What's New in z/OS V2R2 Communications Server?
Throughout the journey to the new digital enterprise, z/OS network capability supports a fully featured Communications Server with integration of SNA and TCP/IP protocols, making the mainframe a large server capable of serving worldwide clients simultaneously. Through its unique design and qualities of service, z/OS Communications Server offers unmatched availability, scalability, and security to meet the emerging business challenges of cloud, data analytics, and the security demands of mobile and social applications.
This page provides an overview of selected enhancements that are provided by z/OS V2R2 Communications Server.
Capture the potential of the mobile enterprise via scalability, economics, and platform efficiency
In the new competitive market, it is essential for you to understand customer sentiment, analyze information for more targeted insights, conduct transactions with a mobile device, and serve customers across the globe. In z/OS V2R2, enhancements to Communications Server can help you reduce the time to respond, even more critical in the new mobile landscape. Communications Server delivers improved scalability and performance for outstanding throughput and service within your existing environment. Smarter scalability can better prepare you to handle growth and spikes in workloads while maintaining the qualities of service at the same time.
- Shared Memory Communications over RDMA adapter (RoCE) virtualization
The enhanced Communications Server support for RDMA over converged Ethernet (RoCE), which is designed to reduce communications latency and lower CPU cost for many workloads, now can deliver improved economics with as many as 31 z/OS images that share each RoCE adapter. It also supports selecting between TCP/IP and RoCE transport layer protocols automatically based on traffic characteristics, and MTU sizes up to 4K for RoCE adapters.
This enhancement requires IBM z13 or later systems, and is also available with the PTF for APARs OA44576 and PI12223 on z/OS V2R1.
- SMC Applicability Tool (SMCAT)
In z/OS V2R2, the SMC Applicability Tool provides the capability to evaluate TCP/IP network traffic for potential applicability for exploiting SMC-R. SMCAT can be utilized without requiring enablement of the SMC-R function on any system or requiring any special hardware. You can use SMCAT to monitor a TCP/IP stack for a set of configured destination IP addresses or subnets, and to provide a report in the TCP/IP stack job log. The report provides details of the amount of TCP workload that can potentially use SMC-R if SMC-R is available.
This monitoring tool is also available on z/OS V2R1 with the PTF for APAR PI29165 and z/OS V1R13 with the PTF for APAR PI27252.
- 64-bit enablement of the TCP/IP stack
By enabling the TCP/IP stack and its strategic device drivers (including OSA-Express QDIO, HiperSockets, and RoCE) to utilize 64-bit (above the bar) storage, a substantial inhibitor to workload growth is relieved. These z/OS V2R2 Communications Server enhancements provide performance improvements and virtual storage constraint relief by significantly reducing ECSA use.
- Enhanced Enterprise Extender scalability
z/OS V2R2 Communications Server improves the scalability of Enterprise Extender connections. Internal optimizations are intended to improve performance for installations with thousands of Enterprise Extender connections per LPAR.
- Enhanced IKED scalability
z/OS V2R2 Communications Server provides increased scalability by improving the Internet Key Exchange daemon (IKED) to concurrently negotiate IPSec tunnels with a large number of remote IKE peers. This enhancement significantly reduces the amount of time needed to establish a large number of IPSec tunnels, while also reducing CPU utilization.
- Increase single stack DVIPA limit to 4096
z/OS V2R2 Communications Server supports an increased number of application-instance dynamic virtual IP addresses (DVIPAs) for a single TCP/IP stack, raising the previous limit of 1024 to 4096. With this enhancement, up to 4096 application instance DVIPAs that are defined by VIPARANGE statements can be defined on a single TCP/IP stack. This improves scalability within a Parallel Sysplex, particularly when the sysplex is operating with a smaller number of systems than usual, as might be the case during planned outages for one or more LPARs.
- VIPAROUTE fragmentation avoidance
z/OS V2R2 Communications Server enhances its support for VIPAROUTE by automatically adjusting the TCP Maximum Segment Size (MSS) for each IPv4 route to prevent fragmentation within the sysplex. This new support simplifies VIPAROUTE configuration and helps improve VIPAROUTE performance by eliminating packet fragmentation issues that can arise for some routes.
This enhancement is also available on z/OS V2R1 with the PTF for APAR PI39519.
- TCP autonomic tuning enhancements
z/OS V2R2 Communications Server offers new autonomic features to provide for smarter self-monitoring and tuning of the TCP/IP stack, with a focus on performance-related functions such as dynamic right sizing (DRS) and delayed acknowledgements (DELAYACKs). The enhancements are based on real-time data and can improve overall performance of TCP connections.
Security
Today's enterprise environment accesses data from many untrusted network sources, such as from mobile devices, social computing sites, and new cloud environments. Therefore, security of critical information assets remains a top priority, including defending your networks, protecting your data, and authenticating users and business partners. z/OS V2R2 Communications Server can help you meet this security challenge by strengthening the use of z/OS as a secured networking hub that helps protect your most valuable information, and helps you to develop innovative applications while reducing operational risk.
