH
Protected
4
MQ, CICS,
Connect:Direct, …
WAS, Java
applications
1
2
3
4
sftp, TCP
appls(port
forwarding)
© 2023 IBM Corporation 17
Background (cont)
Given all these mechanisms, configuration methods
and
variation in audit detail…
§How can I tell…
•Which trafficis being protected (and which is not)?
•Howis that traffic being protected?
-Security protocol?
-Protocol version?
-Cryptographic algorithms?
-Key lengths?
-…and so on
•Whodoes on the traffic belong to in case I need to
follow up with them?
§How can I ensure that new configurations adhere
to my company’s security policies?
§Once I’ve answered the above questions, how can
I provide the information to my auditors or
compliance officers?
§Many factors driving these questions:
•Regulatory compliance (corporate, industry,
government)
•Vulnerabilities in protocols and algorithms
•Internal audits
•…and so on
TCP/IP
Comm
Server
z/OS
Application
DB2, CICS, IMS Connect,
Guardium, FTP, TN3270,
JES/NJE, RACF RRSF, ….
AT-TLS
ProtectedProtected
TLS/SSL
System SSL2
IPSec
Systems
Protected
Any application
or subsystem
VPN
IKE
IPSec3
Open SSH
SSH
Protected
4
MQ, CICS,
Connect:Direct, …
WAS, Java
applications sftp, TCP
appls(port
forwarding)
JSSE
System SSL1
Background (cont)
Given all these mechanisms, configuration methods
and
variation in audit detail…
§How can I tell…
•Which trafficis being protected (and which is not)?
•Howis that traffic being protected?
-Security protocol?
-Protocol version?
-Cryptographic algorithms?
-Key lengths?
-…and so on
•Whodoes on the traffic belong to in case I need to
follow up with them?
§How can I ensure that new configurations adhere
to my company’s security policies?
§Once I’ve answered the above questions, how can
I provide the information to my auditors or
compliance officers?
§Many factors driving these questions:
•Regulatory compliance (corporate, industry,
government)
•Vulnerabilities in protocols and algorithms
•Internal audits
•…and so on
TCP/IP
Comm
Server
z/OS
Application
DB2, CICS, IMS Connect,
Guardium, FTP, TN3270,
JES/NJE, RACF RRSF, ….
AT-TLS
ProtectedProtected
TLS/SSL
System SSL2
IPSec
Systems
Protected
Any application
or subsystem
VPN
IKE
IPSec3
Open SSH
SSH
Protected
4
MQ, CICS,
Connect:Direct, …
WAS, Java
applications sftp, TCP
appls(port
forwarding)
JSSE
System SSL1
© 2023 IBM Corporation 18
§zERTDiscovery
•SMF 119 subtype 11 “zERTConnection Detail” records
•These records describe the complete cryptographic protection history of each TCP and EE
connection
•At least one record is written for each connection -and each describes all cryptographic protection
for that connection
•Well suited for real-time monitoring applications
•Depending on your z/OS network traffic, these could be generated in very high volume
§zERTAggregation
•SMF 119 subtype 12 “zERTSummary” records
•These records describe the repeated use of security sessions over time
•Writes one zERTSummary record at the end of each recording interval for each security session
active during the interval
•Well suited for reporting and analysis
•Can greatly reduce the volume of SMF records (over Discovery) while providing the same level of
cryptographic detail
§zERTNetwork Analyzer
•Web-based (z/OSMF) UI to query and analyze zERTSummary (subtype 12) records
•You can just install the latest network analyzer PTF –each one contains an up-to-date fresh
install image
•Intended for z/OS network security administrators (typically systems programmers)
Introducing z/OS Encryption Readiness Technology (zERT)
§zERTDiscovery
•SMF 119 subtype 11 “zERTConnection Detail” records
•These records describe the complete cryptographic protection history of each TCP and EE
connection
•At least one record is written for each connection -and each describes all cryptographic protection
for that connection
•Well suited for real-time monitoring applications
•Depending on your z/OS network traffic, these could be generated in very high volume
§zERTAggregation
•SMF 119 subtype 12 “zERTSummary” records
•These records describe the repeated use of security sessions over time
•Writes one zERTSummary record at the end of each recording interval for each security session
active during the interval
•Well suited for reporting and analysis
•Can greatly reduce the volume of SMF records (over Discovery) while providing the same level of
cryptographic detail
§zERTNetwork Analyzer
•Web-based (z/OSMF) UI to query and analyze zERTSummary (subtype 12) records
•You can just install the latest network analyzer PTF –each one contains an up-to-date fresh
install image
•Intended for z/OS network security administrators (typically systems programmers)
Introducing z/OS Encryption Readiness Technology (zERT)
© 2023 IBM Corporation 19
zERTNetwork Analyzer (zNA)
SMF
SMF
SMF
Db2 for z/OS 11
or later
IBM zERTNetwork Analyzer
z/OSMF
Liberty
z/OS
SMF
119-12
.csv file
SMF dump data sets generated
by IFASMFDPor IFASMFDL
IBM zERTNetwork Analyzer
consumes only SMF type 119
subtype 12 “zERTSummary” records
Users can build queries with scope and security filters:
•Scopefilters: Sysplex/ system / stack, IP addresses
/ server port, z/OS role (client or server) and range
of dates
•Securityfilters: crypto protocol, protocol version,
crypto algorithms and key lengths, etc.
Contains zERT summary data
for the range of time specified in
the query
Query results can be exported
as a CSV file to z/OS UNIX file
system
zERTNetwork Analyzer (zNA)
SMF
SMF
SMF
Db2 for z/OS 11
or later
IBM zERTNetwork Analyzer
z/OSMF
Liberty
z/OS
SMF
119-12
.csv file
SMF dump data sets generated
by IFASMFDPor IFASMFDL
IBM zERTNetwork Analyzer
consumes only SMF type 119
subtype 12 “zERTSummary” records
Users can build queries with scope and security filters:
•Scopefilters: Sysplex/ system / stack, IP addresses
/ server port, z/OS role (client or server) and range
of dates
•Securityfilters: crypto protocol, protocol version,
crypto algorithms and key lengths, etc.
Contains zERT summary data
for the range of time specified in
the query
Query results can be exported
as a CSV file to z/OS UNIX file
system
© 2023 IBM Corporation 20
zERTNetwork Analyzer Enhanced Upgrade Support
§When upgrading zNAto releases prior to 3.1:
•Database connection and application settings need to be manually copied
from one release to another
•Previous releases required the creation of a new IBM zERTNetwork
Analyzer database instead of reusing an existing database.
zERTNetwork Analyzer Enhanced Upgrade Support
§When upgrading zNAto releases prior to 3.1:
•Database connection and application settings need to be manually copied
from one release to another
•Previous releases required the creation of a new IBM zERTNetwork
Analyzer database instead of reusing an existing database.
© 2023 IBM Corporation 21
zERTNetwork Analyzer Enhanced Upgrade Support …
§z/OS 3.1 will provide easier
migration of the zNAsettings
and database
•New panel to reset or import zNA
application settings from a prior
release
-Prior to 3.1, application settings
needed to be manually copied
from one release to another.
•New panel to import zNA
database connection settings from a prior release
-Prior to 3.1, database connection settings needed to be manually copied from one
release to another.
•New DDL templates to facilitate migrating IBM zERTNetwork Analyzer
database to a current schema level
zERTNetwork Analyzer Enhanced Upgrade Support …
§z/OS 3.1 will provide easier
migration of the zNAsettings
and database
•New panel to reset or import zNA
application settings from a prior
release
-Prior to 3.1, application settings
needed to be manually copied
from one release to another.
•New panel to import zNA
database connection settings from a prior release
-Prior to 3.1, database connection settings needed to be manually copied from one
release to another.
•New DDL templates to facilitate migrating IBM zERTNetwork Analyzer
database to a current schema level
© 2023 IBM Corporation 22
z/OS Encryption
Readiness Technology
-Enforce local network encryption standards for TCP traffic in real-time.
