z/OS Communications Server

The IBM z/OS Communications Server TCP/IP Implementation Redbook series provides understandable, step-by-step guidance about how to enable the most commonly used and important functions of z/OS Communications Server TCP/IP. Final versions of the four V1R13 volumes are now available for you to download and enjoy:

IBM z/OS V1R13 Communications Server TCP/IP Implementation: Volume 1 Base Functions, Connectivity, and Routing (SG24-7996-00)

http://www.redbooks.ibm.com/abstracts/sg247996.html?Open

IBM z/OS V1R13 Communications Server TCP/IP Implementation: Volume 2 Standard Applications  (SG24-7997-00)

http://www.redbooks.ibm.com/abstracts/sg247997.html?Open

IBM z/OS V1R13 Communications Server TCP/IP Implementation: Volume 3 High Availability, Scalability, and Performance  (SG24-7998-00)

http://www.redbooks.ibm.com/abstracts/sg247998.html?Open

IBM z/OS V1R13 Communications Server TCP/IP Implementation: Volume 4 Security and Policy-Based Networking  (SG24-7999-00)

http://www.redbooks.ibm.com/abstracts/sg247999.html?Open

Get connected with z/OS Communications Server, ISPF, and Multi-site Workload Lifeline!

The Communications Server team continues to build and expand the content we offer over social media outlets. Follow our online discussions, find online presentations, and participate in online virtual Q&A sessions. You can find us on the following venues:

zOSCommServer

@IBM_Commserver

z/OS Communications Server

You can find Chinese contents in the following venues:

Weibo/CommServer中国

WeChat/CommServer中国

Youku/CommServer中国

DeveloperWorks/CommServer中国

What's New in z/OS V2R2 Communications Server?

Throughout the journey to the new digital enterprise, z/OS network capability supports a fully featured Communications Server with integration of SNA and TCP/IP protocols, making the mainframe a large server capable of serving worldwide clients simultaneously. Through its unique design and qualities of service, z/OS Communications Server offers unmatched availability, scalability, and security to meet the emerging business challenges of cloud, data analytics, and the security demands of mobile and social applications.

This page provides an overview of selected enhancements that are provided by z/OS V2R2 Communications Server.
 

Capture the potential of the mobile enterprise via scalability, economics, and platform efficiency

In the new competitive market, it is essential for you to understand customer sentiment, analyze information for more targeted insights, conduct transactions with a mobile device, and serve customers across the globe. In z/OS V2R2, enhancements to Communications Server can help you reduce the time to respond, even more critical in the new mobile landscape. Communications Server delivers improved scalability and performance for outstanding throughput and service within your existing environment. Smarter scalability can better prepare you to handle growth and spikes in workloads while maintaining the qualities of service at the same time.

• Shared Memory Communications over RDMA adapter (RoCE) virtualization

The enhanced Communications Server support for RDMA over converged Ethernet (RoCE), which is designed to reduce communications latency and lower CPU cost for many workloads, now can deliver improved economics with as many as 31 z/OS images that share each RoCE adapter. It also supports selecting between TCP/IP and RoCE transport layer protocols automatically based on traffic characteristics, and MTU sizes up to 4K for RoCE adapters.

This enhancement requires IBM z13 or later systems, and is also available with the PTF for APARs OA44576 and PI12223 on z/OS V2R1.

• SMC Applicability Tool (SMCAT)

In z/OS V2R2, the SMC Applicability Tool provides the capability to evaluate TCP/IP network traffic for potential applicability for exploiting SMC-R. SMCAT can be utilized without requiring enablement of the SMC-R function on any system or requiring any special hardware. You can use SMCAT to monitor a TCP/IP stack for a set of configured destination IP addresses or subnets, and to provide a report in the TCP/IP stack job log. The report provides details of the amount of TCP workload that can potentially use SMC-R if SMC-R is available.

This monitoring tool is also available on z/OS V2R1 with the PTF for APAR PI29165 and z/OS V1R13 with the PTF for APAR PI27252.

• 64-bit enablement of the TCP/IP stack

By enabling the TCP/IP stack and its strategic device drivers (including OSA-Express QDIO, HiperSockets, and RoCE) to utilize 64-bit (above the bar) storage, a substantial inhibitor to workload growth is relieved. These z/OS V2R2 Communications Server enhancements provide performance improvements and virtual storage constraint relief by significantly reducing ECSA use.

• Enhanced Enterprise Extender scalability

z/OS V2R2 Communications Server improves the scalability of Enterprise Extender connections. Internal optimizations are intended to improve performance for installations with thousands of Enterprise Extender connections per LPAR.