- AT-TLS certificate processing enhancements
z/OS V2R2 Communications Server enhances Application Transparent Transport Layer Security (AT-TLS) to support new System SSL enhancements for OCSP (online certificate status protocol), CRL retrieval over HTTP and LDAP, and certificate validation as described by RFC 5280.
- TLS session reuse support for FTP and AT-TLS applications (AT-TLS)
With SSL sessions enabled to be reused across different TCP ports in z/OS V2R2, Communications Server provides FTP support to enable new data connections to reuse associated SSL sessions for better compatibility, security, and performance with compatible FTP servers and clients. This enhancement is available for System SSL users and for both AT-TLS and native SSL users of FTP.
- Simplified access permissions to ICSF cryptographic functions for IPSec
z/OS V2R2 Communications Server is enhanced to help simplify security configuration for IPSec. You are no longer required to permit all network applications that are sending or receiving IPSec protected traffic to the relevant SAF resources in the CSFSERV class. Only the user ID that is associated with the TCP/IP stack must be permitted to those SAF resource profiles.
- TCP/IP profile IP security filter enhancements
With z/OS Communications Server, you can define a set of limited default IP filters in the TCP/IP Profile to help you protect the TCP/IP stack during initialization before Policy Agent installs an IPSec policy. In z/OS V2R2, you can specify additional default filter parameters, including source and destination address ranges, and source and destination port ranges. This enhancement enables greater flexibility in configuring the default filter rules.
Simplification and usability
IBM continues to simplify z/OS administration and management, and extends the reach of your existing skills. By improving administrative ease, the Configuration Assistant for z/OS Communications Server can help your company gain quality and productivity improvements while reducing opportunities for error.
- TCP/IP stack configuration with Configuration Assistant for z/OS Communications Server
As a valuable tool for configuring policy-based networking functions such as AT-TLS, IPSec, and Intrusion Detection Services, z/OS V2R2 Communications Server further extends its functions in Configuration Assistant. With an entirely new discipline, you can now configure TCP/IP profiles with an integrated graphical interface and wizard-driven help. These new functions, which build on existing capabilities for the policy agent, can make it faster and easier to create and maintain TCP/IP configurations.
With the PTFs for APARs PI66143 and PI63449, Configuration Assistant also provides a function to import existing TCP/IP profile data.
Availability and business resilience
- Activate Resolver trace without restarting applications
z/OS Communications Server includes a Trace Resolver function to provide a variety of diagnostic information that can be used by application programmers and network administrators. In z/OS V2R2, Communications Server provides a new component trace (CTRACE) option to capture the same information recorded by the Trace Resolver in CTRACE records, and to view formatted trace data using IPCS. With this new function, you can dynamically enable and disable tracing without an application restart.
- Reordering of cached resolver results
On systems where the system resolver cache has been implemented, z/OS V2R2 Communications Server can help improve load balancing by allowing you to request system-wide round-robin reordering of the IP address lists associated with each cached host name.
Standards and statements of direction
- z/OS V2R2 Communications Server supports a number of capabilities intended to make it meet the requirements of the United States National Institute of Standards and Technology (NIST) Special Publication SP800-131A.
- IBM plans to further extend the capabilities of the Configuration Assistant for z/OS Communications Server, a plug-in for z/OSMF, in z/OS V2R2. Additional planned enhancements will be designed to support making dynamic configuration changes to an active TCP/IP configuration.
- z/OS V2R2 is planned to be the last release to include the Trivial File Transfer Protocol Daemon (TFTPD) function in z/OS Communications Server.
- As previously announced in Hardware Announcement 114-009, dated February 24, 2014, the Simple Mail Transport Protocol Network Job Entry (SMTPD NJE) Mail Gateway and Sendmail mail transports are planned to be removed from z/OS. IBM now plans for z/OS V2R2 to be the last release to include these functions. If you use the SMTPD NJE Gateway to send mail, IBM recommends that you use the existing CSSMTP SMTP NJE Mail Gateway instead. In that same announcement, IBM announced plans to provide a replacement program for the Sendmail client that would not require programming changes. Those plans have changed, and IBM now plans to provide a compatible subset of functions for Sendmail in the replacement program and to announce those functions in the future. Programming changes or alternative solutions to currently provided Sendmail functions might be required. No replacement function is planned in z/OS Communications Server to support using SMTPD or Sendmail as a (SMTP) server for receiving mail for delivery to local TSO/E or z/OS UNIX System Services user mailboxes, or for forwarding mail to other destinations.
- To help you plan for migration to CSSMTP functions for sending SMTP mail and to other solutions for receiving SMTP mail, z/OS V2R2 Communications Server includes migration health checks designed to help you determine whether the mail functions planned to be withdrawn are in use. Also, z/OS V2R2 Communications Server provides a test mode for CSSMTP along with a utility program that copies JES email job output to both CSSMTP and SMTPD, allowing the two daemons to be run simultaneously. When run in this mode, CSSMTP is designed only to log errors while SMTPD continues to serve as the production mail program.
For more information about what's new in z/OS V2R2 Communications Server, see z/OS V2R2 Communications Server: New Function Summary and z/OS Communication Server V2R2 New Function APAR Summary.
All statements regarding IBM's plan, directions, and intent are subject to change or withdrawal without notice.