-Policy-based rules you build in the Network Configuration Assistant describe
acceptable or unacceptable levels of cryptographic protection along with the
actions to take when TCP connections match those rules.
zERTpolicy-based enforcement –new in z/OS V2R5
Visit Things you should know about zERT on
IBM Community and discover blogs, product documentation, videos, event
information, webinar, and presentations about zERT.
-“We're building self-serve capability for each business unit with zERTdata as the
basis for monitoring security of the mainframe.”
-“We use zERT data for compliance checks.”
-“zERThas given us the upper hand in monitoring mainframe connection security.”
What are users saying about zERT?
Scan the QR code tovisit
z/OS Communications Server on IBM
Community.
(https://ibm.biz/cscommunity)
z/OS Encryption
Readiness Technology
-Enforce local network encryption standards for TCP traffic in real-time.
-Policy-based rules you build in the Network Configuration Assistant describe
acceptable or unacceptable levels of cryptographic protection along with the
actions to take when TCP connections match those rules.
zERTpolicy-based enforcement –new in z/OS V2R5
Visit Things you should know about zERT on
IBM Community and discover blogs, product documentation, videos, event
information, webinar, and presentations about zERT.
-“We're building self-serve capability for each business unit with zERTdata as the
basis for monitoring security of the mainframe.”
-“We use zERT data for compliance checks.”
-“zERThas given us the upper hand in monitoring mainframe connection security.”
What are users saying about zERT?
Scan the QR code tovisit
z/OS Communications Server on IBM
Community.
(https://ibm.biz/cscommunity)
© 2023 IBM Corporation 23
z/OS UNIX syslogd
support for secure
logging over TCP
z/OS UNIX syslogd
support for secure
logging over TCP
© 2023 IBM Corporation 24
What is syslogd?
syslogd(syslog daemon) –A server process running in the z/OS UNIX environment
•System applications and components can use syslogdfor logging messages and
capturing debug information
Controlled by defining rules in a configuration file called /etc/syslog.conf
•Rules define how messages and debug info are received by syslogd
–Local applications write to syslogdusing syslog() API
–List of remote hosts permitted to send messages and debug info
•Rules define where messages and debug info received by syslogdare to be
written
–Local file(s)
–SMF (record type 109)
–Remote destination(s)
What is syslogd?
syslogd(syslog daemon) –A server process running in the z/OS UNIX environment
•System applications and components can use syslogdfor logging messages and
capturing debug information
Controlled by defining rules in a configuration file called /etc/syslog.conf
•Rules define how messages and debug info are received by syslogd
–Local applications write to syslogdusing syslog() API
–List of remote hosts permitted to send messages and debug info
•Rules define where messages and debug info received by syslogdare to be
written
–Local file(s)
–SMF (record type 109)
–Remote destination(s)
© 2023 IBM Corporation 25
syslogdnetwork communication
(1) Local communication
over AF_UNIX sockets
(2) Remote hosts
communicate over UDP
sockets
(3) Remote destinations are
reached over UDP sockets
z/OS Host
syslogd
applicationsapplications
AF_UNIX
Remote Hosts
syslogd
applicationsapplications
UDP
Remote Destinations
syslogd
applicationsapplications
UDP
(1)
(2)
(3)
UDP is unreliable transport -to secure, requires deploying a Virtual Private Network (VPN) using IPSec
syslogdnetwork communication
(1) Local communication
over AF_UNIX sockets
(2) Remote hosts
communicate over UDP
sockets
(3) Remote destinations are
reached over UDP sockets
z/OS Host
syslogd
applicationsapplications
AF_UNIX
Remote Hosts
syslogd
applicationsapplications
UDP
Remote Destinations
syslogd
applicationsapplications
UDP
(1)
(2)
(3)
UDP is unreliable transport -to secure, requires deploying a Virtual Private Network (VPN) using IPSec
© 2023 IBM Corporation 26
syslogdnetwork communication using TCP
Rules in syslogd
configuration file determine
what transport to use
Rules can also be specified
to require encryption of
network communication
using TLS
z/OS Host
syslogd
applicationsapplications
AF_UNIX
Remote Hosts
syslogd
applicationsapplications
UDP or TCP
Remote Destinations
syslogd
applicationsapplications
UDP or TCP
New in 3.1!
syslogdnetwork communication using TCP
Rules in syslogd
configuration file determine
what transport to use
Rules can also be specified
to require encryption of
network communication
using TLS
z/OS Host
syslogd
applicationsapplications
AF_UNIX
Remote Hosts
syslogd
applicationsapplications
UDP or TCP
Remote Destinations
syslogd
applicationsapplications
UDP or TCP
New in 3.1!
© 2023 IBM Corporation 27
Networking Support
for z/OS Containers
Networking Support
for z/OS Containers
© 2023 IBM Corporation 28
z/OS Containers Disclaimer
§Communications Server support for z/OS Containers is a post-3.1 GA
deliverable
§All content being discussed is subject to change
z/OS Containers Disclaimer
§Communications Server support for z/OS Containers is a post-3.1 GA
deliverable
§All content being discussed is subject to change
© 2023 IBM Corporation 29
29
Evolution of Application Deployment
Physical ServersVirtualized ServersServers with Containers
29
Evolution of Application Deployment
Physical ServersVirtualized ServersServers with Containers
© 2023 IBM Corporation 30
Kubernetes Definitions
Kubernetes(K8s) -An open-source system for automating deployment, scaling, and management of containerized applications
•Groups containers that make up an application into logical units (called Pods) for easy management and discovery
Node -Virtual or physical servers where one or more Podscan be scheduled
•A control plane node hosts the Kubernetes Control Plane that controls and manages the whole Kubernetes system
−Runs the API Server, Scheduler, Controller Manager, and etcd(data store for cluster configuration)
•A worker node runs the containerized applications being deployed
−Runs the container runtime, kubelet(communicates with API Server), and z/OS CNI
Cluster: A control plane node and zero or more worker nodes
API Server
Scheduler
Controller Manager
etcd
CLI
kubectl
cri-o
kubelet
Pod1Pod2Pod3
Container 1
Container 2
Container 1Container 1
Container 2
zos-cni
Worker nodes
(on z/OS)
Control plane node
(on z/OS Control Plane Appliance)
Kubernetes Definitions
Kubernetes(K8s) -An open-source system for automating deployment, scaling, and management of containerized applications
•Groups containers that make up an application into logical units (called Pods) for easy management and discovery
Node -Virtual or physical servers where one or more Podscan be scheduled
•A control plane node hosts the Kubernetes Control Plane that controls and manages the whole Kubernetes system
−Runs the API Server, Scheduler, Controller Manager, and etcd(data store for cluster configuration)
•A worker node runs the containerized applications being deployed
−Runs the container runtime, kubelet(communicates with API Server), and z/OS CNI
Cluster: A control plane node and zero or more worker nodes
API Server
Scheduler
Controller Manager
etcd
CLI
kubectl
cri-o
kubelet
Pod1Pod2Pod3
Container 1
Container 2
Container 1Container 1
Container 2
zos-cni
Worker nodes
(on z/OS)
Control plane node
(on z/OS Control Plane Appliance)
© 2023 IBM Corporation 31
z/OS Containers positioning
Linux on zSystemsContainersz/OS Container Extensions (zCX)z/OS Containers
Similar to Linux on zSystemscontainers
Integrated, z/OS managed hosting
environment for Linux on Z containers
deployed in support of z/OS workloads or
data
Provide a container-based cloud native
development and deployment experience
for Linux on Z software
Intended for Linux workloads that benefit
from consolidation and other IBM Z QoS.