• Enhanced IKED scalability

z/OS V2R2 Communications Server provides increased scalability by improving the Internet Key Exchange daemon (IKED) to concurrently negotiate IPSec tunnels with a large number of remote IKE peers. This enhancement significantly reduces the amount of time needed to establish a large number of IPSec tunnels, while also reducing CPU utilization.

• Increase single stack DVIPA limit to 4096

z/OS V2R2 Communications Server supports an increased number of application-instance dynamic virtual IP addresses (DVIPAs) for a single TCP/IP stack, raising the previous limit of 1024 to 4096. With this enhancement, up to 4096 application instance DVIPAs that are defined by VIPARANGE statements can be defined on a single TCP/IP stack. This improves scalability within a Parallel Sysplex, particularly when the sysplex is operating with a smaller number of systems than usual, as might be the case during planned outages for one or more LPARs.

• VIPAROUTE fragmentation avoidance

z/OS V2R2 Communications Server enhances its support for VIPAROUTE by automatically adjusting the TCP Maximum Segment Size (MSS) for each IPv4 route to prevent fragmentation within the sysplex. This new support simplifies VIPAROUTE configuration and helps improve VIPAROUTE performance by eliminating packet fragmentation issues that can arise for some routes.

This enhancement is also available on z/OS V2R1 with the PTF for APAR PI39519.

• TCP autonomic tuning enhancements

z/OS V2R2 Communications Server offers new autonomic features to provide for smarter self-monitoring and tuning of the TCP/IP stack, with a focus on performance-related functions such as dynamic right sizing (DRS) and delayed acknowledgements (DELAYACKs). The enhancements are based on real-time data and can improve overall performance of TCP connections.
 

Security

Today's enterprise environment accesses data from many untrusted network sources, such as from mobile devices, social computing sites, and new cloud environments. Therefore, security of critical information assets remains a top priority, including defending your networks, protecting your data, and authenticating users and business partners. z/OS V2R2 Communications Server can help you meet this security challenge by strengthening the use of z/OS as a secured networking hub that helps protect your most valuable information, and helps you to develop innovative applications while reducing operational risk.

• AT-TLS certificate processing enhancements

z/OS V2R2 Communications Server enhances Application Transparent Transport Layer Security (AT-TLS) to support new System SSL enhancements for OCSP (online certificate status protocol), CRL retrieval over HTTP and LDAP, and certificate validation as described by RFC 5280.

• TLS session reuse support for FTP and AT-TLS applications (AT-TLS)

With SSL sessions enabled to be reused across different TCP ports in z/OS V2R2, Communications Server provides FTP support to enable new data connections to reuse associated SSL sessions for better compatibility, security, and performance with compatible FTP servers and clients. This enhancement is available for System SSL users and for both AT-TLS and native SSL users of FTP.

• Simplified access permissions to ICSF cryptographic functions for IPSec

z/OS V2R2 Communications Server is enhanced to help simplify security configuration for IPSec. You are no longer required to permit all network applications that are sending or receiving IPSec protected traffic to the relevant SAF resources in the CSFSERV class. Only the user ID that is associated with the TCP/IP stack must be permitted to those SAF resource profiles.

• TCP/IP profile IP security filter enhancements

With z/OS Communications Server, you can define a set of limited default IP filters in the TCP/IP Profile to help you protect the TCP/IP stack during initialization before Policy Agent installs an IPSec policy. In z/OS V2R2, you can specify additional default filter parameters, including source and destination address ranges, and source and destination port ranges. This enhancement enables greater flexibility in configuring the default filter rules.
 

Simplification and usability

IBM continues to simplify z/OS administration and management, and extends the reach of your existing skills. By improving administrative ease, the Configuration Assistant for z/OS Communications Server can help your company gain quality and productivity improvements while reducing opportunities for error.

• TCP/IP stack configuration with Configuration Assistant for z/OS Communications Server

As a valuable tool for configuring policy-based networking functions such as AT-TLS, IPSec, and Intrusion Detection Services, z/OS V2R2 Communications Server further extends its functions in Configuration Assistant. With an entirely new discipline, you can now configure TCP/IP profiles with an integrated graphical interface and wizard-driven help. These new functions, which build on existing capabilities for the policy agent, can make it faster and easier to create and maintain TCP/IP configurations.

With the PTFs for APARs PI66143 and PI63449, Configuration Assistant also provides a function to import existing TCP/IP profile data.

