What's new?

CICS® Transaction Server for z/OS®, Version 6 Release 1 enables development teams to create powerful mixed-language applications, while allowing the operational teams to manage these applications from a single point of control.

While IBM® values the use of inclusive language, terms that are outside of IBM’s direct influence are sometimes required for the sake of maintaining user understanding. As other industry leaders join IBM in embracing the use of inclusive language, IBM will continue to update the documentation to reflect those changes.

You might also like to refer to the CICS Transaction Server for z/OS Version 6.1 announcement letter. New features in CICS Explorer® are described in the CICS Explorer product documentation.

The following features and enhancements are delivered as part of CICS Transaction Server for z/OS, Version 6 Release 1, and cover the following areas:

The features in the following tables are not exclusive to each of the job roles shown; several are of interest across roles.

Installation features

Table 1. Installation features provided with CICS TS for z/OS, Version 6.1
For system programmers
ServerPac installation using z/OSMF

Developer experience

System management features

Security features

Performance features

Table 5. Performance features provided with CICS TS for z/OS, Version 6.1
For system programmers
Support for association data of DPL requests by EXCI clients

Resilience features

Continuous delivery APAR updates

ServerPac installation using z/OSMF

You can now receive CICS as a ServerPac in z/OSMF Software Management portable software instance format. This enables you to deploy the installation using z/OSMF Software Management and ServerPac Workflows instead of the ServerPac ISPF dialog.

Learn more...

Back to table

Ansible IBM z/OS CICS collection to automate CICS resource and region actions

Red Hat® Ansible® is a popular open-source tool to automate configuration management and deployments on IBM z/OS and many other platforms with a consistent approach, architecture, and set of skills. It supports automation tasks through Ansible playbooks, which you can run from command line interfaces (CLI), browser dashboards, within editors, or DevOps pipelines.

The IBM z/OS CICS collection collection uses the CMCI REST API to automate tasks in either a CICSPlex® System Manager environment or a single CICS region that is not part of a CICSPlex SM. The automation tasks can define, install, and perform actions on CICS definitions and resources such as creating a PROGRAM definition, installing and updating it, and then deleting the definition.

To use this collection, a CICS management client interface (CMCI) (CMCI) connection is required in the CICSPlex SM or the single CICS region.

The IBM z/OS CICS collection collection is developed as an open-source project at IBM z/OS CICS collection GitHub and is available on Ansible Galaxy and Ansible Automation Hub.

Back to table

Achieving improved business outcomes by infusing AI into CICS applications

Applications that run in CICS TS can make more timely and better decisions, and achieve improved business outcomes, by capitalizing on AI within their transactions.

IBM zSystems and the IBM Integrated Accelerator for AI incorporated in IBM z16 can optimize the processing of machine learning and deep learning algorithms. In particular, the centralized on-chip AI accelerator on IBM z16 leverages AI at speed and scale, and is designed to provide high performance and consistent low latency inferencing for processing transactional workloads, such as those run on CICS TS.

Enterprises using any in-service release of CICS TS can exploit those capabilities by choosing suitable AI models. When using deep learning AI models, enterprises can leverage the IBM Integrated Accelerator for AI by using existing options for invoking AI models in their applications.

Learn more ...

Back to table

New STACKTRACE action for PERFORM JVMSERVER

JVM server administration is enhanced with the addition of a new action for the PERFORM JVMSERVER command:
  • JVM STACKTRACE offers facilities to take a stacktrace of CICS task that is running in a JVM server.

Learn more ...

Back to table

Alternative Liberty install available

If you choose, you can now specify a different value for WLP_INSTALL_DIR in your JVM profile to use an alternative version of Liberty - one that is not supplied with CICS.

Learn more ...

Back to table

@CICSProgram annotation now available for use with OSGi JVM servers

First introduced for the Link-to-Liberty capability, this annotation offers a more convenient and less error-prone alternative to the CICS-MainClass approach for designating Java methods as the target of CICS PROGRAM LINKs.

Learn more ...

Back to table

Improved handling of unexpected errors in JVM servers

This function improves the handling of errors that cause the Java virtual machine (JVM) or Language Environment® Enclave, managed by a JVM server resource, to stop unexpected. When a POSIX signal or abend is received into the runtime of the JVM server, it is restarted.

Learn more...

Back to table

Liberty JVM server bundle processing improvements

This function improves the processing of bundle parts installed into Liberty JVM servers. CICS will avoid invalidating the Liberty workarea cache by preserving the contents of installedApps.xml when enabling a Liberty JVM server. The location of installedApps.xml and the installedApps directory has been changed to the Liberty configuration directory (${liberty.config.dir}).