Available todayAvailable in z/OS 2.4Statement of Direction
Provide container-based cloud native
development and deployment experience
for z/OS software
Intended to support all native z/OS
application hosting environments (CICS,
IMS, WebSphere, z/OS UNIX, Node.js,
etc…)
z/OS Containers positioning
Linux on zSystemsContainersz/OS Container Extensions (zCX)z/OS Containers
Similar to Linux on zSystemscontainers
Integrated, z/OS managed hosting
environment for Linux on Z containers
deployed in support of z/OS workloads or
data
Provide a container-based cloud native
development and deployment experience
for Linux on Z software
Intended for Linux workloads that benefit
from consolidation and other IBM Z QoS.
Available todayAvailable in z/OS 2.4Statement of Direction
Provide container-based cloud native
development and deployment experience
for z/OS software
Intended to support all native z/OS
application hosting environments (CICS,
IMS, WebSphere, z/OS UNIX, Node.js,
etc…)
© 2023 IBM Corporation 32
z/OS Containers networking
z/OS System
z/OS Worker Node
Pod1
10.10.21.1
z/OS System
z/OS Worker Node
z/OS System
Control Plane Node
z/OS Control
Plane Appliance
10.10.10.1
Pod2
10.10.21.2
Pod1
10.10.22.1
Pod2
10.10.22.2
VIPADYNAMIC
VIPARANGE 255.255.255.255 10.10.10.1 ZCPA
ENDVIPADYNAMIC
VIPADYNAMIC
VIPARANGE 255.255.255.0 10.10.22.0 ZCONTAINER
ENDVIPADYNAMIC
VIPADYNAMIC
VIPARANGE 255.255.255.0 10.10.21.0 ZCONTAINER
ENDVIPADYNAMIC
z/OS Containers networking
z/OS System
z/OS Worker Node
Pod1
10.10.21.1
z/OS System
z/OS Worker Node
z/OS System
Control Plane Node
z/OS Control
Plane Appliance
10.10.10.1
Pod2
10.10.21.2
Pod1
10.10.22.1
Pod2
10.10.22.2
VIPADYNAMIC
VIPARANGE 255.255.255.255 10.10.10.1 ZCPA
ENDVIPADYNAMIC
VIPADYNAMIC
VIPARANGE 255.255.255.0 10.10.22.0 ZCONTAINER
ENDVIPADYNAMIC
VIPADYNAMIC
VIPARANGE 255.255.255.0 10.10.21.0 ZCONTAINER
ENDVIPADYNAMIC
© 2023 IBM Corporation 33
Learn more about networking support for z/OS containers
§For more details, stay tuned for a future CAP education session dedicated
to z/OS containers
Learn more about networking support for z/OS containers
§For more details, stay tuned for a future CAP education session dedicated
to z/OS containers
© 2023 IBM Corporation 34
Communications
Server Support for
RoCEExpress3
Communications
Server Support for
RoCEExpress3
© 2023 IBM Corporation 35
Shared Memory Communications over RDMA (SMC-R)
35
OS image OS image
Virtual server instance
server client
RNIC
RDMA technology provides the capability to allow hosts to logically share
memory. The SMC-R protocol defines a means to exploit the shared memory
for communications -transparentto the applications!
Shared Memory Communications
via RDMA
SMCSMC
RDMA enabled (RoCE)
RNIC
Clustered Systems
SMC-R is an opensockets over RDMA protocol that provides transparent exploitation of RDMA (for TCP
based applications) while preserving key functions and qualities of service from the TCP/IP ecosystem that
enterprise level servers/network depend on!
IETF RFC for SMC-R:
http://www.rfc-editor.org/rfc/rfc7609.txt
Virtual server instance
shared memoryshared memory
Sockets Sockets
Shared Memory Communications over RDMA (SMC-R)
35
OS image OS image
Virtual server instance
server client
RNIC
RDMA technology provides the capability to allow hosts to logically share
memory. The SMC-R protocol defines a means to exploit the shared memory
for communications -transparentto the applications!
Shared Memory Communications
via RDMA
SMCSMC
RDMA enabled (RoCE)
RNIC
Clustered Systems
SMC-R is an opensockets over RDMA protocol that provides transparent exploitation of RDMA (for TCP
based applications) while preserving key functions and qualities of service from the TCP/IP ecosystem that
enterprise level servers/network depend on!
IETF RFC for SMC-R:
http://www.rfc-editor.org/rfc/rfc7609.txt
Virtual server instance
shared memoryshared memory
Sockets Sockets
© 2023 IBM Corporation 36
OSAROCE
TCP
IP
Interface
Sockets
Middleware/Application
z/OS System B
SMC-R
OSAROCE
TCP
IP
Interface
Sockets
Middleware/Application
z/OS System A
SMC-R
Dynamic Transition from TCP/IP to SMC-R
TCP connection establishment over IP
IP Network (Ethernet)
RDMA Network RoCE
TCP connection transitions to SMC-R allowing application data to be exchanged using RDMA
Dynamic (in-line) negotiation for SMC-R is initiated by presence of TCP Options
TCP syn flows (with TCP Options
indicating SMC-R capability)
data exchanged
using RDMA
data exchanged
using RDMA
OSAROCE
TCP
IP
Interface
Sockets
Middleware/Application
z/OS System B
SMC-R
OSAROCE
TCP
IP
Interface
Sockets
Middleware/Application
z/OS System A
SMC-R
Dynamic Transition from TCP/IP to SMC-R
TCP connection establishment over IP
IP Network (Ethernet)
RDMA Network RoCE
TCP connection transitions to SMC-R allowing application data to be exchanged using RDMA
Dynamic (in-line) negotiation for SMC-R is initiated by presence of TCP Options
TCP syn flows (with TCP Options
indicating SMC-R capability)
data exchanged
using RDMA
data exchanged
using RDMA
© 2023 IBM Corporation 37
IP subnet A IP subnet B
Layer 3 networks
SMC Version 2 for SMC-R: SMC-Rv2 (“Routable RoCE”) (V2R5)
Layer 2 networks
SMC V2
connections are not
restricted the same
IP subnet
SMC V2 / RoCEv2 traffic now
crosses IP routers -
encapsulated in UDP/IP
packets –IP routable
RoCEv2 is no longer
limited to a LAN
RoCEv2 uses
UDP Port 4791
(must be open)
CPC -A CPC -B
z/OS
imagesz/OS
images
IP subnet A IP subnet B
Layer 3 networks
SMC Version 2 for SMC-R: SMC-Rv2 (“Routable RoCE”) (V2R5)
Layer 2 networks
SMC V2
connections are not
restricted the same
IP subnet
SMC V2 / RoCEv2 traffic now
crosses IP routers -
encapsulated in UDP/IP
packets –IP routable
RoCEv2 is no longer
limited to a LAN
RoCEv2 uses
UDP Port 4791
(must be open)
CPC -A CPC -B
z/OS
imagesz/OS
images
© 2023 IBM Corporation 38
RoCEExpress3
§Technology refresh
§Dual ports (10GbE or 25GbE)
§RoCEExpress3 features can be shared across LPARs (SR-IOV)
§63 virtual functions (VFs) per physical port
§Maximum of 16 features per CPC
§Supports RoCEv1 and RoCEv2
§Provides improved performance and RAS
RoCEExpress3
§Technology refresh
§Dual ports (10GbE or 25GbE)
§RoCEExpress3 features can be shared across LPARs (SR-IOV)
§63 virtual functions (VFs) per physical port
§Maximum of 16 features per CPC
§Supports RoCEv1 and RoCEv2
§Provides improved performance and RAS
© 2023 IBM Corporation 39
Communications Server
Exploitation of the IBM
Function Registry for z/OS
Communications Server
Exploitation of the IBM
Function Registry for z/OS
© 2023 IBM Corporation 40
CS exploitation of the IBM Function Registry for z/OS
§IBM Function Registry for
z/OS provides information
about the usage of functions
registered with it.
§In z/OS 3.1, Communications
Server makes usage statistics
for a customer’s SNA
applications and sessions
available in the IBM Function
Registry.
§The information obtained can help customers better understand their SNA
application usage.
CS exploitation of the IBM Function Registry for z/OS
§IBM Function Registry for
z/OS provides information
about the usage of functions
registered with it.