Availability and business resilience

• Activate Resolver trace without restarting applications

z/OS Communications Server includes a Trace Resolver function to provide a variety of diagnostic information that can be used by application programmers and network administrators. In z/OS V2R2, Communications Server provides a new component trace (CTRACE) option to capture the same information recorded by the Trace Resolver in CTRACE records, and to view formatted trace data using IPCS. With this new function, you can dynamically enable and disable tracing without an application restart.

• Reordering of cached resolver results

On systems where the system resolver cache has been implemented, z/OS V2R2 Communications Server can help improve load balancing by allowing you to request system-wide round-robin reordering of the IP address lists associated with each cached host name.

Standards and statements of direction

• z/OS V2R2 Communications Server supports a number of capabilities intended to make it meet the requirements of the United States National Institute of Standards and Technology (NIST) Special Publication SP800-131A.
• IBM plans to further extend the capabilities of the Configuration Assistant for z/OS Communications Server, a plug-in for z/OSMF, in z/OS V2R2. Additional planned enhancements will be designed to support making dynamic configuration changes to an active TCP/IP configuration.
• z/OS V2R2 is planned to be the last release to include the Trivial File Transfer Protocol Daemon (TFTPD) function in z/OS Communications Server.
• As previously announced in Hardware Announcement 114-009, dated February 24, 2014, the Simple Mail Transport Protocol Network Job Entry (SMTPD NJE) Mail Gateway and Sendmail mail transports are planned to be removed from z/OS. IBM now plans for z/OS V2R2 to be the last release to include these functions. If you use the SMTPD NJE Gateway to send mail, IBM recommends that you use the existing CSSMTP SMTP NJE Mail Gateway instead. In that same announcement, IBM announced plans to provide a replacement program for the Sendmail client that would not require programming changes. Those plans have changed, and IBM now plans to provide a compatible subset of functions for Sendmail in the replacement program and to announce those functions in the future. Programming changes or alternative solutions to currently provided Sendmail functions might be required. No replacement function is planned in z/OS Communications Server to support using SMTPD or Sendmail as a (SMTP) server for receiving mail for delivery to local TSO/E or z/OS UNIX System Services user mailboxes, or for forwarding mail to other destinations.
  • To help you plan for migration to CSSMTP functions for sending SMTP mail and to other solutions for receiving SMTP mail, z/OS V2R2 Communications Server includes migration health checks designed to help you determine whether the mail functions planned to be withdrawn are in use. Also, z/OS V2R2 Communications Server provides a test mode for CSSMTP along with a utility program that copies JES email job output to both CSSMTP and SMTPD, allowing the two daemons to be run simultaneously. When run in this mode, CSSMTP is designed only to log errors while SMTPD continues to serve as the production mail program.

For more information about what's new in z/OS V2R2 Communications Server, see z/OS V2R2 Communications Server: New Function Summary and z/OS Communication Server V2R2 New Function APAR Summary.

All statements regarding IBM's plan, directions, and intent are subject to change or withdrawal without notice.

IBM Doc Buddy V1.3.0 is now available for download in the Apple App Store and Google Play!

IBM Doc Buddy is a mobile app which enables retrieving product error messages for IBM z Systems. Once you install this tool on your smart phone or tablet, you can search the explanation of z Systems product messages within seconds.

This release includes major search enhancements:

• The app now supports online search in addition to offline search.

You can get instant search results if you are connected to the Internet. Online search is enabled by default in Settings. Thus, IBM Doc Buddy can be a perfect replacement for LookAt, the previous z/OS message tool which was sunset.

• An overview of the app features is provided for first-time app users to help you get started.

After you install the app, you can have a quick glance at the handy 3-panel display to see the key features provided in IBM Doc Buddy.

• Messages are added for these products: Tivoli OMEGAMON for Storage on z/OS and Tivoli OMEGAMON XE on z/VM and Linux. Our team appreciate your comments and would like to provide you with more product messages to meet your needs.

Contact our support email account sptast@cn.ibm.com if you have more questions or concerns.

More information about IBM Doc Buddy is available on https://ibmdocbuddy.mybluemix.net/. Scan the QR code to download and install the app.

The Winter 2017 SHARE Conference was a great educational event! Five speakers from the Enterprise Networking Solutions organization presented 15 sessions on z/OS Communications Server, 3 on ISPF, and one on IBM Multi-Site Workload Lifeline, including two-part hands-on labs for the IBM Configuration Assistant for z/OS CS, and the ISPF editor. We also participated in a panel session where our attendees brought in a number of great questions for discussion.

