Professional Documents
Culture Documents
com yourdotcom
International Technical Support Organization and Authoring Services
www.ibm.com/redbooks
ibm.com
yourdotcom
Notices
This information was developed for products and services offered in the U.S.A. IBM may not offer the products, services, or features discussed in this document in other countries. Consult your local IBM representative for information on the products and services currently available in your area. Any reference to an IBM product, program, or service is not intended to state or imply that only that IBM product, program, or service may be used. Any functionally equivalent product, program, or service that does not infringe any IBM intellectual property right may be used instead. However, it is the user's responsibility to evaluate and verify the operation of any non-IBM product, program, or service. IBM may have patents or pending patent applications covering subject matter described in this document. The furnishing of this document does not give you any license to these patents. You can send license inquiries, in writing, to: IBM Director of Licensing, IBM Corporation, North Castle Drive, Armonk, NY 10504-1785 U.S.A. The following paragraph does not apply to the United Kingdom or any other country where such provisions are inconsistent with local law: INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THIS PUBLICATION "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Some states do not allow disclaimer of express or implied warranties in certain transactions, therefore, this statement may not apply to you. This information could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein; these changes will be incorporated in new editions of the publication. IBM may make improvements and/or changes in the product(s) and/or the program(s) described in this publication at any time without notice. Any references in this information to non-IBM Web sites are provided for convenience only and do not in any manner serve as an endorsement of those Web sites. The materials at those Web sites are not part of the materials for this IBM product and use of those Web sites is at your own risk. IBM may use or distribute any of the information you supply in any way it believes appropriate without incurring any obligation to you. Any performance data contained herein was determined in a controlled environment. Therefore, the results obtained in other operating environments may vary significantly. Some measurements may have been made on development-level systems and there is no guarantee that these measurements will be the same on generally available systems. Furthermore, some measurement may have been estimated through extrapolation. Actual results may vary. Users of this document should verify the applicable data for their specific environment. Information concerning non-IBM products was obtained from the suppliers of those products, their published announcements or other publicly available sources. IBM has not tested those products and cannot confirm the accuracy of performance, compatibility or any other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products. This information contains examples of data and reports used in daily business operations. To illustrate them as completely as possible, the examples include the names of individuals, companies, brands, and products. All of these names are fictitious and any similarity to the names and addresses used by an actual business enterprise is entirely coincidental. COPYRIGHT LICENSE: This information contains sample application programs in source language, which illustrate programming techniques on various operating platforms. You may copy, modify, and distribute these sample programs in any form without payment to IBM, for the purposes of developing, using, marketing or distributing application programs conforming to the application programming interface for the operating platform for which the sample programs are written. These examples have not been thoroughly tested under all conditions. IBM, therefore, cannot guarantee or imply reliability, serviceability, or function of these programs. Note to U.S. Government Users Restricted Rights -- Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
Page 1
ibm.com
yourdotcom
Java and all Java-based trademarks are trademarks of Sun Microsystems, Inc. in the United States, other countries, or both. Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in the United States, other countries, or both. Intel, Intel Inside (logos), MMX and Pentium are trademarks of Intel Corporation in the United States, other countries, or both. UNIX is a registered trademark of The Open Group in the United States and other countries. Linux is a trademark of Linus Torvalds in the United States, other countries, or both. Red Hat is a trademark of Red Hat, Inc. SUSE LINUX Professional 9.2 from Novell Other company, product, or service names may be trademarks or service marks of others. This information is for planning purposes only. The information herein is subject to change before the products described become generally available. Disclaimer: All statements regarding IBM future direction or intent, including current product plans, are subject to change or withdrawal without notice and represent goals and objectives only. All information is provided for informational purposes only, on an as is basis, without warranty of any kind.
All performance data contained in this publication was obtained in the specific operating environment and under the conditions described and is presented as an illustration. Performance obtained in other operating environments may vary and customers should conduct their own testing. Refer to www.ibm.com/legal/us for further legal information.