§In z/OS 3.1, Communications
Server makes usage statistics
for a customer’s SNA
applications and sessions
available in the IBM Function
Registry.
§The information obtained can help customers better understand their SNA
application usage.
© 2023 IBM Corporation 41
CS exploitation of the IBM Function Registry for z/OS …
§High-water mark for SNA Open ACB and associated session counts is
collected.
§Function Registry is updated with metrics at 5-minute timer intervals
§SNA usage data can provide insight into the extent of SNA application
activity in the network
§The function information can be displayed using IBM Function Registry for
z/OS utilities/commands
•FXEPRINT utility located at SYS1.SAMPLIB (see example on next two charts)
•Display FXE command
§Also available on z/OS CS V2R4 and V2R5 via APAR OA63555. This
APAR has a dependency on BCP Function Registry APAR OA63360.
CS exploitation of the IBM Function Registry for z/OS …
§High-water mark for SNA Open ACB and associated session counts is
collected.
§Function Registry is updated with metrics at 5-minute timer intervals
§SNA usage data can provide insight into the extent of SNA application
activity in the network
§The function information can be displayed using IBM Function Registry for
z/OS utilities/commands
•FXEPRINT utility located at SYS1.SAMPLIB (see example on next two charts)
•Display FXE command
§Also available on z/OS CS V2R4 and V2R5 via APAR OA63555. This
APAR has a dependency on BCP Function Registry APAR OA63360.
© 2023 IBM Corporation 42
CS exploitation of the IBM Function Registry for z/OS …
---------------------------------------------------------------------
Vendor Name: IBM
Vendor Description: International Business Machines Corporation
Vendor Slot Path: VS(1)
---------------------------------------------------------------------
Product Name: z/OS Communications Server
Product Release:03.01.00
Product ID:HVT6310
Instance ID: VTAMCS
Product Description: VTAM
Product Slot Path: VS(1) PS(1,-)
Product Parent: IBM
Product Attributes:
Attribute Name: Counters Last Updated On
Attribute Value: 10/28/22 13:19:54
---------------------------------------------------------------------
…
§Sample output from FXEPRINT:
CS exploitation of the IBM Function Registry for z/OS …
---------------------------------------------------------------------
Vendor Name: IBM
Vendor Description: International Business Machines Corporation
Vendor Slot Path: VS(1)
---------------------------------------------------------------------
Product Name: z/OS Communications Server
Product Release:03.01.00
Product ID:HVT6310
Instance ID: VTAMCS
Product Description: VTAM
Product Slot Path: VS(1) PS(1,-)
Product Parent: IBM
Product Attributes:
Attribute Name: Counters Last Updated On
Attribute Value: 10/28/22 13:19:54
---------------------------------------------------------------------
…
§Sample output from FXEPRINT:
© 2023 IBM Corporation 43
CS exploitation of the IBM Function Registry for z/OS …
Function Name: SNA -General
Function Description: General SNA Information
Function Slot Path: VS(1) PS(1,-) FS(1,AUTHONLY)
Function Parent: z/OS Communications Server
Function Used: YES
Function Enabled: YES
Function Attributes:
Attribute Name: Maximum number of RAPI only applications
Attribute Value: 114
Attribute Name: Maximum number of APPC capable applications
Attribute Value: 16
Attribute Name: Maximum number of TSO applications
Attribute Value: 2
Attribute Name: Maximum number of TN3270 applications
Attribute Value: 7
Attribute Name: Maximum number of RAPI sessions
Attribute Value: 20
Attribute Name: Maximum number of APPC sessions
Attribute Value: 36
Attribute Name: Maximum number of TSO sessions
Attribute Value: 1
Attribute Name: Maximum number of TN3270 sessions
Attribute Value: 5
--------------------------------------------------------------
CS exploitation of the IBM Function Registry for z/OS …
Function Name: SNA -General
Function Description: General SNA Information
Function Slot Path: VS(1) PS(1,-) FS(1,AUTHONLY)
Function Parent: z/OS Communications Server
Function Used: YES
Function Enabled: YES
Function Attributes:
Attribute Name: Maximum number of RAPI only applications
Attribute Value: 114
Attribute Name: Maximum number of APPC capable applications
Attribute Value: 16
Attribute Name: Maximum number of TSO applications
Attribute Value: 2
Attribute Name: Maximum number of TN3270 applications
Attribute Value: 7
Attribute Name: Maximum number of RAPI sessions
Attribute Value: 20
Attribute Name: Maximum number of APPC sessions
Attribute Value: 36
Attribute Name: Maximum number of TSO sessions
Attribute Value: 1
Attribute Name: Maximum number of TN3270 sessions
Attribute Value: 5
--------------------------------------------------------------
© 2023 IBM Corporation 44
Function Removals
Function Removals
© 2023 IBM Corporation 45
Function removals in z/OS 3.1
§Several functions were removed from Communications
Server in z/OS 3.1:
•Withdrawal of support for VTAM® Link Station Architecture (LSA) and
TCP/IP LAN Channel Station (LCS) devices
•Removal of OSA DEVICE/LINK/HOME configuration support
§The statements of direction for these removals are included on the
following charts
Function removals in z/OS 3.1
§Several functions were removed from Communications
Server in z/OS 3.1:
•Withdrawal of support for VTAM® Link Station Architecture (LSA) and
TCP/IP LAN Channel Station (LCS) devices
•Removal of OSA DEVICE/LINK/HOME configuration support
§The statements of direction for these removals are included on the
following charts
© 2023 IBM Corporation 46
Statement of Direction: Withdrawal of support for VTAM®
Link Station Architecture (LSA) and TCP/ IP LAN Channel
Station (LCS) devices (Issued July 27, 2021)
As stated in Hardware Announcement 121-029, dated May 4, 2021, many IBM
clients continue to rely on Systems Network Architecture (SNA) applications for
mission-critical workloads, and IBM has no plans to discontinue support of the
SNA protocol, including the SNA APIs. However, IBM support for the SNA protocol
being transported natively out of the server using OSA Express 1000BASE-T
adapters configured as channel type “OSE” will be eliminated in a future hardware
system family. With the support for OSE planned to be discontinued, support for
the related VTAM and TCP/IP device drivers is also planned to be discontinued.
IBM intends z/OS V2.5 to be the last z/OS release to provide support for LSA
(SNA) and LCS (TCP/IP) devices. z/OS systems that have workloads that rely on
the SNA protocol and utilize OSE networking channels as the transport should be
updated to make use of some form of SNA over IP technology, where possible,
such as Enterprise Extender.
•A migration health check is provided to identify if VTAM Link Station Architecture
(LSA) devices are in use. These devices are configured with MEDIUM=CSMACD in
the XCA major node PORT statement. This health check is available with SNA
APAR OA62208 on z/OS V2R3, V2R4, and V2R5.
Statement of Direction: Withdrawal of support for VTAM®
Link Station Architecture (LSA) and TCP/ IP LAN Channel
Station (LCS) devices (Issued July 27, 2021)
As stated in Hardware Announcement 121-029, dated May 4, 2021, many IBM
clients continue to rely on Systems Network Architecture (SNA) applications for
mission-critical workloads, and IBM has no plans to discontinue support of the
SNA protocol, including the SNA APIs. However, IBM support for the SNA protocol
being transported natively out of the server using OSA Express 1000BASE-T
adapters configured as channel type “OSE” will be eliminated in a future hardware
system family. With the support for OSE planned to be discontinued, support for
the related VTAM and TCP/IP device drivers is also planned to be discontinued.
IBM intends z/OS V2.5 to be the last z/OS release to provide support for LSA
(SNA) and LCS (TCP/IP) devices. z/OS systems that have workloads that rely on
the SNA protocol and utilize OSE networking channels as the transport should be
updated to make use of some form of SNA over IP technology, where possible,
such as Enterprise Extender.
•A migration health check is provided to identify if VTAM Link Station Architecture
(LSA) devices are in use. These devices are configured with MEDIUM=CSMACD in
the XCA major node PORT statement. This health check is available with SNA
APAR OA62208 on z/OS V2R3, V2R4, and V2R5.