Given the recent preview announcement of z/OS V2R3, we were able to provide an early look at the CS and ISPF changes planned for z/OS V2R3, including functions like the new z/OS Encryption Readiness Technology (zERT). And of course, there was plenty of discussion of already available functions like Shared Memory Communications-Direct Memory Access (SMC-D), Enterprise Extender, sysplex technologies, network security, z/OS CS performance, and the IBM Configuration Assistant for z/OS CS. We would like to thank all of you who attended our sessions for the great feedback and dialogue.

For those that couldn't be at the conference, note that you can download most of the charts for the topics we presented by going to the following link:

http://events.share.org/Winter2017/Public/sessions.aspx#

Please plan to join us for the Summer 2017 SHARE Conference in Providence, Rhode Island, August 6 - August 11, 2017.

The Winter 2017 SHARE Conference is in San Jose, California next week (March 5th - 10th). As always, there will be a good selection of content focused on z/OS Communications Server, including the following sessions from five of our CS team here in Research Triangle Park, NC:

• z/OS V2R2 Communications Server Technical Update, Part 1 of 2  (Gus Kassimis and Sam Reynolds)
• z/OS V2R2 Communications Server Technical Update, Part 2 of 2  (Gus Kassimis and Sam Reynolds)
• IBM z/OS Communications Server: Shared Memory Communication  (Gus Kassimis)
• Dynamic Deployment of z/OS TCP/IP Resources at the Speed of Cloud  (Gus Kassimis)
• TCP/IP Stack Configuration with Configuration Assistant for z/OS  (Mike Fox)
• Lab: TCP/IP Stack Configuration with Configuration Assistant for z/OS V2R2 CS, Part 1 of 2  (Mike Fox)
• Lab: TCP/IP Stack Configuration with Configuration Assistant for z/OS V2R2 CS, Part 2 of 2  (Mike Fox)
• SNA: Dead or Alive? Enterprise Extender and the Current State of SNA  (Sam Reynolds)
• End to End Encryption Options on z/OS  (Chris Meyer)
• Shared Memory Communications: Security Considerations  (Chris Meyer)
• Determining who's using what network encryption on your z/OS system: zERT is coming!  (Chris Meyer)
• z/OS Communication Server Intrusion Detection Services  (Chris Meyer)
• Sysplex Network Technologies and Considerations  (Mike Fitzpatrick)
• z/OS Communications Server Performance: Updates and Recommendations  (Mike Fitzpatrick)
• Networking Diagnostics 101  (Mike Fox)
• z/OS Communications Server Free-for-All  (Mike Fitzpatrick, Gus Kassimis, Chris Meyer, Sam Reynolds, Jeff Smith)

Additionally, Mike Fitzpatrick will be presenting a session on IBM Multi-Site Workload Lifeline:

• Enabling Continuous Availability and Reducing Downtime for your Critical Workloads with IBM Multi-Site Workload Lifeline

Our Distributed Communications Server colleague, Jeff Smith, will be presenting a session on migrating SNA applications to a Cloud based solution:

• Provisioning for Cloud Based Transactional applications – Real World Example 

Linda Harrison from the Washington Systems Center will be presenting sessions on several CS-related topics:

• z/OS Communications Server Security Using Policy Agent
• Lab: Encryption Using Configuration Assistant for z/OS V2R2, Part 1 of 2
• Lab: Encryption Using Configuration Assistant for z/OS V2R2, Part 2 of 2
• HiperSockets: Capabilities, z/OS Config, Comparison to OSA, RoCE and SMC-D, and Routing to Linux on z

Lastly, I will be presenting the following ISPF topics:

• ISPF Hidden Treasures and Coming Changes
• Lab: ISPF Editor - Beyond the Basics - Part 1 of 2  (with Tom Conley and Liam Doherty)
• Lab: ISPF Editor - Beyond the Basics - Part 2 of 2  (with Tom Conley and Liam Doherty)

We hope to see you there! For those that can’t join us, I’ll be tweeting (IBM_Commserver on Twitter) and posting updates to Facebook (Facebook.com/IBMCommserver) throughout the week.

Are you tired of locating target new function APARs from tons of z/OS Communications Server APARs? Do you want a summary of all z/OS Communications Server new function APARs with clear information on release, theme, closed date, and how to enable the new function? It’s time to say goodbye to the old way of finding new function APARs and to embrace the new one.

With the new function APAR summary for V2R1 and V2R2, you will have a one-stop experience to find all new function APARs, categorized by releases and themes. Closed dates, short descriptions, and other reference materials are also included for you to get the main idea at a glance of how the new function APARs can help with your business.

