IBM z/OS, V2.4 4Q 2020 enhancements boost security, systems operations and management, and storage management

IBM United States Software Announcement 220-498
December 8, 2020

Table of contents
OverviewOverviewProgram numberProgram number
Key requirementsKey requirementsTechnical informationTechnical information
Planned availability datePlanned availability dateOrdering informationOrdering information
DescriptionDescriptionTerms and conditionsTerms and conditions
Statement of directionStatement of directionOrder nowOrder now



Overview

Top rule

IBM® z/OS® is designed to keep applications and data available, systems highly secure, server utilization high, and to enable agile development. z/OS continuous delivery (CD) offers clients the opportunity to use new z/OS functions, capabilities, and technologies by applying service rather than upgrading.

This quarter's CD further extends the capabilities of z/OS V2.4 with enhanced and new functions that can benefit clients across areas of security, systems operations and management, and storage management. Key features delivered in this fourth-quarter CD release in support of z/OS V2.4 include:

  • New IBM Data Privacy for Diagnostics Analyzer (IBM z/OS Diagnostics Analyzer). IBM Data Privacy for Diagnostics is a z/OS capability that is available on the IBM z15™ to help clients maintain control when working with third-party vendors by redacting data tagged as sensitive and creating a protected diagnostic dump that can be shared externally. z/OS Diagnostics Analyzer enhances sensitive data detection and redaction in system dumps by enabling clients to customize sensitive data patterns that are unique to their organization. z/OS Diagnostics Analyzer can help support data confidentiality without compromising on serviceability to enhance the z/OS experience and help improve compliance posture.
  • Enhanced IBM z/OS Container Extensions (zCX). In addition to a number of zCX management enhancements, support for IPv6 enables zCX server to fully participate in an IPV6 network at the server address and client endpoints. This is designed to deliver improved performance and increased security for clients who require IPv6.
  • Enhanced IBM z/OS Management Facility (z/OSMF). Enhancements include measurable z/OSMF startup time and resource consumption improvements, multiple workflow enhancements, and continued enhancements to z/OSMF Ansible® collection to help clients derive system management efficiencies.
  • Enhanced IBM z/OS Resource Monitoring Facility (RMF). Enhancements include the capability to analyze the performance of recently delivered hardware using callable services as well as verification and warning health checks. This is designed to enable improved monitoring to aid in systems tuning and configuration.
  • Enhanced IBM z/OS transparent cloud tiering. Full volume dump support for transparent cloud tiering enables all I/O for full volume dumps to be performed by an IBM DS8000® directly to an IBM TS7700 enabled as an object store, or directly to cloud object storage. Clients can create these backup copies as needed without impacting other workloads due to minimal CPU consumption.


Back to topBack to top

Key requirements

Top rule

z/OS V2.4 operates on the following IBM Z® servers:

  • IBM z15 Models T01 and T02
  • IBM z14® Models M01-M05
  • IBM z14 Model ZR1
  • IBM z13®
  • IBM z13s®
  • IBM zEnterprise® EC12 (zEC12)
  • IBM zEnterprise BC12 (zBC12)

If you run z/OS V2.4 on IBM z/VM®, the z/VM release must be z/VM V6.4, or later.

For a complete description of z/OS V2.4 hardware requirements, see z/OS V2.4 Planning for Installation (GA32-0890), when available, in IBM Knowledge Center.



Back to topBack to top

Planned availability date

Top rule

December 31, 2020



Back to topBack to top

Description

Top rule

z/OS Diagnostics Analyzer

IBM Z Data Privacy for Diagnostics is designed to provide a way to tag and redact sensitive user data in diagnostic dumps after they are captured on the IBM z15. The base capability has been generally available and provides z/OS APIs to tag sensitive user data as "sensitive = yes" or metadata as "sensitive = no."

The new z/OS Diagnostics Analyzer exploits built-in and custom identifiers to detect and redact additional sensitive data in previously untagged pages. Utilize the tagging feature and the z/OS Diagnostics Analyzer as post-processing steps without impacting the dump capture time.