© 2023 IBM Corporation 47
Statement of Direction: Removal of OSA
DEVICE/LINK/HOME configuration support (Issued July 27,
2021)
z/OS V2.5 is planned to be the last z/OS release to provide support
for the TCP/IP profile statements DEVICE, LINK, and HOME for OSA
connectivity. All z/OS users who currently use DEVICE, LINK, or
HOME for OSA connectivity should migrate to the INTERFACE
statement for defining OSA Express connectivity in their TCP/IP
profile.
•A migration health check is provided to identify if TCP/IP profile statements
DEVICE, LINK, and HOME for OSA-Express connectivity are in use. This
health check is available with SNA APAR OA62208 and TCP/IP APAR
PH40875 on z/OS V2R3, V2R4, and V2R5.
•For guidance, refer to the z/OS Communications Server IP Configuration
Guide topic “Steps for converting from IPv4 IPAQENET DEVICE, LINK, and
HOME definitions to the IPv4 IPAQENET INTERFACE statement”.
Statement of Direction: Removal of OSA
DEVICE/LINK/HOME configuration support (Issued July 27,
2021)
z/OS V2.5 is planned to be the last z/OS release to provide support
for the TCP/IP profile statements DEVICE, LINK, and HOME for OSA
connectivity. All z/OS users who currently use DEVICE, LINK, or
HOME for OSA connectivity should migrate to the INTERFACE
statement for defining OSA Express connectivity in their TCP/IP
profile.
•A migration health check is provided to identify if TCP/IP profile statements
DEVICE, LINK, and HOME for OSA-Express connectivity are in use. This
health check is available with SNA APAR OA62208 and TCP/IP APAR
PH40875 on z/OS V2R3, V2R4, and V2R5.
•For guidance, refer to the z/OS Communications Server IP Configuration
Guide topic “Steps for converting from IPv4 IPAQENET DEVICE, LINK, and
HOME definitions to the IPv4 IPAQENET INTERFACE statement”.
© 2023 IBM Corporation 48
Additional Information
Additional Information
© 2023 IBM Corporation 49
•Support for SMF compliance evidence (z/OS V2R4 and V2R5)
•z/OS® Communications Server with APAR PH37372 generates new
SMF type 1154 records that provide compliance evidence for the
TCP/IP stack (subtype 1), FTP daemon (subtype 2), TN3270E Telnet
server (subtype 3), and CSSMTP client (subtype 4).
•See the z/OS Communication Server New Function APAR
Summary pages for more information, including dependencies
and restrictions
Additional recent Communications Server deliveries
•Support for SMF compliance evidence (z/OS V2R4 and V2R5)
•z/OS® Communications Server with APAR PH37372 generates new
SMF type 1154 records that provide compliance evidence for the
TCP/IP stack (subtype 1), FTP daemon (subtype 2), TN3270E Telnet
server (subtype 3), and CSSMTP client (subtype 4).
•See the z/OS Communication Server New Function APAR
Summary pages for more information, including dependencies
and restrictions
Additional recent Communications Server deliveries
© 2023 IBM Corporation 50
•IBM zERTNetwork Analyzer passphrase and password management
support (z/OS V2R3, V2R4, and V2R5)
•The IBM zERTNetwork Analyzer with APAR PH43119 (z/OS V2R4
and V2R5) or APAR PH43118 (z/OS V2R3) supports the use of
passphrases up to 100 characters to connect to the Db2 for z/OS
database. The IBM zERTNetwork Analyzer includes additional
enhancements in the Database Settings panel to clear existing
database credentials to allow for easier switching to a different
database user ID.
•See the z/OS Communication Server New Function APAR Summary
pages for more information, including dependencies and restrictions
Additional recent Communications Server deliveries …
•IBM zERTNetwork Analyzer passphrase and password management
support (z/OS V2R3, V2R4, and V2R5)
•The IBM zERTNetwork Analyzer with APAR PH43119 (z/OS V2R4
and V2R5) or APAR PH43118 (z/OS V2R3) supports the use of
passphrases up to 100 characters to connect to the Db2 for z/OS
database. The IBM zERTNetwork Analyzer includes additional
enhancements in the Database Settings panel to clear existing
database credentials to allow for easier switching to a different
database user ID.
•See the z/OS Communication Server New Function APAR Summary
pages for more information, including dependencies and restrictions
Additional recent Communications Server deliveries …
© 2023 IBM Corporation 51
The IBM Ideas Portal
§A New Way to Submit Ideas
TheIBMIdeas Portal provides a new way for
customers, business partners andIBMersto suggest
changes to our products andservices, replacing the
Request for Enhancements (RFE) process.
§Why is it changing?
TheIBMIdeasPortal is asingle, company-wide
portal, which will improve your experience by
providing youwith:
a single view into your ideas
an easier way to track them
the ability to collaborate with users, partners and
IBMersaround the world.
§For more details about the
migration, visit www.ibm.com/ideas
The new IBM Software Ideas portal for mainframe hardware and operating systems:
https://ibm-z-hardware-and-operating-systems.ideas.ibm.com/?project=ZOS
§Use ideas.ibm.comto:
-Submit new ideas
-View the status of ideas you have
previously submitted
-Vote, comment or subscribe to others’
ideas
-View the status of ideas you have
previously voted or commented on, or
subscribed to
The IBM Ideas Portal
§A New Way to Submit Ideas
TheIBMIdeas Portal provides a new way for
customers, business partners andIBMersto suggest
changes to our products andservices, replacing the
Request for Enhancements (RFE) process.
§Why is it changing?
TheIBMIdeasPortal is asingle, company-wide
portal, which will improve your experience by
providing youwith:
a single view into your ideas
an easier way to track them
the ability to collaborate with users, partners and
IBMersaround the world.
§For more details about the
migration, visit www.ibm.com/ideas
The new IBM Software Ideas portal for mainframe hardware and operating systems:
https://ibm-z-hardware-and-operating-systems.ideas.ibm.com/?project=ZOS
§Use ideas.ibm.comto:
-Submit new ideas
-View the status of ideas you have
previously submitted
-Vote, comment or subscribe to others’
ideas
-View the status of ideas you have
previously voted or commented on, or
subscribed to
© 2023 IBM Corporation 52
The IBM Ideas Portal …
The IBM Ideas Portal …
© 2023 IBM Corporation 53
•We maintain web pages that provide a summary of the new function
APARs available for each release:
•Includes a summary of the function, a link to the APAR, and a
link to the function documentation
•V2R4: https://www.ibm.com/support/pages/zos-v2r4-
communication-server-new-function-apar-summary
•V2R5: https://www.ibm.com/support/pages/zos-v2r5-
communication-server-new-function-apar-summary
New function APAR summary web pages
•We maintain web pages that provide a summary of the new function
APARs available for each release:
•Includes a summary of the function, a link to the APAR, and a
link to the function documentation
•V2R4: https://www.ibm.com/support/pages/zos-v2r4-
communication-server-new-function-apar-summary
•V2R5: https://www.ibm.com/support/pages/zos-v2r5-
communication-server-new-function-apar-summary
New function APAR summary web pages
© 2023 IBM Corporation 54
New function APAR summary web pages -Example
New function APAR summary web pages -Example
© 2023 IBM Corporation 55
White paper on OSA-Express best practices
http://ibm.biz/OSACSBP
This white paper is provided for the purpose of aiding IBM z/OS
customers by providing a general set of considerations (a checklist) for
guidance focused on configuring OSA-Express for optimizing network
performance.
IBM z/OS Communications Server
and OSA-Express Best Practices
White paper on OSA-Express best practices
http://ibm.biz/OSACSBP
This white paper is provided for the purpose of aiding IBM z/OS
customers by providing a general set of considerations (a checklist) for
guidance focused on configuring OSA-Express for optimizing network
performance.