Page 2
ibm.com
yourdotcom
Trademarks
The following terms are trademarks of the International Business Machines Corporation in the United States, other countries, or both:
IBM has two registered trademarks for the branding of ITSO publications. These registered marks are for the text word "IBM Redbooks" and the Redbooks logo. In a nutshell, the term Redbooks must always be used in the plural form (for both text and logo) since IBM only owns the registered mark for the plural form. Usage must follow the guidelines below: Using the term Redbooks in written text Redbooks are only to be referred to in the plural form, NEVER in the singular. For the initial reference (first occurrence), you must use "IBM Redbooks" and include "IBM" as well as the . For instances thereafter you may use "Redbooks" without "IBM" preceding the word or following it. Correct usage for written text : In this IBM Redbooks publication we will explore..( symbol required for 1st usage) This Redbooks publication will show you..(2nd usage or later - no or "IBM" needed) Using the logo:
Redbooks (logo)
OTHER ITSO PUBLICATIONS - Marks not yet registered Trademark registration is a lengthy process and until we are officially registered, we cannot use the symbol. For those terms/logos in process, we will be using the symbol. In contrast to the symbol (placed in the lower right hand corner), the symbol is placed in the upper right hand corner. Please see examples below: Redpaper Redpapers Redwiki Redwikis
TM
The following terms are trademarks of other companies: Java and all Java-based trademarks are trademarks of Sun Microsystems, Inc. in the United States, other countries, or both. Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in the United States, other countries, or both. Intel, Intel logo, Intel Inside, Intel Inside logo, Intel Centrino, Intel Centrino logo, Celeron, Intel Xeon, Intel SpeedStep, Itanium, and Pentium are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries. UNIX is a registered trademark of The Open Group in the United States and other countries. Linux is a trademark of Linus Torvalds in the United States, other countries, or both. Other company, product, or service names may be trademarks or service marks of others.
Page 3
ibm.com
yourdotcom
Agenda
Workshop introduction z/OS V1R11 Communications Server
Application integration, data consolidation, and standards Availability and business resilience Scalability, performance, constraint relief, and accelerators Networking security Simplification and ease-of-use SNA and Enterprise Extender Virtualization Systems management and monitoring
What does Web services mean to your z/OS networking environment Next generation Internet: IPv6 Roadmap for SNA modernization Trends and direction
Disclaimer: All statements regarding IBM future direction or intent, including current product plans, are subject to change or withdrawal without notice and represent goals and objectives only. All information is provided for informational purposes only, on an as is basis, without warranty of any kind. 2009 IBM Corporation
Page 4
ibm.com
yourdotcom
Some practical information before we start A certain level of familiarity with both SNA and TCP/IP networking technologies in general and on z/OS specifically is assumed. This is a technical update workshop. However the content has been designed so both the experienced and not so experienced participant is expected to acquire useful new knowledge and skills.
Anything that says BEEP, BOINK, DING-DONG, or plays Beethoven's Ninth
We will take frequent breaks for coffee, tea, lunch, or other personal needs.
Please put phones into buzzer, vibrate, or whatever non-noisy mode they support.
Page 5
ibm.com
yourdotcom
Security
Continue to provide transparent networking security technologies (IPSec, SSL/TLS, Intrusion Detection, IP filtering, etc.)
Continue to focus on true end-to-end security Enable customers to meet security compliance requirements (FIPS,PCI, DoD, NIST, etc.) Enable z/OS to be the enterprise-wide network security services hub
IPv4
SNA
Page 6
ibm.com
yourdotcom
IBM Communications Server for z/OS V1R10 TCP/IP Implementation: Volume 2: Standard Applications - SG24-7697
http://www.redbooks.ibm.com/redpieces/abstracts/sg247697.html?Open
IBM Communications Server for z/OS V1R10 TCP/IP Implementation Volume 3: High Availability, Scalability, and Performance - SG24-7698
http://www.redbooks.ibm.com/redpieces/abstracts/sg247698.html?Open
IBM Communications Server for z/OS V1R10 TCP/IP Implementation Volume 4: Security and Policy-Based Networking - SG24-7699
http://www.redbooks.ibm.com/redpieces/abstracts/sg247699.html?Open
z/OS V1R11 versions of these three Redbooks will be made available later this year or early 2010:
Volume 1: SG24-7798, Volume 2: SG24-7799, Volume 3: SG24-7800, and Volume 4: SG24-7801. Search on http://www.ibm.com/redbooks
Page 7
IBM ITSO - International Technical Support Organization
ibm.com
yourdotcom
Page 8
ibm.com
yourdotcom
http://www.rfc-editor.org/rfcsearch.html http://www.ibm.com/systems/z/os/zos/bkserv/
ibm.com
yourdotcom
Agenda
Workshop introduction z/OS V1R11 Communications Server
Application integration, data consolidation, and standards Availability and business resilience Scalability, performance, constraint relief, and accelerators Networking security Simplification and ease-of-use SNA and Enterprise Extender Virtualization Systems management and monitoring
What does Web services mean to your z/OS networking environment Next generation Internet: IPv6 Roadmap for SNA modernization Trends and direction
Disclaimer: All statements regarding IBM future direction or intent, including current product plans, are subject to change or withdrawal without notice and represent goals and objectives only. All information is provided for informational purposes only, on an as is basis, without warranty of any kind. 2009 IBM Corporation
Page 10
ibm.com
yourdotcom
SNA and TCP/IP programming interfaces Generic APIs Systems management APIs Policy-based networking technologies (QoS, PBR, IDS, ATTLS, IPSec) zMF-based GUI configuration of policies Network workload management technologies Sysplex Distributor, Load Balancing Advisor, SNA generic resources Dual TCP/IP stack in support of both IPv4 and IPv6 Transparent network security services (ATTLS, IPSec VPNs, IDS) Standard TCP/IP application suite (TN3270, FTP, SMTP, SNTP, etc.) IP system services (SNMPv3, OSPFv3, DNS, etc.) z/OS Sysplex-specific support for HA (Dynamic VIPA technologies) Legacy SNA support SNA subarea and SNA APPN SNA over TCP/IP (Enterprise Extender) Hardware device drivers for network interfaces (OSA QDIO, HiperSockets, XCF, MPC+, etc.)