For APAR Information, see the IBM Support portal for the following:

  • z/OS V2.3 or z/OS V2.4
    • Storage manager API support: PTF for APAR OA57633
    • Service aids support: PTF for APAR OA57570
    • z/OS Diagnostics Analyzer support: PTF for APAR OA58114

zCX

zCX enhancements to improve the capability to run Linux® on IBM Z software on z/OS include:

  • zCX IPv6 support. Support is added to zCX in support of IPv6 with the PTF for APAR OA59508. This enables a zCX server to fully participate in an IPv6 network on z/OS systems and networks that are IPv6 enabled. IPv6 enablement can be an important prerequisite in some client configurations.
  • zCX resource shortage z/OS alerts. These proactive alerts are sent to the z/OS system log (SYSLOG) or operations log (OPERLOG) to improve monitoring and automated operations. The server monitors used memory, root disk space, user data disk space, and swap space in the zCX instance periodically and issues messages to the zCX joblog and operator console when the usage rises to 50%, 70%, and 85% utilization. When returning below 50%, an information message is issued. This function is available with PTF for APAR OA60303.
  • Increased disk capacity. The number of data and swap disks per appliance is increased to as many as 245. This enables zCX to address more data at one time and is delivered with the PTF for APAR OA60452.

z/OSMF

z/OSMF CD enhancements include the following:

  • The z/OSMF desktop utilities are enhanced with the PTF for APAR PH28692. The search function is enhanced to provide typeahead capability for searching data sets, UNIX® System Services (USS) files, and USS directories. The PTF for APAR PH30398 also adds the function of "create data set" into the z/OSMF desktop. Clients can create a new physical sequential or partitioned data set based on an existing data set, a predefined template, or fully specified attributes.
  • z/OSMF startup time and resource consumption during startup is improved with the PTFs for APARs PH28921, PH28920, PH28971, PH28990, PH28451, PH29230, PH29243, PH28832, and PH28872. Actual results can vary, depending on the client's configuration.
  • z/OSMF REST Data Set and File service is enhanced with the PTF for APAR PH29745 to queue concurrent requests from the same user when the number of Time Sharing Option (TSO) address spaces are exhausted. This can improve the processing when a large number of requests are sent to z/OSMF.
  • z/OSMF Workflow Engine has several enhancements with the PTF for APAR PH28532. The workflow administrator can delete multiple workflow instances at a time. To perform a workflow on a remote sysplex, a single sign-on among z/OSMF instances is no longer strictly required. In the absence of a single sign-on, the request prompts for a user and password, if necessary. The "create new workflow instance" dialog now exploits the typeahead search for the workflow definition and workflow properties files. This can eliminate the need to provide the full data set name or path name. z/OSMF Ansible collection, ibm_zos_zosmf, is enhanced to provide data set and USS file operations. Several sample playbooks by use case as well as a quick configuration approach for z/OSMF dependencies are provided on Github.

RMF enhancements

RMF now gathers information on the performance of recently delivered hardware using callable services, such as Integrated Cryptographic Service Facility (ICSF) format-preserving encryption, Feistel-based encryption (FFX), and quantum-safe (QSA) digital signatures. This is included with PTF for APAR OA59330. In addition to this enhancement, RMF provides the capability to analyze this data with the RMF Postprocessor Crypto hardware report. This is included with the PTF for APAR OA60202.

IBM Health Checker for z/OS is enhanced to include two new health checks that can:

  • Verify the HTTPS (AT-TLS) configuration of the RMF Distributed Data Server (DDS) with the PTF for APAR OA60403.
  • Warn users when SESSION_PORT(8801) and DM_PORT(8802) are still being used with the PTF for APAR OA60404. For improved security, RMF client code no longer uses both ports and IBM recommends removing the options SESSION_PORT, MAXSESSIONS_INET, TIMEOUT, DM_PORT, and DM_ACCEPTHOST from the GPMSRV## PARMLIB member.

Customized Offerings Driver

Satisfying the statement of direction made in Software Announcement 220-378, dated September 22, 2020, the IBM Customized Offerings Driver (5751-COD) is a prebuilt, standalone driving system that can be used to install z/OS ServerPac, z/OS SystemPac (in dump-by-dataset format, where available), and z/OS Custom-Built Product Delivery Offering (CBPDO) packages when clients do not have a driving system or one that meets the minimum requirements for IBM z/OS installation.

The Customized Offerings Driver has been updated to include a subset of a z/OS V2.3 operating system, including selected functions in z/OSMF and IBM 64-bit SDK for z/OS, Java™ Technology Edition, V8.0 that can run on any IBM Z processor that is supported by z/OS V2.3, or later. This addition of some z/OSMF functions and IBM Java SDK enhances the installation capability of the Customized Offerings Driver.