IBM z/OS Communications Server
and OSA-Express Best Practices
© 2023 IBM Corporation 56
V2R5: z/OS Communications Server Performance Summary Report
https://ibm.biz/zcsv2r5perfsummary
z/OS CS Performance Summary Reports for all releases are available,
in the “z/OS Communications Server Performance Index” at:
https://www.ibm.com/support/pages/zos-communications-server-
performance-index
V2R5: z/OS Communications Server Performance Summary Report
https://ibm.biz/zcsv2r5perfsummary
z/OS CS Performance Summary Reports for all releases are available,
in the “z/OS Communications Server Performance Index” at:
https://www.ibm.com/support/pages/zos-communications-server-
performance-index
© 2023 IBM Corporation 57
Start your free IBM online learningand
earn IBM open badges!Digital Badges & Online Courses
Networking on z/OS -Foundations•IBM Open Badge:
https://ibm.biz/zosnetworkingbadge
z/OS TCP/IP Configuration with NCA •IBM Open Badge:
http://ibm.biz/NCAbadge
z/OS Network Security -Foundations•IBM Open Badge:
http://ibm.biz/zosnetsecuritybadge
zERTPolicy Enforcement Configuration with NCA •IBM Open Badge:
http://ibm.biz/NCA_zERTbadge
Use the IBM Configuration Assistant for z/OS Communications
Server (NCA) to create and manage TCP/IP profiles.
Foundational understanding of networking on z/OS.
•Online course:
https://ibm.biz/zosnetworkingcourse
•Online course:
http://ibm.biz/NCATCPIPcourse
Knowledge and foundational understanding of z/OS
network security.
•Online course:
http://ibm.biz/zosnetsecuritycourse
Configure zERTPolicy Enforcement using the IBM Configuration
Assistant for z/OS Communications Server (NCA)
•Online course:
http://ibm.biz/NCA_zERTcourse
•IBM Open Badge:
http://ibm.biz/tcpipl1badge
•Online course:
https://ibm.biz/tcpipl1course
TCP/IP on z/OS Essentials -Level 1
General knowledge and understanding of TCP/IP on z/OS, including
network layers, protocols at each layer, and the hardware that
facilitates the transport of data.
Start your free IBM online learningand
earn IBM open badges!Digital Badges & Online Courses
Networking on z/OS -Foundations•IBM Open Badge:
https://ibm.biz/zosnetworkingbadge
z/OS TCP/IP Configuration with NCA •IBM Open Badge:
http://ibm.biz/NCAbadge
z/OS Network Security -Foundations•IBM Open Badge:
http://ibm.biz/zosnetsecuritybadge
zERTPolicy Enforcement Configuration with NCA •IBM Open Badge:
http://ibm.biz/NCA_zERTbadge
Use the IBM Configuration Assistant for z/OS Communications
Server (NCA) to create and manage TCP/IP profiles.
Foundational understanding of networking on z/OS.
•Online course:
https://ibm.biz/zosnetworkingcourse
•Online course:
http://ibm.biz/NCATCPIPcourse
Knowledge and foundational understanding of z/OS
network security.
•Online course:
http://ibm.biz/zosnetsecuritycourse
Configure zERTPolicy Enforcement using the IBM Configuration
Assistant for z/OS Communications Server (NCA)
•Online course:
http://ibm.biz/NCA_zERTcourse
•IBM Open Badge:
http://ibm.biz/tcpipl1badge
•Online course:
https://ibm.biz/tcpipl1course
TCP/IP on z/OS Essentials -Level 1
General knowledge and understanding of TCP/IP on z/OS, including
network layers, protocols at each layer, and the hardware that
facilitates the transport of data.
© 2023 IBM Corporation 58
Join Us on the
IBM Community!
Scan the QR code to visit
the z/OS Communications
Server home page on IBM
Community.
The z/OS Communications Server page on the IBM
Community provides rich and up-to-date technical
content including blogs, videos, and event
information.
Join us at our new home:
https://www.ibm.com/community/z/software/comm-server/
Join Us on the
IBM Community!
Scan the QR code to visit
the z/OS Communications
Server home page on IBM
Community.
The z/OS Communications Server page on the IBM
Community provides rich and up-to-date technical
content including blogs, videos, and event
information.
Join us at our new home:
https://www.ibm.com/community/z/software/comm-server/
© 2023 IBM Corporation 59
Thank You!
Any Questions?
Mike Fitzpatrick
STSM, CPO for Communications Server, Lead Architect Multi-site
Workload Lifeline. Performance & Design
[email protected]
Sam Reynolds
Enterprise Networking Solutions -Architecture, Design, and Strategy
[email protected]
PDF available on Slideshare:
https://ibm.biz/zOS31CS
Thank You!
Any Questions?
Mike Fitzpatrick
STSM, CPO for Communications Server, Lead Architect Multi-site
Workload Lifeline. Performance & Design
[email protected]
Sam Reynolds
Enterprise Networking Solutions -Architecture, Design, and Strategy
[email protected]
PDF available on Slideshare:
https://ibm.biz/zOS31CS
© 2023 IBM Corporation 60
Appendix
•Functional removal statements of direction for V2R5
removals
Appendix
•Functional removal statements of direction for V2R5
removals
© 2023 IBM Corporation 61
Functional Removal
Statements of Direction
for V2R5 Removals
Functional Removal
Statements of Direction
for V2R5 Removals
© 2023 IBM Corporation 62
Statement of Direction: Removal of native TLS/SSL support
from TN3270E Telnet server, FTP server, and DCAS (Issued
July 23, 2019)
z/OS V2.4 is planned to be the last release in which the z/OS TN3270E
Telnet server, FTP server, and Digital Certificate Access Server (DCAS) will
support direct invocation of System SSL APIs for TLS/SSL protection. In the
future, the only TLS/SSL protection option for these servers will be
Application Transparent Transport Layer Security (AT-TLS). The direct
System SSL support in each of these components is functionally outdated
and only supports TLS protocols up through TLSv1.1. IBM recommends
converting your TN3270E Telnet, FTP server, and DCAS configurations to
use AT-TLS, which supports the latest System SSL features, including the
TLSv1.2 and TLSv1.3 protocols and related cipher suites. Note that while
native TLS/SSL support for z/OS FTP client is not being withdrawn at this
time, no future enhancements are planned for that support. IBM
recommends using AT-TLS to secure FTP client traffic.
§A migration health check to alert users of the native TLS/SSL support in the
TN3270E server, the FTP server and DCAS to the coming removal of that support
will be available via APARs OA59022, OA58255, PH21573, and PH16144.
Statement of Direction: Removal of native TLS/SSL support
from TN3270E Telnet server, FTP server, and DCAS (Issued
July 23, 2019)
z/OS V2.4 is planned to be the last release in which the z/OS TN3270E
Telnet server, FTP server, and Digital Certificate Access Server (DCAS) will
support direct invocation of System SSL APIs for TLS/SSL protection. In the
future, the only TLS/SSL protection option for these servers will be
Application Transparent Transport Layer Security (AT-TLS). The direct
System SSL support in each of these components is functionally outdated
and only supports TLS protocols up through TLSv1.1. IBM recommends
converting your TN3270E Telnet, FTP server, and DCAS configurations to
use AT-TLS, which supports the latest System SSL features, including the
TLSv1.2 and TLSv1.3 protocols and related cipher suites. Note that while
native TLS/SSL support for z/OS FTP client is not being withdrawn at this
time, no future enhancements are planned for that support. IBM
recommends using AT-TLS to secure FTP client traffic.
§A migration health check to alert users of the native TLS/SSL support in the
TN3270E server, the FTP server and DCAS to the coming removal of that support
will be available via APARs OA59022, OA58255, PH21573, and PH16144.
© 2023 IBM Corporation 63
Statement of Direction: Removal of policy data import
function from the Network Configuration Assistant (Issued
July 23, 2019)
z/OS V2.4 will be the last release that the Network Configuration
Assistant (NCA) z/OSMF plug-in supports the policy data import
function, which allows you to import existing Policy Agent
configuration files into the Network Configuration Assistant. After
z/OS V2.4, import of policy configuration files will no longer be
supported for AT-TLS, IPSec, PBR, and IDS technologies.