The z/OS Comm Server V2R1 & V2R2 New Function APAR Summary pages are now available on the IBM Support Portal – z/OS Communications Server product support page. You can find the V2R1 and V2R2 New Function APAR Summary pages listed under “Documents”:

Taking the V2R1 New Function APAR Summary as an example, you can find all APARs categorized into five themes under which APARs are listed in the order of closed date. All APARs are labelled with dates, short descriptions, and direct links to the APARs and how to docs (if there are any).

As soon as a V2R1 new function APAR is closed, it can be found via the V2R1 New Function APAR Summary. If you want to read about more V2R1 new functions after reading the APARs, a link to the book “z/OS V2R1 Communications Server: New Function Summary” is attached on the upper-right side of the page for your reference.

For direct links to the z/OS Comm Server V2R1 & V2R2 New Function APAR Summary pages, see:

V2R1: http://www.ibm.com/software/support/systemsz/cs-v2r1-new-func-apars.html

V2R2: http://www.ibm.com/software/support/systemsz/cs-v2r2-new-func-apars.html.

IBM offers rich technical documentation resources for users. In addition to PDF books and resources in Knowledge Center, the following useful documentation-related resources are also available:

• IBM zSystems Redbooks

  http://www.redbooks.ibm.com/Redbooks.nsf/domains/zsystems?Open

• IBM Education Assistance

  V1R13: http://www.ibm.com/support/knowledgecenter/SSLTBW_1.13.0/com.ibm.iea.zos/plugin_coverpage.html

  V2R1 & V2R2: http://www.redbooks.ibm.com/redbooks.nsf/pages/IBMIEA?Open

• z Systems eLearning for IBM customers

  http://www-304.ibm.com/services/weblectures/dlv/ibm/z101/

• Mainframe concepts

  http://www.ibm.com/support/knowledgecenter/zosbasics/com.ibm.zos.zmainframe/toc.htm?view=embed

• Terminology

  http://www-01.ibm.com/software/globalization/terminology/index.html

• z/OS Hot Topics

  http://www-03.ibm.com/systems/z/os/zos/library/hot-topics/hot-topics.html

• z Systems community

  http://www-03.ibm.com/systems/z/resources/community.html

• IBM Destination Z

  http://www.destinationz.org/

• Share

  http://www.share.org

Design thinking is a framework that guides designers through a series of activities to facilitate the creation of new and innovative solutions.  Design thinking is not new to the IT industry and it certainly is not new to IBM.  My first exposure to design thinking concepts within IBM occurred well over 3 years ago when I was working on an IBM Pure Application System (IPAS) development team.  I have to admit that my initial exposure to design thinking left me dazed and slightly confused. 

I was working on a disaster recovery solution.  I worked closely with the lead architect to define our disaster recovery lifecycle.  We created a 50+ page document describing the lifecycle.  The document described all possible disaster recovery states, transitions from those states, processing associated with each state transition, as well as the user interface.  When our user experience (UX) group invited me to a walkthrough of our disaster recovery solution I was very excited.

In the past we had similar groups in IBM, but we called them something like the human factors group or usability group.  My first clue that something different was about to happen should have been the name: UX group.

I walked into the UX walkthrough thinking we were going to cover the details of the life cycle document I worked on.  Much to my surprise we did not.  The walkthrough consisted of a story about the people that had to use our solution.  It focused far more on them than the solution.  It described their roles and associated a name and face to each role.  I vividly remember sitting in this meeting wondering what was going on.  To me the lifecycle was a series of transitions between states.  Why would I care how Adam, the disaster recovery administrator, feels when he gets called at 3:00 AM to recover from a catastrophic hardware failure?  Well it took some time, but I now understand why I should care. 

IBM has always been a great innovator of new technology.  Heck, we pride ourselves on being at the top of the U.S. patent recipients list for each of the last 23 years.  In 2015 alone, IBM received 7,355 US patents.  There is no doubt in IBM’s ability to develop leading edge technology, but as Millennials and Generation Zers advance in the workforce and the number of Baby Boomers and Gen Xers in the workforce declines, technology is not enough.  Millennials and Generation Zers grew up taking technology for granted.  They crave products that have a sexy design and are intuitive to use.  IBM needs to develop solutions that meet the demands of today’s and tomorrow’s workforce.

It may seem obvious that we need to develop products that are easy to use and fulfill our customers' demands, but exactly how to do that is a little less obvious.  Today in IBM there is a subtle switch from an emphasis on building technology to an emphasis on building solutions.  When I walked into that IPAS disaster recovery walkthrough 3+ years ago, I was focusing on technology – how to build it and how to wire it.  The members of the UX group were focusing on a solution. 