See the z/OS PSP bucket, Upgrade ZOSV2R3, Subset ZOSGEN, and the z/OS Planning for Installation (GA32-0890) on the z/OS Internet Library website for the most current information about the Customized Offerings Driver, including:

  • Supported media
  • DASD volume sizes
  • Product levels included
  • z/OS hardware and software prerequisites
  • Driving system requirements

Transparent cloud tiering full volume dump

z/OS DFSMSdss provides full-volume dump support for transparent cloud tiering. This capability enables all I/O for full-volume dumps to be performed by a DS8000 directly to a TS7700 enabled as an object store, or directly to cloud object storage. To minimize the time that a volume is locked while performing this offload, an initial full-volume FlashCopy® can be performed that can then be dumped to the object store. Because all of the I/O for the FlashCopy is also completed within the DS8000, a point-in-time full-volume dump is provided to the TS7700, with none of the data passing through the z/OS host. Clients can create these backup copies as needed without impacting other workloads due to minimal CPU consumption. This capability is provided with the PTF for APAR OA57526.

IBM z/OS Common Event Adapter (CEA) application modernization support

The z/OS CEA provides services that can start and manage Time Sharing Option/Extensions (TSO/E) address spaces. Modern applications that exploit z/OSMF REST APIs have been challenged with the current maximum limit of concurrent TSO/E address spaces that can be managed for a single user. With the z/OS V2.4 PTF for APAR OA57346, the maximum sessions allowed per user are increased from 10 to 99.

ICSF

With the PTF for APAR OA60317, ICSF enables clear keys to be used for generating and verifying message authentication codes (MAC) using the Hash-based Message Authentication Code (HMAC) algorithm. CSNBMGN2, CSNBMVR2, CSNBHMG, and CSNBHMV now enable the input key_identifier to be a clear key token. When a clear key is provided as input to these services, ICSF exploits CP Assist for Cryptographic Function (CPACF) functions to perform the cryptographic operations to generate or verify the MAC. In addition, the PKCS#11 services CSFPHMG and CSFPHMV can exploit CPACF functions when the key object is a clear key and the hashing algorithm is SHA-1 or SHA-2.

Tape device fencing using SMStape and Storage Management Subsystem (SMS) policies

In z/OS V1.11, support was provided for Demand Allocation with System-Managed Tape. Prior to that, SMStape would always ignore what was specified on the UNIT parameter and would instead allocate using the assigned SMS constructs. An easy way was not available to limit the devices that SMStape considered eligible or to select a particular device. To address that issue, a new keyword, SMSHONOR, was added to the UNIT parameter on the DD statement. MVS Allocation would then honor what was specified as long as there was an intersection between what SMStape considered eligible and what was specified on the UNIT parameter. With RFE 127904, clients also wanted the capability to select which devices could be used through SMS constructs (policies). With the PTF for APAR OA59161 for z/OS V2.3, and later, SMSHONOR can be enabled through the SMStape storage group construct. This broadens the original SMSHONOR support and makes it easier for clients through SMS policies to reserve a set of devices for critical applications by limiting the devices used by their less critical applications. If the IBM JES3 subsystem is active, the specification of SMHONOR through the tape storage group construct is ignored.

Section 508 of the US Rehabilitation Act

z/OS V2.4 is capable as of the planned availability date, when used in accordance with associated IBM documentation, of satisfying the applicable standards, including the Worldwide Consortium Web Content Accessibility Guidelines, European Standard EN 301 349, and US Section 508, provided that any assistive technology used with the product properly interoperates with it. An Accessibility Conformance Statement can be requested on the Product accessibility information website.



Back to topBack to top

Statement of direction

Top rule

Support discontinuance of Planning and Migration Assistant (PMA) Database

IBM intends to discontinue monthly service refreshes to the Software Information Base file in the first quarter of 2022. Any existing Software Information Base file can continue to be used as input to PMA; however, usage of z/OSMF Software Management reports is encouraged to be used instead to view current data.

Withdrawal of IBM Bulk Data Transfer (BDT) Feature

Aligned with the announcement of the end of life for IBM JES3 in Software Announcement 219-013, dated February 26, 2019, the next release after z/OS V2.4 will be the last release that BDT is included in z/OS. This applies to both priced features, BDT SNA NJE and BDT File-to-File (F2F). BDT SNA NJE offers JES3 clients the capability to send information over SNA networks to other end points. Note that BDT SNA NJE does not apply to JES2 clients because this function has always been included as part of JES2. The BDT F2F feature offers both JES3 and JES2 clients the capability of managed file copying from one system to another system.