Import of TCP/IP profiles into NCA is not affected.
Statement of Direction: Removal of policy data import
function from the Network Configuration Assistant (Issued
July 23, 2019)
z/OS V2.4 will be the last release that the Network Configuration
Assistant (NCA) z/OSMF plug-in supports the policy data import
function, which allows you to import existing Policy Agent
configuration files into the Network Configuration Assistant. After
z/OS V2.4, import of policy configuration files will no longer be
supported for AT-TLS, IPSec, PBR, and IDS technologies.
Import of TCP/IP profiles into NCA is not affected.
© 2023 IBM Corporation 64
Statement of Direction: Withdrawal of Support for CMIP
(Issued February 26, 2019)
z/OS V2.4 is planned to be the last release to support the VTAM
Common Management Information Protocol (CMIP). CMIP services
is an API that enables a management application program to gather
various types of SNA topology data from a CMIP application called
the topology agent that runs within VTAM. IBM recommends using
the SNA network monitoring network management interface (NMI) to
monitor SNA Enterprise Extender and High Performance Routing
data.
•A migration health check to alert CMIP users to the coming removal is
available via APARs OA57227 (V2R2, V2R3) and OA57753 (V2R4).
Note: IBM has announced that IBM Z NetViewV6.3 will be the
last release to support the SNA Topology Manager (the main
consumer of CMIP data).
Statement of Direction: Withdrawal of Support for CMIP
(Issued February 26, 2019)
z/OS V2.4 is planned to be the last release to support the VTAM
Common Management Information Protocol (CMIP). CMIP services
is an API that enables a management application program to gather
various types of SNA topology data from a CMIP application called
the topology agent that runs within VTAM. IBM recommends using
the SNA network monitoring network management interface (NMI) to
monitor SNA Enterprise Extender and High Performance Routing
data.
•A migration health check to alert CMIP users to the coming removal is
available via APARs OA57227 (V2R2, V2R3) and OA57753 (V2R4).
Note: IBM has announced that IBM Z NetViewV6.3 will be the
last release to support the SNA Topology Manager (the main
consumer of CMIP data).
© 2023 IBM Corporation 65
Statement of Direction: Removal of SysplexDistributor
support for workload balancing to IBM DataPower(R) Gateway
products (Issued July 23, 2019)
z/OS V2.4 is the last release to support SysplexDistributor target
controlled distribution to DataPower Gateway products. This feature
is deprecated in the DataPower Gateway. IBM recommends that you
implement another solution for workload balancing that might be
through an external load balancer. This removal does not impact any
other SysplexDistributor functions, only configurations that have
TARGCONTROLLED specified on the VIPADISTRIBUTE statement.
Statement of Direction: Removal of SysplexDistributor
support for workload balancing to IBM DataPower(R) Gateway
products (Issued July 23, 2019)
z/OS V2.4 is the last release to support SysplexDistributor target
controlled distribution to DataPower Gateway products. This feature
is deprecated in the DataPower Gateway. IBM recommends that you
implement another solution for workload balancing that might be
through an external load balancer. This removal does not impact any
other SysplexDistributor functions, only configurations that have
TARGCONTROLLED specified on the VIPADISTRIBUTE statement.
© 2023 IBM Corporation 66
Notices and disclaimers
—©2023 International Business Machines Corporation.Nopartof this
document may be reproduced or transmitted in any form without
writtenpermission from IBM.
—U.S.Government Users Restricted Rights—use, duplication or
disclosure restrictedby GSA ADP Schedule Contract with IBM.
—Information in thesepresentations (including information relating to
products that have not yetbeen announced by IBM) has been reviewed
for accuracy as of the date of initialpublication andcould include
unintentional technical or typographical errors.IBM shall have no
responsibility to update this information. This document is distributed
“as is” without any warranty, either express or implied. In no
event, shall IBM be liable for any damage arising from the use of
this information, including but not limited to, loss of data,
business interruption, loss of profit or loss of opportunity.
IBMproductsand services are warranted per the terms and conditions
ofthe agreements under which they are provided.
—IBM products are manufacturedfrom new parts or new and used parts.
In some cases, a product may not be newand may have been
previously installed. Regardless, our warranty terms apply.”
—Anystatements regarding IBM's future direction, intent or product
plans aresubject to change or withdrawal without notice.
—Performancedata contained hereinwas generally obtained in a
controlled, isolatedenvironments.Customerexamplesare presented
as illustrations of how those
—customers have used IBMproductsand the results they may have
achieved.Actual performance, cost, savings or other results in other
operatingenvironments may vary.
—References in this document toIBM products, programs, or
services does not imply that IBM intends to makesuch products,
programs or services available in all countries in which
IBMoperatesor does business.
—Workshops, sessions andassociated materials may have been
prepared by independent session speakers,and do not necessarily
reflect the views of IBM.Allmaterials and discussions areprovided
for informational purposes only, and areneither intended to, nor shall
constitute legal or other guidance or advice toany individual
participant or their specific situation.
—It is thecustomer’s responsibilityto insure its own compliance
withlegal requirements and to obtain advice of competent legal
counsel as to theidentification and interpretation of any relevantlaws
and regulatory requirements that may affect the customer’s business
and any actions the customermay need to take to comply with such
laws.IBMdoes not provide legal advice orrepresent or warrant that
its services or products will ensure that thecustomer follows any law.
Notices and disclaimers
—©2023 International Business Machines Corporation.Nopartof this
document may be reproduced or transmitted in any form without
writtenpermission from IBM.
—U.S.Government Users Restricted Rights—use, duplication or
disclosure restrictedby GSA ADP Schedule Contract with IBM.
—Information in thesepresentations (including information relating to
products that have not yetbeen announced by IBM) has been reviewed
for accuracy as of the date of initialpublication andcould include
unintentional technical or typographical errors.IBM shall have no
responsibility to update this information. This document is distributed
“as is” without any warranty, either express or implied. In no
event, shall IBM be liable for any damage arising from the use of
this information, including but not limited to, loss of data,
business interruption, loss of profit or loss of opportunity.
IBMproductsand services are warranted per the terms and conditions
ofthe agreements under which they are provided.
—IBM products are manufacturedfrom new parts or new and used parts.
In some cases, a product may not be newand may have been
previously installed. Regardless, our warranty terms apply.”
—Anystatements regarding IBM's future direction, intent or product
plans aresubject to change or withdrawal without notice.
—Performancedata contained hereinwas generally obtained in a
controlled, isolatedenvironments.Customerexamplesare presented
as illustrations of how those
—customers have used IBMproductsand the results they may have
achieved.Actual performance, cost, savings or other results in other
operatingenvironments may vary.
—References in this document toIBM products, programs, or
services does not imply that IBM intends to makesuch products,
programs or services available in all countries in which
IBMoperatesor does business.
—Workshops, sessions andassociated materials may have been
prepared by independent session speakers,and do not necessarily
reflect the views of IBM.Allmaterials and discussions areprovided
for informational purposes only, and areneither intended to, nor shall
constitute legal or other guidance or advice toany individual
participant or their specific situation.
—It is thecustomer’s responsibilityto insure its own compliance
withlegal requirements and to obtain advice of competent legal
counsel as to theidentification and interpretation of any relevantlaws
and regulatory requirements that may affect the customer’s business
and any actions the customermay need to take to comply with such
laws.IBMdoes not provide legal advice orrepresent or warrant that
its services or products will ensure that thecustomer follows any law.
© 2023 IBM Corporation 67
Notices and disclaimers
—Information concerning non-IBMproducts was obtained from the
suppliers of those products, their publishedannouncements or other
publicly available sources.IBM has not tested thoseproducts about
this publication and cannot confirm the accuracy of performance,
compatibility or any other claims related to non-IBM
products.Questions on the capabilitiesof non-IBM products should
be addressed to the suppliers of those products. IBMdoes not
warrant the quality of any third-party products, or the ability of
anysuch third-party products to interoperatewith IBM’s products.