IBM utilizes design thinking in concert with an Agile development process to deliver to customers an exceptional user experience. About 18 months ago I had the opportunity to attend a design thinking workshop.  As I participated in the workshop it occurred to me that we had been using design thinking principles back in my IPAS days.  I just did not know it by that name.

Here in the z/OS Communications Server organization we are using design thinking to drive the content for our next release.  I am fortunate to be the technical lead on the development of our very first design thinking hill; although, at times I feel like the crew of the starship Enterprise - boldly going where no man has gone before. 

A hill is a piece of work stated in terms of a ‘who, what, and wow’.  In my case, the ‘who’ is a z/OS network security administrator.  Unfortunately I can’t disclose the ‘what’ at this time, but I assure you it will wow a z/OS network security administrator.  I know this because we are using the design thinking framework to develop the hill.

My hill, like all design thinking hills, was born at a hills workshop.  At a hills workshop a list of candidate hills is created.  Each hill is ranked based on cost to implement and value to customer.  A set of hills to capture in an upcoming release is agreed to.  The intent is to pick hills that will provide maximum value to customers within the allotment of available resources.  Keep in mind that hills focus on a ‘who, what, and wow’.  Some enhancements don’t have that wow factor, but need to be done in a release nonetheless.  A "foundations" bucket is created for items like this.

Customer validation of selected hills is important.  After all, what good is creating a solution to a problem that our customers do not experience?  To that extent, my team surveyed a group of customers, asking them if our hill statement addressed a real need and if they were interested in our solution.  83% of 23 respondents agreed our hill statement addressed a real need and 90% expressed interest in our solution.  A few months later we followed up with a second survey to help us prioritize the aspects of our solution.  To put this in design thinking terms, we were interested in understanding what our customers viewed as their minimal viable experience.

Once our hill statement was validated we focused on understanding our customers' pain points.  My team interviewed a small group of customers to discern the people involved with our hill, what those people do today, and how our hill can improve that.  Based on the information we obtained from the interviews, we defined a set of personas exemplifying the typical roles, responsibilities, and concerns of people involved with our hill.  We then documented our understanding of the ‘as-is’ scenario and created a proposed ‘to-be’ scenario. 

In parallel we started to solicit customers to become sponsor users.  A sponsor user partners with us to shape the solution of our hill.  Being a sponsor user requires a significant time commitment on the part of the sponsor.  Typically we engage with a sponsor user once every month or two to solicit their input on our solution.  The first activity we did with our sponsor users was to walk them through our understanding of the personas, ‘as-is’ scenario, and ‘to-be’ scenario.   Feedback from this and all future sponsor user activities is incorporated into the design of our solution.  Currently our hill has 4 sponsor users.  We will continue to engage with them until our solution ships.

This is a significant change in the way we develop new function.  I think this is a good change and I am excited to continue working with my sponsor users so we really can wow z/OS network security administrators in the next release of z/OS Communications Server.  I hope you agree and are equally excited.  I know our sponsor users are.

The fantastic Summer 2016 SHARE Conference is now in the books! Six speakers from the Enterprise Networking Solutions organization presented 14 sessions on z/OS Communications Server and 3 on ISPF, including two-part hands-on labs for Configuration Assistant for z/OSMF, and the ISPF editor. We also participated in a panel session where our attendees brought in plenty of great questions for discussion.
 
At this conference we continued our focus on z/OS V2R2, with special attention given to the Shared Memory Communications protocol, including sessions on SMC-R, SMC-D, and SMC security considerations. Other topics discussed included Enterprise Extender, sysplex networking technologies, network encryption technologies, IDS, FTP security, z/OS CS performance, and z/OS CS storage usage. Attendance at our sessions was very good, and we would like to thank all of those who attended our sessions for the great feedback and dialogue.
 
For those that couldn't be at the conference last week, you can download most of the charts for the topics we presented by going to the following link:

http://s23.a2zinc.net/clients/SHARE/Summer2016/Public/sessions.aspx?&View=Sessions_summary&
 
Please plan to join us for the Winter 2017 SHARE Conference in San Jose, California - March 5-10, 2017.

IBM Doc Buddy, a no charge mobile application that enables retrieving support documentation for z products, accelerates the time you spend in resolving problems and improves the total information experience.

A key strength of IBM Doc Buddy is that it enables looking up message documentation without Internet connections after the initial setup. You can download the message documentation that applies to your systems and retrieve messages by entering message IDs. The application also includes links to the relevant product Support Portals and contact information. After reading one message, you can access the Support Portal of the product that you are working with or call a relevant contact for further debugging information.

