IBM Security zSecure, Version 2.2.0

Release notes

IBM® Security zSecure™ V2.2.0 is available. Read this document to find important installation information. You can also learn about compatibility issues, limitations, and known problems.

For information about the new features for zSecure V2.2.0, see What's new.

For information about the zSecure documentation and steps to obtain the licensed publications, see zSecure documentation.

If you are upgrading from a version of IBM Security zSecure that is older than V2.1.1, also see the Release Information for the versions that you skipped. You can find the documentation for all versions in the IBM Knowledge Center for IBM Security zSecure Suite.

Announcement
Supported platforms and applications
System requirements
Installing IBM Security zSecure
Incompatibility warnings
Limitations and known problems

Announcement

The zSecure V2.2.0 announcement (ENUSAP15-0383). The announcement includes information about the following topics:

Prerequisites
Technical information
Terms and conditions
Ordering details

System requirements

This section lists the minimum and advised processor, disk space, and memory requirements for the zSecure V2.2.0 products and solutions:

	Minimum	Advised
Processor	Z800	IBM System z9® or z10TM Enterprise Class (EC) or z9® or z10™ Business Class (BC)
Disk space	300 MB	450 MB
Memory	1 GB	2 GB

For programming and space requirements for CICS Toolkit, Command Verifier, and RACF-Offline, see the following Program Directories:

All other CARLa-driven components of zSecure have a common Program Directory: Installation and deployment: CARLa-driven components.

Supported platforms and applications

IBM Security zSecure products are supported on the following platforms and applications:

IBM z/OS version 1 release 12 (V1R12) through z/OS version 2 release 2 (V2R2)
CICS Transaction Server version 3 release 1 (V3R1) through version 5 release 3 (V5R3)
DB2 version 10 release 1 (V10R1) through DB2 version 11 release 1 (V11R1)
IMS version 12 (V12) through version 14 (V14)
WebSphere MQ version 7 release 1 (V7.1) through IBM MQ for z/OS version 8 (V8)
CA ACF2 release 14 and 15
CA Top Secret release 14 and 15
zSecure Visual Client requires Microsoft Windows 7, 8, or 10
All currently supported versions of WebSphere HTTP server
Integrated Cryptographic Services Facility (ICSF) is supported up to HCR77B0

zSecure no longer supports the following platforms and applications:

DB2 version 9 release 1 (V9R1)
IMS V11

Installing IBM Security zSecure

For installation instructions, see the Program Directories:

Installation and deployment: CARLa-driven components
CICS Toolkit
Command Verifier
RACF-Offline: New dynamic RACF interfacing code was added that eliminates the need to install in z/OS SMP/E zone, which simplifies installation.

For a complete installation roadmap on all steps to install, configure, and deploy a new installation of zSecure or an upgrade to zSecure V2.2.0, see the IBM Security zSecure CARLa-Driven ComponentsInstallation and Deployment Guide.

This documentation is available with the product at the IBM Knowledge Center for IBM Security zSecure Suite V2.2.0.

Incompatibility warnings

Calling CKR4Z directly

Starting with zSecure V2.2.0, CKRCARLA is, architecturally, a stub program that might decide in the future which CARLa engine variant to call based on, for example, hardware considerations. It currently always invokes the CKR4Z program, which is a CARLa engine that does not use 64-bit addressing. The CKR4Z program identifies itself in SYSPRINT and other programs as CKRCARLA.

IBM has published a Statement of Direction that it intends to provide 64-bit addressing in the future. For legal disclaimers, see the announcement. The CKR8Z196 program name is reserved for a potential future variant of the CARLa engine that does use 64-bit addressing.

It is possible to call CKR4Z directly instead of calling CKRCARLA. For RACF or ACF2, you might have to grant extra authorizations to the CKR4Z program:

For RACF, if you consider to call CKR4Z directly, be sure to think about Program Access to Data Sets.
For ACF2, if you consider to call CKR4Z directly, be sure to think about program pathing.

zSecure Admin Access Monitor and zSecure Alert

The C2PACMON and C2POLICE programs now allocate their buffers above the 2 GB boundary. Ensure that the associated started tasks specify a sufficiently large value for the MEMLIMIT to accommodate the required buffer space as specified in their startup parameters.

Limitations and known problems

At the time of publication of this Release Notes document, the following problem exist:

Scoping fixes: When creating scoped reports, system-wide attributes might not be used to determine if a profile is within your scope. You request creating scoped reports by selecting View only profiles you are allowed to change via SETUP VIEW (SE.5) or specifying SUPPRESS MYACCESS<ADMIN. This issue occurs, for example, when creating SMF-based reports.
APAR OA49249 has been opened to remediate this unintended change.

Limitations and problems that arise after publication are documented in technotes. Therefore, regularly scan for updates on IBM Security zSecure at IBM's Search support and downloads site. A general documentation technote lists all updates to the documentation of 2.2.0 since availability.

You might also want to scan the following recommended fixes. Some of these fixes introduce new functions and features.

Table 1. Recommended fixes for zSecure
zSecure Admin	zSecure CICS® Toolkit
zSecure Alert for RACF®	zSecure Command Verifier
zSecure Alert for ACF2	zSecure Visual (Server and Client)
zSecure Audit for RACF, ACF2, and Top Secret	zSecure Manager for RACF z/VM®

Feedback