SNA APPN/HPR over IP (EE) SNA APPN w. SNA Subarea ISR and HPR
TCP/UDP/RAW
IPv4
IPv6
SNA
SNA
IPv4, IPv6
IPv4, IPv6
IPv4
XCF protocols
Coupling Facility (CF) links
OSA-E, Hiper OSA-E2, and Sockets OSA-E3 incl. VLAN support (up to 10 Gb)
Page 11
ibm.com
yourdotcom
Price/Performance Enhancements Subsystem Demands Architecture Boards SOA Enablement Common Components/Share Services IBM STG Hardware and z/OS Demands Mandatory changes due to z/OS changes Currently 10 network technologies on six generations of hardware z/OS Communications Server does not control the priorities here External Network Connectivity
OSA iQDIO, QDIO, XCF, MPC, LSA, CDLC
Standards Bodies Demands Approx 50 of the 100 IETF working groups alter Internet protocols
TCP/IP, APIs, TN3270, FTP, DNS, SNMP, IPSec,
ibm.com
yourdotcom
SNA and EE
z/OS CS
Virtualization Security
Increased security requirements
ibm.com
yourdotcom
Agenda
Workshop introduction z/OS V1R11 Communications Server
Application integration, data consolidation, and standards Availability and business resilience Scalability, performance, constraint relief, and accelerators Networking security Simplification and ease-of-use SNA and Enterprise Extender Virtualization Systems management and monitoring
What does Web services mean to your z/OS networking environment Next generation Internet: IPv6 Roadmap for SNA modernization Trends and direction
Disclaimer: All statements regarding IBM future direction or intent, including current product plans, are subject to change or withdrawal without notice and represent goals and objectives only. All information is provided for informational purposes only, on an as is basis, without warranty of any kind. 2009 IBM Corporation
Page 14
ibm.com
yourdotcom
ibm.com
yourdotcom
Existing SMTPD (SMTP/NJE gateway) The SMTP server (SMTPD) mail gateway provides important mail services for business applications on z/OS Heavily used for sending mail from MVS batch and TSO to internet destinations SMTPD reads JES spool data sets created from batch jobs and TSO users locally and from NJE network Acts as SMTP MTA, does not use the system resolver and can resolve individual recipient addresses to deliver mail to their destinations Acts as listening MTA server, accepting mail and sending to the next hop or delivers to local or NJE users
2009 IBM Corporation
Page 16
ibm.com
yourdotcom
For those customers who may have a need to continue to receive mail into TSO
2009 IBM Corporation
ibm.com
yourdotcom
CSSMTP - New SMTP client for sending Internet mail Allows existing users of SMTPD that use forwarder feature to migrate easily Uses newer mail standards and additional message size and security RFCs Improves performance and storage management issues with SMTPD when forwarding mail Improved usability features
Displays, changes Configuration Logging
Allows multiple JES spool processing threads and concurrent IP connection threads Supports both IPv4 and IPv6 addresses
Page 18
IBM ITSO - International Technical Support Organization
ibm.com
yourdotcom
CSSMTP: Read and forward mail messages from JES spool data set
Final Destination
JES Node2
z/OS
JES network
JES Node1
JES Node3
CSSMTP
Internet
1.Read 2. process 3. Forward
spool
Page 19
ibm.com
yourdotcom
CSSMTP, SMTPD and Sendmail can all run on z/OS simultaneously z/OS
z/OS Application
Write to SYSOUT
JES spool
TSO user
z/OS z/VSE z/VM (E)SMTP protocol SMTP network
MTA
ibm.com
yourdotcom
Configuring CSSMTP configuration file CONFIG DD in started procedure is name of PDS(E), an MVS sequential data set or z/OS UNIX file Sample configuration file is located in SEZAINST(CSSMTPCF) CSSMTP will fail initialization if no configuration file is found TargetServer statement is the only required configuration statement
Page 21
ibm.com
yourdotcom
Configuring TargetServer statement Use to configure target servers and their connection attributes Target servers are used for sending mail messages Use either parameters 1) or 2) to define target servers
TargetIP, TargetName (or both) TargetMx
Up to four target servers will be used