IBM Doc Buddy supports both iOS and Android devices. You can search for "IBM Doc Buddy" in the Google Store and Apple App store or click http://ibmdocbuddy.mybluemix.net/ to download the application.

We've all heard and experienced how valuable social media can be. Most of us cannot deny that social media touches us on a daily basis both in our personal lives and professional lives.

One of the greatest values of social media is the ability to engage with a large community of people. "Engage" is a key word, for engagement is the key to social media. Without engagement, you're just speaking into an empty room. Through engagement, you have the opportunity to reach people all over the world. This allows the building of relationships beyond the normal service/support process. Through active engagement we can build relationships that go beyond our normal transactions with customers

Through Facebook (IBM Communications Server page), Twitter (@IBM_Commserver), and Youtube (zOSCommServer channel), we strive to provide content designed to help customers fully utilize our products, explore new features, and provide technical notes to help customers in their day-to-day management of their complicated networks.

In addition to these channels, we've established a presence on IBM Developerworks to provide additional blogs and answers to further meet our customers' support needs. This can range from how to use a feature, best practices, simple diagnosis steps, or a simple question.  

Just like a tool in a tool box, social media is another tool that we intend to use to engage our customers, provide value, and build relationships.  Come engage with us on social media. Search for information on DeveloperWorks Answers using tags: zoscs; commserver; zos.

As Jerry Stevens wrote in his March 8 blog post, the IBM System z13™ and z13s™ introduced an exciting new technology called Internal Shared Memory (ISM) which allows one z/OS instance to directly access (share) virtual memory within another z/OS instance (e.g. LPAR or guest virtual machine) within the same physical machine via DMA. At the same time, z/OS Communications Server introduced Shared Memory Communications – Direct Memory Access (SMC-D), which uses ISM so that TCP sockets applications can directly and transparently communicate with applications executing in other z/OS instances running in other Logical Partitions on the same physical z13 System. Put simply, SMC-D provides SMC-R semantics within a CPC, essentially by substituting RDMA and RoCE with DMA using ISM. (Check out Jerry's blog post for a more complete description.)  
 
Both of the SMC technologies can provide some serious CPU reduction and equally serious throughput boosts. But what about security? How do SMC-D and SMC-R fit in with existing security domains like VLANs? What sort of isolation is available across different RoCE and ISM interfaces? And what happens to all of those security features in Communications Server when the vast majority of the application data is being passed between the communication peers using some form of DMA? We're talking about features like:

• SAF-based access controls like PORTACCESS and NETACCESS
• IP packet filtering
• Cryptographic security protocols like TLS/SSL, SSH and IPsec
• Intrusion Detection Services

How do those security features play (or not play) together with SMC-R and SMC-D?  

The short answer is generally "just fine." The main reason for this happy coexistence is that SMC technologies preserve the TCP semantics for managing the sessions -- again, SMC is completely transparent to the TCP applications programs. Since many of the Communications Server's security features operate on or within some aspect of the TCP session semantics, they can continue to operate as usual. Of course, the TCP/IP stack has a little more to keep track of, and has to ensure that when a significant change occurs in the state of the TCP session (for example, access controls change on the fly, preventing access to a port that was previously permitted), the stack needs to reflect that same change on the related SMC-R or SMC-D session. But again, all of this is transparent to the applications.

For a the complete security story around Shared Memory Communications, check out this newly revised white paper . Originally published after V2R1 to explain the SMC-R security considerations, this paper is now expanded to cover SMC-D as well.
 
So remember, colocation, colocation, colocation, but also make sure you lock the doors and engage that security system!

Last year I wrote the first blog in this series about our approach in getting started with adopting DevOps for z/OS.  Lets take a closer look at some of the DevOps challenges for large operating system products and how we are addressing them.

How does operating system level code get to a DevOps continuous delivery paradigm? Most successful continuous delivery implementation examples are SaaS-type products. Operating system level code has significant differences from SaaS products/services: 

1. Not easily decomposable into smaller deliverables
2. Customers value stability over having “latest and greatest feature set on a rapid delivery cycle"
3. Multiple releases in support, each with its own service stream, complicates delivery

How to discourage yourself. Comparing “canonical” DevOps principles and examples to operating system level code is discouraging. We're so different from a SaaS product. This is z/OS, not Gmail! We can't decompose large, monolithic code into small enough customer deliverables. We have to maintain service streams on three releases in the field. We don't have any resources to create new automation. Our customers are very conservative about putting changes into production, and most of them won't accept continuous deliveries. There is so much control and process over what we can disclose to which customer. etc ...
 