Functional replacements for BDT F2F are IBM MQ Advanced for z/OS ( 5655-AV9), which includes IBM MQ Managed File Transfer and MQ Advanced Message Security, and IBM Sterling™ Connect:Direct® for z/OS (5655-X11). Support is planned to be provided for BDT, BDT SNA NJE, and BDT F2F until the end of support for the next z/OS release after z/OS V2.4.

Statements by IBM regarding its plans, directions, and intent are subject to change or withdrawal without notice at the sole discretion of IBM. Information regarding potential future products is intended to outline general product direction and should not be relied on in making a purchasing decision. The information mentioned regarding potential future products is not a commitment, promise, or legal obligation to deliver any material, code, or functionality. Information about potential future products may not be incorporated into any contract. The development, release, and timing of any future features or functionality described for IBM products remain at the sole discretion of IBM.



Back to topBack to top

Hardware and software support services

Top rule

SmoothStart/installation services

IBM SmoothStart Services and Installation Services are not provided.



Back to topBack to top

Reference information

Top rule

For information about z/OS V2.4, see:

  • Software Announcement 220-483, dated October 13, 2020
  • Software Announcement 220-378, dated September 22, 2020
  • Software Announcement 220-226, dated June 16, 2020
  • Software Announcement 220-102, dated March 17, 2020
  • Software Announcement 219-210, dated December 10, 2019
  • Software Announcement 219-344, dated July 23, 2019
  • Software Announcement 219-013, dated February 26, 2019

For information about z15, see:

  • Hardware Announcement 120-050, dated August 4, 2020
  • Hardware Announcement 120-006, dated April 14, 2020
  • Hardware Announcement 120-013, dated January 14, 2020
  • Hardware Announcement 119-085, dated November 26, 2019
  • Hardware Announcement 119-027, dated September 12, 2019

For information about z14 Model ZR1, see:

  • Hardware Announcement 118-075, dated October 2, 2018
  • Hardware Announcement 118-018, dated April 10, 2018

For information about z14, see:

  • Hardware Announcement 118-075, dated October 2, 2018
  • Hardware Announcement 117-093, dated November 28, 2017
  • Hardware Announcement 117-044, dated July 17, 2017

For information about z13®, see:

  • Hardware Announcement 119-039, dated May 7, 2019
  • Hardware Announcement 119-014, dated February 12, 2019
  • Hardware Announcement 116-058, dated June 7, 2016
  • Hardware Announcement 115-055, dated March 3, 2015
  • Hardware Announcement 115-001, dated January 14, 2015

For information about z13s®, see:

  • Hardware Announcement 116-058, dated June 7, 2016
  • Hardware Announcement 116-002, dated February 16, 2016

For information about zEnterprise EC12, see Hardware Announcement 112-155, dated August 28, 2012.

For information about zEnterprise BC12, see Hardware Announcement 113-121, dated July 23, 2013.



Back to topBack to top

Business Partner information

Top rule

If you are a Direct Reseller - System Reseller acquiring products from IBM, you may link directly to Business Partner information for this announcement. A PartnerWorld ID and password are required (use IBMid).

BP Attachment for Announcement Letter 220-498


Back to topBack to top

Availability of national languages

Top rule

Translation information, if available, can be found at the Translation Reports website.



Back to topBack to top

Program number

Top rule

Program number VRM Program name
5650-ZOS 2.4 z/OS


Back to topBack to top

Technical information

Top rule

Specified operating environment

Hardware requirements

z/OS V2.4 runs on the following IBM Z servers:

  • z15 Models T01 and T02
  • z14 Models M01-M05
  • z14 Model ZR1
  • z13
  • z13s
  • zEnterprise EC12 (zEC12)
  • zEnterprise BC12 (zBC12)

Software requirements

The z/OS base is a system that can be IPLed. There are no software prerequisites in order to IPL. Specific functions might require additional products not included in the z/OS base or in the optional features of z/OS. See the z/OS V2.4 Planning for Installation (GA32-0890) web page for a listing of specific software requirements.

Compatibility

For compatibility information about z/OS V2.4, see Software Announcement 219-344, dated July 23, 2019.

Planning information

Direct client support

Direct client support is provided by IBM Operational Support Services - SoftwareXcel Enterprise Edition or SoftwareXcel Basic Edition. These fee services can enhance your productivity by providing voice and electronic access into the IBM support organization. IBM Operational Support Services - SoftwareXcel Enterprise Edition or SoftwareXcel Basic Edition will help answer questions pertaining to usage, how-to, and suspected software defects for eligible products.