Multiple TargetServer statements can be used for TargetIP, TargetName or both TargetIP defines a single configured IP address, TargetName or TargetMx resolves to one or more IP addresses each representing a target server
Page 22
IBM ITSO - International Technical Support Organization
ibm.com
yourdotcom
RetryLimit statement
Retry count and interval time when attempting to resend mail messages that are not immediately deliverable
Undeliverable statement
Method to use for handling undeliverable mail messages and whether to create an undeliverable mail notification
Report statement
Use to set the action required for error reporting on JES spool files
MailAdministrator Statement
Defines an e-mail address to receive error reports
2009 IBM Corporation
Page 23
ibm.com
yourdotcom
Starting and stopping CSSMTP Start CSSMTP as a z/OS started procedure Sample in SEZAINST(CSSMTP) - you should start and stop from operator console
start jobname or stop jobname
Start options:
-p or P tcpipJobName Use in common INET environment to choose a specific TCPIP stack -f or F Use to perform a cold start and flush any checkpoint records from previous execution
ibm.com
yourdotcom
ibm.com
yourdotcom
Yes
OK?
Yes
ReturntomailFrom?
Retry exceeded?
No
MSG1 MSG2
JES IO
MSG1 Done
OK?
No
Long retry
Try to send
OK?
Yes
JES Spool
MSG1 Done
ibm.com
yourdotcom
Then create a CSSMTP configuration file with the same mail server address:
TargetIP a.b.c.d or TargetName host.xyz.com
} TargetServer { TargetName ConnectPort ConnectLimit MaxMsgSent MessageSize Secure } Timeout { AnyCmd ConnectRetry DataBlock DATACmd DataTerm InitialMsg MAILCmd RCPTCmd
d03nm118.boulder.ibm.com 25 # port to connect to target server 5 # limit the number of concurrent # connections to the target server 0 # when to take down a connection to # a target server and reconnect 524288 # size for non-ESMTP target servers No # no Transport Layer Security
Set the ExtWrtName to what you used for your old SMTP/NJE server
ExtWrtName writername
BadSpoolDisp Hold ChkPointSizeLimit 64000 # Hold or Delete # number of concurrent mail that # will have checkpoint information ExtWrtName SMTPCS2 # the external writer name JESJobSize 0 # Thousands (no max specified) JESMsgSize 0 # Thousands (no max specified) LogLevel 32 # Error and various events MailAdministrator alfredch@us.ibm.com Report Sysout # Admin, None, Sysout
# # # # # # # # # # #
waits for response on any other SMTP command waits before trying again to connect waits for the TCP send call to complete while transferring a block of data waits for response on DATA command waits for response from the final period terminating the message data waits for initial resposne after the connection is established waits for response on MAIL command waits for response on RCPT command
Yes
# # # # #
Store or Delete z/OS UNIX file system fully qualified directory name to reate the dead letter mail messages Yes or No
Page 27
ibm.com
yourdotcom
DB2
DB2
DB2 batch load utilities Temporary intermediate file on z/OS (store and forward) z/OS FTP Server
DB2 batch load utilities z/OS UNIX pipe between z/OS FTP server and DB2 batch load utilities
The SAP on DB2 for z/OS Unicode FASTLOAD conversion utility exploits named pipes
Page 28
IBM ITSO - International Technical Support Organization
Distributed data
Distributed data
ibm.com
yourdotcom
When all three pipes (/var/appafifo, the FTP data TCP connection, and /var/appbfifo) have been successfully opened, transfer can begin When Application A writes a byte onto /var/appafifo, it will within a very short period of time (milliseconds) arrive at Application B as data to be read over the /var/appbfifo
An unbroken pipe between Application A and Application B with no store-and-forward in between
Application A
Write Read /VAR/APPAFIFO FTP DATA Connection
FTP Client
Write
FTP Server
Write Read /VAR/APPBFIFO
Application B
Read
LOCSITE UNIXFILETYPE=FIFO LOCSITE FIFOOPENTIME=60 LOCSITE FIFOIOTIME=20 SITE UNIXFILETYPE=FIFO SITE FIFOOPENTIME=60 SITE FIFOIOTIME=20 PUT /VAR/APPAFIFO /VAR/APPBFIFO Page 29
IBM ITSO - International Technical Support Organization
New client and server FTP.DATA options, LOCSITE, and SITE commands.