The approach we used. Stop comparing ourselves to canonical SaaS continuous delivery products (like Gmail or Facebook) and finding ourselves wanting. Instead, work on improving internal processes across the organization and moving them toward continuous delivery through automation. Even if it's just to an internal test group, this would be a prerequisite to achieving continuous delivery anyway. Internal improvements are something that the development group controls and can show positive results early, even if small, to help get the right buy-in from the team.

How we moved forward. Thoroughly document existing delivery pipelines with an emphasis on identifying hand-offs and pain points. This information is often not fully documented in one place. This is across the organization, not just development. Formally documenting this has the following benefits:

1. Requires the teams to think end to end about how they are delivering to customers today
2. Provides opportunity to question “why are we doing it this way”
3. Identifies pain-points and bottlenecks that can be addressed
4. Identifies opportunities for automation and removing the waste out of the system
5. Will help the team answer the question "What problem are we trying to solve?"

Make it graphical and clear. Pipeline documentation should be graphical and clear, which will make it easier to identify bottlenecks and pain points. The next two diagrams show parts of the z/OS Communications Server pipeline as an example.  This is not the only way to do it, but it shows what’s meant by graphical and clear, and shows the value gained by doing it that way. We started with a very high level overview of the release cycle shown in diagram 1.

Then we zoomed in on specific phases for the more detailed view shown in diagram 2.

Diagram 1.

Diagram 2.

Look for bottlenecks and items to shift left. Graphical pipeline documentation should show hand-offs and bottlenecks. In the example in diagram 2, we saw that the build starts at 4:00pm but the  SMP/E apply was scheduled for 8:00pm. Most builds completed in less than four hours so there was significant idle time. The result was we moved the build start time back to 5:00, which gave developers more opportunity to get fixes in that had “just missed” previous builds. Lots of small improvements like this can improve your development processes and efficiency.

Look for opportunities to automate. Pipeline documentation should also make clear what’s automated and what’s not. It should be easy to identify which processes are manual and should be candidates for  automation. You need to assess the value of doing that automation so you can prioritize automation activities by the return on investment (ROI). Pick out the 1-2 highest value opportunities for automation and pursue those, and don’t try to do everything at once. It’s important to show positive results early to get buy-in from your development community.

Look for pain points to remove waste and inefficiencies. Pipeline documentation is a source for identifying pain points but not the only one. While developing the pipeline documentation, the developers should ask and document “what are the pain points”. But also a general question to the development, test, build, ID and support community on what their pain points are can be very beneficial. We were surprised with the low-hanging fruit that was identified which were process-related that yield better efficiencies for the development team. These small changes can go a long way toward getting buy-in with your development and test community. This is especially true for the ones that are rooted in “we’ve always done it this way”.

What about continuous delivery to customers? This goal can seem far-fetched for enterprise operating system level code but we looked at it differently. It’s true that our customers can be very conservative about what they will put into production. What if you were able to transform your current product delivery pipeline to continuously deliver code to SVT? Then you could think about other possibilities to give code earlier to our customers for early feedback. Our thinking needs to go beyond the traditional thinking of our current Beta and ESP programs. This plays into Design Thinking principles of sponsored users and early, regular feedback.

How can ENS afford to do DevOps with just our existing resources? It's important to acknowledge that DevOps is an investment and that creating pipeline workflows, automation and tooling work requires resources.

1. We should collaborate with other z products where it is efficient and makes sense
2. Treat DevOps as an investment that is weighted with other investments we make, e.g., new function development (including test) 
3. To make the necessary investments for DevOps in ENS, capacity for new function in releases under development is reduced. We go into this with our eyes open and make the right trade offs based on ROI

Conclusion. DevOps is a journey that we are on that involves the entire organization

1. People – You need the right people to drive the culture change
2. Process – Stop doing things that have no value (challenge the process)
3. Technology – Standardize your tools and automation on current technology and limit the number of tools the team has to learn and use
4. You start by understanding what you’re doing now and look for improvements, not by comparing yourself to the ideal case and getting discouraged over how far away you are from your goals
5. Lots of small victories and improvements are the path to DevOps in mainframe operating systems
6. Pipelines and improvements need to be developed from the bottom up (by the people doing the work) instead of the top down
7. Using existing resource to make the investment for the future

If you are interested in our other blogs on our DevOps journey we have one on changing the culture and our process focus.   We will continue to share our strategies and experiences with this blog series and welcome your feedback! You can also reach out to the authors Frank Varone (varonef@us.ibm.com) and Mike Fox (mjfox@us.ibm.com).