IBM, the IBM logo, and ibm.com are trademarks or registered trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at ibm.com/legal/copytrade.shtml.
Check out this very informative article on Enhancing Security with z/OS Integrated Cryptographic Service Facility (ICSF) HCR77C0 in the Mainframe Insights blog. We installed and tested many of these new features in our environment and we continue to run our day to day operations using this level.
The USS kernel is providing support to the SMF service (BPX1SMF/BPX4SMF) that will allow a more granular check for new profiles in the FACILITY class. In addition to BPX.SMF, the SMF service will also check for BPX.SMF.xxx.yyy. Where xxx is a specific TYPE and yyy is a specific SUBTYPE. If this profile is defined and the user is permitted to it, the SMF service will allow the caller to write a SMF record of this TYPE/SUBTYPE. For the BPX.SMF.type.subtype check, no generics are allowed and if permitted, the environment must be clean... [More]
One area of z/OS system logger processing which continues to get attention from our client base is log stream offload processing. Offload processing is the mechanism by which system logger creates room in the log stream interim/primary storage medium (i.e. CF list structure or staging data set).Offload processing performed by system logger is a critical operation in ensuring the log stream resource is able to accept new data. One of the inhibitors for offload processing is DASD allocation hang. In z/OS V2R2 an enhancement is... [More]
We have extensive experience using HCD and recently started using HCM for I/O configuration changes in the zPET environment. Our HCD experience allowed us to make the transition to HCM rather seamless given we already understood System z I/O and HCD concepts. Observations of some nice HCM features: HCM is a Windows installed product that runs on your PC and is a GUI based alternative to the HCD panels. Automatically deletes an existing WORK IODF if it already exists when creating a new WORK IODF of the same name. New z/OS V2R2... [More]
The RACF_CERTIFICATE_EXPIRATION health check, introduced in z/OS V2R1, allows RACF to identify all certificates which have expired and identify all certificates which are going to expire within x number of DAYS. DAYS is a user defined parameter whose default is 60. This health check is run once a day. An example of the health check display: Certificates Expiring within 60... [More]
RACF Password Enhancements SPE (OA43999) - Implementation and Testing In late 2014, RACF released new password enhancements in APAR OA3999. We implemented and tested several of the new features on our z/OS V2R1 system prior to the release. The main feature of the APAR is a new state-of-the-art password encryption algorithm that allows customers to move off of the outdated DES encryption algorithm. Other features include the ability to use additional special characters in passwords, the ability to have a passphrase while not... [More]
In z/OS V2R2, zFS caches were moved above the 2GB bar into 64-bit storage. This allows for larger zFS caches. Some zFS configuration variables were changed to support the larger size values. Note: To obtain above the 2GB bar zFS storage information, the zfsadm -storage report and the console query storage report now contain information about storage usage above the 2GB bar. In z/OS V2R2, the metaback cache is not a separate cache. The metaback_cache_size is combined with the meta_cache_size into one single... [More]
In z/OS V2R2, zFS caches were moved above the 2 GB bar into 64-bit storage. This alleviated some storage constraints and allowed zFS to be able to execute in the OMVS address space, which is used by z/OS UNIX. In z/OS V2R2, you can choose to execute zFS in a colony or in the z/OS UNIX address space. In our sysplex, we configured some z/OS V2R2 LPARs to execute zFS in the z/OS UNIX address space. The following are the modifications we implemented. Note that there may be other ways to implement this ability. If zFS... [More]
In z/OS V2R2, z/OS UNIX will provide a new BPXPRMxx parmlib option to indicate whether the z/OS UNIX kernel will obtain space switched stacks above or below the 2GB bar. To support the increased thread limit in the kernel, the KERNELSTACKS() statement has been introduced. If the new parameter is set to KERNELSTACKS(ABOVE), depending on the type of services that are being issued and the additional storage requirements of those services, the kernel thread capacity could possibly increase to 500,000. The default will be... [More]
Having recently installed IBM MobileFirst on Linux on System z, we know that this installation is not really complicated but is also not as simple as running setup.exe and following the prompts. In order to configure the entire product, one must essentially perform three installations and each of these installations may follow a different process. In the case of our test environment, we installed and configured WebSphere Application Server Liberty Profile (hereafter called Liberty) and IBM MobileFirst Server (hereafter called MFS).... [More]
written by Torin Reilly posted by Matthew Cousens IBM MobileFirst provides an excellent framework for rapid assembly of robust mobile applications. MobileFirst Studio even includes a simulator which allows for testing directly in your browser. But what do you do when you wish to test the application at a production scale before releasing it into the wild? Apache JMeter allows you to do just that. JMeter is an application that allows you to load test your web-based applications over all the common web protocols. In our case we will... [More]
RACF recently introduced new health check function for ICSF via APAR OA44696. This APAR introduces two new class active checks, RACF_CSFKEYS_ACTIVE and RACF_CSFSERV_ACTIVE. In addition to those two health checks, they have added an ICSF Dataset Report to the existing RACF_SENSITIVE_RESOURCE check. This report shows the access for your current CKDS, PKDS and TKDS. To ensure no one has direct access to your KDS datasets, ICSF recommends you protect your KDS dataset name resource in the DATASET class. If a dataset profile is used, as opposed to... [More]
Migrating to IMS Version 13.1 This topic discusses our experiences with migrating our production 9-way IMS data sharing group (composed of members IMS8, IMS9, IMSA, IMSB, IMSC, IMSE, IMSF, IMSL and IMS0) from IMS Version 12 to IMS Version 13. It is not intended to be a step-by-step procedure because each migration is unique due to the IMS configuration and features selected. We used the following documentation to plan the migration: IMS Version 13 Release Planning IMS Version 13 Installation IMS Version 13 System Definition All of the IMS V13... [More]
A colleague from the field reached out to me recently with a couple of questions on IRD, Defined and Group Capacity Limits which made me think of a zEC12 GA2 related change so figured if he can benefit from it maybe others could do so here we go ... First of all WLM Capping is the same thing as Soft Capping and you could say that they are 'implemented' via Defined and/or Group Capacity Limits . Both Defined Capacity Limit (DCL) as well as the Group Capacity Limit (GCL) are specified in Millions of Service... [More]