ibm.com
yourdotcom
z/OS V1R11
DFSMS adds support for extended format sequential data sets eligible to reside in the EAS FTP adds support for reading/writing to/from existing EAS data sets, but not creating them (toleration mode) FTP to understand Format-8 DSCBs FTP to use TRKADDR for track calculations FTP qdisk option for SITE/LOCSITE output format will change to (sample)
ftp> quote site qdisk 200Percent Free 200- Volume Free Cyls 200- CPDLB3 45 1507 200- CPDLB0 44 80486 200- CPDLB1 99 66619 200 SITE command was accepted ftp>
VSAM Data Sets 21-cylinder allocation units Extended Format Data Sets etc.
Free Exts 22 25 3
2314-1
3330-1
3350
3390-3
3390-9
3390-A EAV
223GB*
262,668 cyl
29 MB
~300 cyl
101MB
404 cyl
317MB
555 cyl
3GB
3,339 cyl
9GB
10,017 cyl
27GB
32,760 cyl 2009 IBM Corporation
54GB
65,520 cyl
Architectural Limit:
100s of TB*
Page 30
EAS
ibm.com
yourdotcom
FTP extended passive mode (even when servers dont know what it is)
Extended passive mode FTP transfer solves a set of problems with FTP through NAT firewalls
But not all FTP servers support extended passive mode
New z/OS FTP client support emulates extended passive mode behavior even when remote FTP server does not support EPSV
Translate private address 10.1.1.1 to external address 1.1.1.1 Translate private address 192.168.1.1 to external address 2.2.2.2
Private IP address 192.168.1.1 non-z/OS FTP server that does not support EPSV
Company A intranet
Company B intranet
ftp 2.2.2.2
227 Entering Passive Mode (192.168.1.1, 60001) src=10.1.1.1 dest=2.2.2.2 src=1.1.1.1 dest=2.2.2.2 src=1.1.1.1 dest=192.168.1.1
Page 31
ibm.com
yourdotcom
CICS TS 4.1 OTE support for CICS Sockets with TCBLIM > zero
OTE uses CICS open TCBs (L8 TCBs) TCBLIM is a CICS Sockets configuration option Allows to limit the number of L8 TCBs CICS Sockets may use (out of CICSs MAXOPENTCBS total limit on L8 TCBs) If TCBLIM is defined with a value greater than zero on a CICS TS 4.1 system, then one of the following requirements must be met: z/OS V1R11 is OK as-is z/OS V1R10 + APAR PK85446 z/OS V1R9 + APAR PK85446
Page 32
IBM ITSO - International Technical Support Organization
Pool of reusable socket subtasks or OTE threads TCP/IP Stack T R U E CICS TS Region
ibm.com
yourdotcom
Display of both banners can be suppressed via a -h OtelnetD start option in the inetd configuration file
#====================================================================== # service | socket | protocol | wait/ | user | server | server program # name | type | | nowait| | program | arguments #====================================================================== # otelnet stream tcp nowait bpxroot /usr/sbin/otelnetd otelnetd m
You would add a h flag here if you wanted to suppress display of the banners.
/etc/banner
* * Welcome to the UNIX telnet server on * mvs098o.tcp.raleigh.ibm.com. * You are now logged in. *
Page 33
IBM ITSO - International Technical Support Organization
/etc/otelnetd.banner
* * This system is to be used for * management approved purposes only. *
ibm.com
yourdotcom
Page 34
ibm.com
yourdotcom
New messages written to console when REXECD detects there are too many jobs
Issued when 85% of available jobs used
ibm.com
yourdotcom
LOSTERM exit
TCP connection
TN3270 Server
SLU LUX
SNA session
PLU TSOA001
USERxxxx TSO AS
Combined effort by TSO and CS development New LOGONHERE option in IKJTSOxx member to enable new support LOGONHERE(ON) - default LOGONHERE(OFF) Enables reconnecting TSO user from a new SNA session Helps further reduce number of USERID already in use errors Make sure you dont have a RECONLIM=0 in your TSOKEY00 member
Page 36
IBM ITSO - International Technical Support Organization
If old SNA session exists, when user attempts reconnect, disconnect old SNA session and proceed with TSO logon reconnect.
Single session
Multiple sessions
NATed connectivity