Enhanced outbound web support: WEB OPEN URIMAP command can use cached IP address and HTTP information

The EXEC CICS WEB OPEN URIMAP command is enhanced to use the cached IP address that is held in the URIMAP after the initial connection was established. It uses this address for subsequent outbound web requests that use the same URIMAP, thus eliminating unnecessary DNS lookups. If a connection that uses the cached IP address fails, WEB OPEN performs a DNS lookup and updates the URIMAP with the IP address upon a successful connection. If you want to reset or remove the cached IP address that is held in the URIMAP, disable and then re-enable the URIMAP to force CICS to perform a DNS lookup. The EXEC CICS INVOKE SERVICE command also benefits from the IP address caching if a URIMAP is used.

If you also specify the HTTPVNUM and HTTPRNUM options with WEB OPEN URIMAP, or if you issue WEB SEND with the ACTION(EXPECT) or CHUNKING option, CICS obtains the HTTP version information when it opens the connection. It caches the host HTTP information for subsequent outbound requests that use the same URIMAP, thus reducing HTTP OPTIONS requests.

Learn more ...

Back to table

Support for force purge of transaction CDBT

If a CDBT task is waiting on the DBCTL resource DLSUSPND, you can now issue a request to force purge CDBT.

Back to table

New SPI command to overwrite the user correlator data

A new SPI command SET ASSOCIATION USERCORRDATA is introduced to provide a way to overwrite the user correlator data of the originating task.

A global user exit program that is running in the originating task can now overwrite the USERCORRDATA field with user-defined user correlator data (for example, from HTTP headers or IBM MQ messages). The global user exit program must issue INQ ASSOCIATION USERCORRDATA to retrieve any existing user correlator data. Then, the program must issue SET ASSOCIATION USERCORRDATA to overwrite the USERCORRDATA field after consideration of any existing data that might have been set by a previous global user exit program.

Learn more ...

Back to table

Enhancements to CICS policies

Ability to specify Transaction ID and User ID conditions for policy task rules
When you define a policy task rule, you can now limit this rule to be triggered when status changes are made in relation to a specific transaction or a range of transactions, a specific user ID or a range of user IDs, or both. To specify this limit, you can set Transaction ID and User ID filters in the Condition section in the Rules tab of the Policy definition editor.

This capability is also available on CICS TS 5.4, 5.5, and 5.6 with APAR PH26145.

Learn more ...

New option ALL added to selected policy task rules
New option ALL is added to the following types of policy task rules:
  • File requests
  • Storage allocation
  • Storage requests
  • TD queue requests
  • TS queue requests

This enhancement allows you to apply a threshold to the total cumulative count.

Learn more ...

New task rule type: Container storage
Use this rule type to define a threshold for the amount of container storage allocated to a user task, and take an automatic action when the threshold is exceeded. This rule does not apply to EXCI containers or BTS containers.

This capability is also available on CICS TS 5.6 with APAR PH29187.

Learn more ...

New system rule type: Transaction dump threshold
Use this rule type to set a maximum threshold for the total number of transaction dumps in a CICS region and take an automatic action when the threshold is exceeded.

With this system rule, you can monitor transaction dumps and prevent excessive dumping in a CICS region.

This capability is also available on CICS TS 5.6 with APAR PH34348.

Learn more ...

New system rule type: Compound condition
Use this rule type when you want to define a system rule that specifies two or more conditions. CICS takes the defined action when all the specified conditions are met. Note that only selected condition types can be specified for compound condition system rules.

Learn more ...

Enhanced support for policy statistics
The sample statistics program DFH0STAT can now produce Policy reports. The Policy report shows information and statistics about installed policy rules in the region. In support for this enhancement, the EXTRACT STATISTICS system programming command supports a new RESTYPE option POLICY and a new SUBRESTYPE option POLICYRULE, which can be used to obtain statistics about a policy rule that is contained in a POLICY resource.

In addition, two new system programming commands INQUIRE POLICY and INQUIRE POLICYRULE have been introduced to support inquiries on information about installed POLICY resources and the policy rules contained within.

Learn more ...

Enhanced data capture for policy events emitted for transaction abend system rules
When a transaction abend system rule is triggered, the name of the program to which the unhandled transaction abend occurred is now captured and contained in container DFHEP.DATA.00005. However, the program name data is not captured for the other system rules, so DFHEP.DATA.00005 remains 8 blanks for them.