Installation and technical support is provided by IBM Global Services. For more information on services, call 888-426-4343.

To obtain information on client eligibility and registration procedures, contact the appropriate support center.

Security, auditability, and control

Data security and auditability in the z/OS environment are enhanced by the functions available in the optional Security Server for z/OS feature.

The client is responsible for evaluation, selection, and implementation of security features, administrative procedures, and appropriate controls in application systems and communication facilities.



Back to topBack to top

Ordering information

Top rule

New licensees

Not applicable.

For ordering information on the base program, z/OS V2.4, see Software Announcement 219-344, dated July 23, 2019.

Publications

A program directory is supplied automatically with the basic machine-readable material.

To access the unlicensed z/OS product documentation, start at the z/OS Internet Library. It contains direct links to the following repositories and content:

  • IBM Knowledge Center sections for z/OS V2.4 and other supported releases.
  • z/OS V2.4 Library, hosted on Resource Link, to download individual or grouped PDFs. An IBMid and password are required.
  • Adobe™ Indexed PDF Collections (SC27-8430) to easily conduct offline searches on the z/OS product documentation.
  • Downloadable collections of IBM Knowledge Center plug-ins for clients who host their own instances of IBM Knowledge Center for z/OS (KC4z).
  • IBM Z and LinuxONE content solutions, which provide comprehensive and interactive content such as workflows, videos, and content collections.
  • IBM Z Publications Library Archive, to obtain as-is content for out-of-service products and releases.

PDF collections are provided in the "zip" format that any modern zip utility can process.

Licensed documentation

Subsequent updates (technical newsletters or revisions between releases) to the publications shipped with the product will be distributed to the user of record for as long as a license for this software remains in effect. A separate publication order or subscription is not needed.

Subsequent updates (technical newsletters or revisions between releases) to the publications shipped with the product will be distributed to the user of record for as long as a license for this software remains in effect. A separate publication order or subscription is not needed.



Back to topBack to top

Terms and conditions

Top rule

The terms are unaffected by this announcement.



Back to topBack to top

Statement of good security practices

Top rule

IT system security involves protecting systems and information through prevention, detection, and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, or misappropriated or can result in misuse of your systems to attack others. Without a comprehensive approach to security, no IT system or product should be considered completely secure and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products, or services to be most effective.

Important: IBM does not warrant that any systems, products, or services are immune from, or will make your enterprise immune from, the malicious or illegal conduct of any party.



Back to topBack to top

Order now

Top rule

To order, contact the IBM Digital Sales Center, your local IBM representative, or your IBM Business Partner. To identify your local IBM representative or IBM Business Partner, call 800-IBM-4YOU (426-4968). For more information, contact the IBM Digital Sales Center.

Phone: 800-IBM-CALL (426-2255)

Fax: 800-2IBM-FAX (242-6329)

For IBM representative: askibm@ca.ibm.com

For IBM Business Partner: pwcs@us.ibm.com



IBM Digital Sales Offices
1177 S Belt Line Rd
Coppell, TX 75019-4642, US

The IBM Digital Sales Center, our national direct marketing organization, can add your name to the mailing list for catalogs of IBM products.


Note: Shipments will begin after the planned availability date.
Trademarks

z15 and IBM Sterling are trademarks of IBM Corporation in the United States, other countries, or both.

IBM, z/OS, DS8000, IBM Z, IBM z14, IBM z13, IBM z13s, zEnterprise, z/VM, FlashCopy, z13 and z13s are registered trademarks of IBM Corporation in the United States, other countries, or both.

Ansible is a registered trademark of Red Hat Inc. in the U.S. and other countries.

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.

UNIX is a registered trademark of The Open Group in the United States and other countries.

Oracle and Java are trademarks of Oracle and/or its affiliates in the United States, other countries, or both.

Connect:Direct is a registered trademark of IBM International Group B.V., an IBM Company in the U.S. and other countries.

Adobe is a trademark of Adobe Systems Incorporated in the United States, and/or other countries.

Other company, product, and service names may be trademarks or service marks of others.

Terms of use

IBM products and services which are announced and available in your country can be ordered under the applicable standard agreements, terms, conditions, and prices in effect at the time. IBM reserves the right to modify or withdraw this announcement at any time without notice. This announcement is provided for your information only. Additional terms of use are located at

Terms of use

For the most current information regarding IBM products, consult your IBM representative or reseller, or go to the IBM worldwide contacts page

IBM United States