IBM expressly disclaims all warranties, expressed or implied,
including but not limited to, the implied warranties of
merchantability and fitness for a purpose.
—The provision of the informationcontained herein is not intended to,
and does not, grant any right or licenseunder any IBM patents,
copyrights, trademarks or other intellectual propertyright.
—IBM, the IBM logo, ibm.comand [names of other referenced
IBM products and services used in the presentation] are
trademarks of International Business Machines Corporation,
registered in many jurisdictions worldwide. Other product and
service names might betrademarks ofIBM or other
companies. A current list of IBM trademarks is available on
theWeb at "Copyright and trademark information" at:
www.ibm.com/legal/copytrade.shtml
Notices and disclaimers
—Information concerning non-IBMproducts was obtained from the
suppliers of those products, their publishedannouncements or other
publicly available sources.IBM has not tested thoseproducts about
this publication and cannot confirm the accuracy of performance,
compatibility or any other claims related to non-IBM
products.Questions on the capabilitiesof non-IBM products should
be addressed to the suppliers of those products. IBMdoes not
warrant the quality of any third-party products, or the ability of
anysuch third-party products to interoperatewith IBM’s products.
IBM expressly disclaims all warranties, expressed or implied,
including but not limited to, the implied warranties of
merchantability and fitness for a purpose.
—The provision of the informationcontained herein is not intended to,
and does not, grant any right or licenseunder any IBM patents,
copyrights, trademarks or other intellectual propertyright.
—IBM, the IBM logo, ibm.comand [names of other referenced
IBM products and services used in the presentation] are
trademarks of International Business Machines Corporation,
registered in many jurisdictions worldwide. Other product and
service names might betrademarks ofIBM or other
companies. A current list of IBM trademarks is available on
theWeb at "Copyright and trademark information" at:
www.ibm.com/legal/copytrade.shtml
© 2023 IBM Corporation 68
Trademarks
The following are trademarks of the International Business Machines Corporation in the United States and/or other countries.
The following are trademarks or registered trademarks of other companies.
* Registered trademarks of IBM Corporation
* All other products may be trademarks or registered trademarks of their respective companies.
Notes:
Performance is in Internal Throughput Rate (ITR) ratio based on measurements and projections using standard IBM benchmarks ina controlled environment. The actual throughput that any
user will experience will vary depending upon considerations such as the amount of multiprogramming in the user's job stream,the I/O configuration, the storage configuration, and the
workload processed. Therefore, no assurance can be given that an individual user will achieve throughput improvements equivalent to the performance ratios stated here.
IBM hardware products are manufactured from new parts, or new and serviceable used parts. Regardless, our warranty terms apply.
All customer examples cited or described in this presentation are presented as illustrations of the manner in which some customers have used IBM products and the results they may have
achieved. Actual environmental costs and performance characteristics will vary depending on individual customer configurations and conditions.
This publication was produced in the United States. IBM may not offer the products, services or features discussed in this document in other countries, and the information may be subject
to change without notice. Consult your local IBM business contact for information on the product or services available in your area.
All statements regarding IBM's future direction and intent are subject to change or withdrawal without notice, and represent goals and objectives only.
Information about non-IBM products is obtained from the manufacturers of those products or their published announcements. IBM has not tested those products and cannot confirm the
performance, compatibility, or any other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products.
Prices subject to change without notice. Contact your IBM representative or Business Partner for the most current pricing in your geography.
IBM*
IBM Logo*
Adobe, the Adobe logo, PostScript, and the PostScript logo are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States, and/or other countries.
IT Infrastructure Library is a registered trademark of the Central Computer and Telecommunications Agency which is now part of the Office of Government Commerce.
Intel, Intel logo, Intel Inside, Intel Inside logo, Intel Centrino, Intel Centrino logo, Celeron, Intel Xeon, Intel SpeedStep, Itanium, and Pentium are trademarks or registered trademarks of Intel
Corporation or its subsidiaries in the United States and other countries.
Linux is a registered trademark of Linus Torvalds in the United States, other countries, or both.
Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in the United States, other countries, or both.
ITIL is a registered trademark, and a registered community trademark of the Office of Government Commerce, and is registered in the U.S. Patent and Trademark Office.
UNIX is a registered trademark of The Open Group in the United States and other countries.
Java and all Java-based trademarks and logos are trademarks or registered trademarks of Oracle and/or its affiliates.
Cell Broadband Engine is a trademark of Sony Computer Entertainment, Inc. in the United States, other countries, or both and is used under license therefrom.
Linear Tape-Open, LTO, the LTO Logo, Ultrium, and the Ultrium logo are trademarks of HP, IBM Corp. and Quantum in the U.S. and other countries.
Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries. Docker, Inc. and other parties may also have trademark
rights in other terms used herein.
Trademarks
The following are trademarks of the International Business Machines Corporation in the United States and/or other countries.
The following are trademarks or registered trademarks of other companies.
* Registered trademarks of IBM Corporation
* All other products may be trademarks or registered trademarks of their respective companies.
Notes:
Performance is in Internal Throughput Rate (ITR) ratio based on measurements and projections using standard IBM benchmarks ina controlled environment. The actual throughput that any
user will experience will vary depending upon considerations such as the amount of multiprogramming in the user's job stream,the I/O configuration, the storage configuration, and the
workload processed. Therefore, no assurance can be given that an individual user will achieve throughput improvements equivalent to the performance ratios stated here.
IBM hardware products are manufactured from new parts, or new and serviceable used parts. Regardless, our warranty terms apply.
All customer examples cited or described in this presentation are presented as illustrations of the manner in which some customers have used IBM products and the results they may have
achieved. Actual environmental costs and performance characteristics will vary depending on individual customer configurations and conditions.
This publication was produced in the United States. IBM may not offer the products, services or features discussed in this document in other countries, and the information may be subject
to change without notice. Consult your local IBM business contact for information on the product or services available in your area.
All statements regarding IBM's future direction and intent are subject to change or withdrawal without notice, and represent goals and objectives only.
Information about non-IBM products is obtained from the manufacturers of those products or their published announcements. IBM has not tested those products and cannot confirm the
performance, compatibility, or any other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products.
Prices subject to change without notice. Contact your IBM representative or Business Partner for the most current pricing in your geography.
IBM*
IBM Logo*
Adobe, the Adobe logo, PostScript, and the PostScript logo are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States, and/or other countries.
IT Infrastructure Library is a registered trademark of the Central Computer and Telecommunications Agency which is now part of the Office of Government Commerce.
Intel, Intel logo, Intel Inside, Intel Inside logo, Intel Centrino, Intel Centrino logo, Celeron, Intel Xeon, Intel SpeedStep, Itanium, and Pentium are trademarks or registered trademarks of Intel
Corporation or its subsidiaries in the United States and other countries.
Linux is a registered trademark of Linus Torvalds in the United States, other countries, or both.
Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in the United States, other countries, or both.
ITIL is a registered trademark, and a registered community trademark of the Office of Government Commerce, and is registered in the U.S. Patent and Trademark Office.
UNIX is a registered trademark of The Open Group in the United States and other countries.
Java and all Java-based trademarks and logos are trademarks or registered trademarks of Oracle and/or its affiliates.
Cell Broadband Engine is a trademark of Sony Computer Entertainment, Inc. in the United States, other countries, or both and is used under license therefrom.
Linear Tape-Open, LTO, the LTO Logo, Ultrium, and the Ultrium logo are trademarks of HP, IBM Corp. and Quantum in the U.S. and other countries.
Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries. Docker, Inc. and other parties may also have trademark
rights in other terms used herein.
Tags
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 1,044
- Slides 69
- Age 930 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
30 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
32 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
30 views
14
Fertility awareness methods for women in the society
Isaiah47
29 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
26 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
28 views