Learn more ...

Back to table

New parameter GMEXITOPT on ASSIGN

New parameter GMEXITOPT is added to the ASSIGN command to show the GMTRAN terminal session behaviour option on a PF3 or PF15.

Learn more about ASSIGN...

Back to top

Overriding resource definitions

You can provide a consistent approach to the creation of certain resources by applying environment-specific overrides through a resource overrides file. You can override the resource definition for any supported resource type that can be defined by using resource definition online (RDO). You specify the required overrides in a resource overrides file that is loaded during CICS startup. The overrides are applied when CICS resources are installed.

This support is intended for infrequent system-wide changes to tailor the resources for a specific CICS environment.

If this support is in use and the resource overrides file includes override rules for specified resource types, resource overrides are applied to the relevant resources when they are installed. Therefore, you must consider the effects of resource overrides when you install resources.

This capability is also available on CICS TS 5.6 with APAR PH30590.

Learn more ...

Back to table

START CHANNEL supports NOCHECK and PROTECT options

This enhancement makes it easier to migrate from passing data by interval control (START FROM) to passing data by using a channel (START CHANNEL). When you use a channel to pass data for a START request, you can now use the NOCHECK option to indicate that the request must be shipped to a remote system and no response is expected by the starting task, thus improving CICS performance. With the PROTECT option, you can make the START request effectively recoverable by instructing the starting task to take a syncpoint before committing the START request.

Learn more ...

Monitoring auxiliary temporary storage usage

You are now alerted when auxiliary temporary storage data set usage is approaching a high percentage of its capacity so that you have time to free up storage before the auxiliary temporary storage becomes full.

CICS issues message DFHTS1316 when 75% or more of the maximum auxiliary temporary storage is in use, and message DFHTS1317 when storage usage falls below 70% of the maximum auxiliary temporary storage.

New statistics are available in Temporary storage: Global statistics to provide information about the current and peak percentage of auxiliary temporary storage being used.

This capability is partially available on CICS TS 5.6 with APAR PH28145.

Learn more ...

Back to table

Enhanced capability for monitoring shared pool TS queue usage

This enhancement makes it easier for you to monitor capacity usage change for shared pool TS queues. When the percentage of entries or elements in use in a pool structure reaches a specified threshold, DFHXQ0422 or DFHXQ0423 is issued. When the percentage of entries or elements in use drops below a threshold, DFHXQ0420 or DFHXQ0421 is issued.

This capability is also available on CICS TS 5.6 with APAR PH28145.

Learn more ...

Back to table

Cap on concurrent TLS handshakes

CICS limits the number of concurrent TLS handshakes to 90% of the MAXSSLTCBS value specified at startup. If the maximum limit is reached, a task that is requesting a TLS handshake is suspended with a resource name of S8TLSHS of resource type DSWC.

To help you monitor concurrent TLS handshakes in a CICS region, new statistics are introduced in TCP/IP Global statistics. These statistics provide information about the maximum, current, and peak numbers of TLS handshakes that are running in parallel or that are waiting.

This enhancement helps avoid issues such as high CPU, MAXTASK, or lack of S8 TCBs when many TLS handshakes are performed concurrently. It also allows in-flight web alias or pipeline tasks to obtain an available S8 TCB in order to send a reply back to the client in the same situation.

Learn more ...

Back to table

Enhanced adapter tracking for CICS Db2 applications

The CICS Db2® attachment facility is enhanced to pass adapter data to Db2. If a CICS task that is accessing Db2 has adapter data in the CICS origin data, the adapter ID is passed as appl-longname and the adapter data is passed as an accounting-string. Db2 writes the data in its SMF accounting records and the data is also available online through the Db2 special registers CURRENT CLIENT_APPLNAME and CURRENT CLIENT_ACCTNG. This capability requires Db2 12 with APAR PH31447 or higher.

This capability is also available on CICS TS 5.4 through 5.6 with APAR PH30252.

Learn more ...

Support for passing XID to Db2

Service APAR PH47996 required

A new DB2ENTRY attribute SHARELOCKS is provided to enable CICS to pass an XID to Db2 and instruct Db2 to share locks between threads that pass the same XID. Using the same XID, other threads that originate from other CICS regions or from other transaction managers such as IMS TM can access Db2 in the same global unit of work (UOW). The XID token is not used for recovery between CICS and Db2. The passing of an XID involves a partial signon to Db2 for each UOW. This action closes cursors, so held cursors across syncpoints are not supported when the passing of an XID is enabled. Applications will have to reposition cursors after a syncpoint. Passing an XID avoids having to deal with UOW affinities.

This capability is also available on CICS TS 5.5 and 5.6 with APAR PH39766, but is facilitated by feature toggle com.ibm.cics.db2.sharelocks={true|false}.

Learn more ...

Back to table

Support for TLS 1.3

CICS supports the use of TLS 1.3 for improved TCP/IP security.

To assist with migration to TLS 1.3, CICS supports the new MAXTLSLEVEL system initialization parameter to specify the maximum TLS protocol for secure TCP/IP connections. The default level for MAXTLSLEVEL is set to TLS12.

In order to migrate to TLS 1.3 you need to switch from using 2 digit CIPHERS to ciphers defined in an XML file that you configure in zFS.

The default set of ciphers provided when you define a resource with the CIPHERS attribute is defined in the defaultciphers.xml file in zFS.

Use of strongciphers.xml is replaced by customizing allvalidciphers.xml and defaultciphers.xml for use with the CIPHERS attribute in resource definitions.

Before enabling TLS 1.3, learn more about the changes to understand the requirements and changes to process.

Learn more ...

Back to table

Instruction Execution Protection (IEP) for dynamic storage areas (DSAs)

Instruction Execution Protection allows storage to be allocated in a non-executable state. This helps to protect systems from malicious attacks or from errors, such as stack overflow.

If the hardware and the version of z/OS that CICS runs on support Instruction Execution Protection (IEP), CICS can use IEP to protect certain dynamic storage areas (DSAs) from instruction execution. IEP is supported on z/OS 2.4 and above. z/OS 2.4 and z/OS 2.5 requires APAR PH39134. By default, DSA protection is off; activate it with a feature toggle com.ibm.cics.sm.iep=true.

It is still possible to request storage that is not protected from instruction execution, for example, for GLUE and TRUE work areas or for dynamic storage for assembler programs. To enable this, there are four new DSAs: PCDSA, PUDSA, EPCDSA, and EPUDSA. These four DSAs, along with the existing RDSA and ERDSA, are never protected from instruction execution. Depending on the attributes of the program, CICS loads the program into one of the four new DSAs or into the RDSA or ERDSA. When IEP is enabled, all other DSAs are protected from instruction execution.

In a related change, the ETDSA is removed and any storage that was allocated from this DSA is now allocated from the ECDSA.

Although the allocation of storage used by individual tasks running in the CICS region is not increased by IEP, the distribution of that storage within the DSAs is changed and you should expect an increase in DSA storage requirements.

Learn more ...

Back to table

Enhanced support for IBM Health Checker for z/OS

CICS TS now supports seven health checker rules that define best practice for CICS TS security. If a CICS region becomes non-compliant with these security best practices, warning or exception messages are issued so that you can take corrective actions.

Learn more ...

Back to table

Simplifying Category 1 transaction security

Previously when starting a CICS TS Category 1 transaction, a call to RACF® validated that the configuration was correct. RACF is no longer checked when starting a CICS Category 1 transaction. This change improves security as only CICS determines that a Category 1 transaction can run. This change also simplifies configuration and upgrades because there is no need to define the Category 1 transactions to RACF, which might create misconfiguration. You will need to define the CICS region user ID to RACF to confirm the ID that is used for running CICS Category 1 transactions. Surrogacy definition is still required as documented in Surrogate security.

Learn more ...

Back to table

Improved diagnostics for security

Improvements to TLS diagnostic data for inbound and outbound connections are now available.

A new message DFHXS1117 is introduced to provide additional diagnostic information, where available, for security violations. The data presented includes the association data, including origin information related to a security violation.

Back to table

Extended short on storage (SOS) notification

CICS has long provided monitoring and short on storage (SOS) support for CICS-managed storage in dynamic storage areas (DSAs), which includes the capability of the CICS storage manager domain to notify other CICS domains so that they can take action upon an SOS event in CICS DSAs. In CICS TS 5.6, the CICS storage manager domain was enhanced to monitor the use of user region (24-bit) and extended user region (31-bit) MVS™ storage not managed by CICS, but this enhancement did not support SOS notification to other domains. In CICS TS 6.1, the SOS notification is enhanced to provide the same notification support for MVS storage SOS events as for CICS DSA SOS events.

The DFHUS domain is notified of z/OS MVS SOS conditions so that any eligible user ID and its associated attributes are freed, including RACF control blocks. The freeing of these control blocks is normally subject to USRDELAY processing, but in the event of an SOS condition in 31-bit MVS storage, these control blocks are now freed immediately by the US and XS domains.

The Region status domain is notified of z/OS MVS SOS conditions so that CICSPlex SM factors z/OS MVS SOS conditions into its routing algorithm, in the same way as it does for CICS-managed storage SOS conditions.

Back to table

Ability to inquire on 64-bit storage belonging to a task

A new SPI command, INQUIRE STORAGE64, and a new DFHSMMCX XPI call, INQUIRE_TASK_STORAGE64, can be used to retrieve information about 64-bit task storage.

Back to table

Enhanced shared data tables

The capacity of shared data tables has been increased. Shared data tables no longer use the two control data spaces named DFHDT001 (which was used for table entry descriptors and backout elements) and DFHDT002 (which was used for index nodes), and instead are now using 64-bit storage to hold this control information. The use of 64-bit storage to hold the entry descriptors, backout elements, and index nodes removes the constraint on the number of records that can be stored. The records continue to be stored in 31-bit data spaces. Now, two more data spaces are available to hold the records.

Previously, the number of records that could be stored was governed by the size of the key of the records. For example, previously a 45-byte key would mean a limit of 36 million records per file owning region (FOR), and this limit on index information was reached long before all the data space storage available to hold the records was consumed.

In addition, up to 98 data spaces could previously be used per FOR to hold the records. Now that is increased to 100 data spaces.

You can use the new system initialization parameter SDTMEMLIMIT to set the maximum amount of storage above the bar that is available for shared data tables to use for control information. You can use SPI commands INQUIRE SYSTEM SDTMEMLIMIT and SET SYSTEM SDTMEMLIMIT and their CEMT equivalents to inquire or increase the SDTMEMLIMIT value.

Back to table

Support for daisy-chaining of non-terminal-related START requests

Routing programs can now indicate daisy-chaining support of non-terminal-related START requests. If you are using a user-written distributed routing program to daisy chain non-terminal START requests over APPC connections, you must change the program to put the value Y into the DYRDCYN field (which replaces the DYRFILL1 field) in the DFHDYPDS copybook.

Learn more ...

Back to table

Support for association data of DPL requests by EXCI clients

You can now identify the job names of DPL requests by EXCI clients from their performance records. If a task was initiated by an EXCI client, in the performance record of the DPL request, field 374 (PHAPPLID) contains the EXCI job name, field 378 (PHCOUNT) contains a value of 1, and field 376 (PHTRANNO) has a value of 0.

As the performance record of a DPL request can provide association data for DPL requests by EXCI clients as well as for CICS-to-CICS DPL requests, you can distinguish whether PHAPPLID contains a CICS applid or an EXCI job name as follows:
  • If PHCOUNT is 1, PHTRANNO is 0, and PHAPPLID is not blank, the PHAPPLID value is the EXCI job name.
  • If PHTRANNO is not 0, the record is of a CICS-to-CICS DPL request, and the PHAPPLID value is a CICS applid.

Learn more ...

Back to table

Easier system management, efficient application development, and advanced client authentication available in single CICS regions with CMCI JVM server

The CICS Management Client Interface (CMCI) is a set of APIs that enable management of your CICS regions using tools such as CICS Explorer. When served from a JVM server, the CMCI provides additional capabilities such as multi-factor authentication (MFA), the GraphQL API, and the CICS bundle deployment API.

The CMCI JVM server is now able to be configured in a single CICS region outside of a CICSPlex SM environment to create an SMSS, enabling the following features:

  • Enhanced security offered by multi-factor authentication (MFA), even in SMSS environments. Users can now sign on to an SMSS with MFA credentials in CICS Explorer for Aqua 3.2 (Fix Pack 5.5.20).
  • Easier system management with the CMCI GraphQL API, which supports queries about multiple CICS resources and inter-resource relationships in a single request. CICS Explorer as of Fix Pack 5.5.20 also uses the GraphQL API to provide the aggregation function when connected to SMSS regions at CICS TS 5.6 with APAR PH35122, or a later release.
  • Efficient application development with the CICS bundle deployment API, which allows Java developers to use the CICS-provided Gradle or Maven plug-ins to deploy bundles into single CICS development environment. This way, developers can see their application changes reflected in a running CICS region within seconds, and integrate the CICS bundle build and deployment into a toolchain to increase productivity, whilst the system programmer retains control.

Learn more ...

Back to table

Changes to CICSPlex SM sysplex optimized workload routing behavior

The default behavior of CICSPlex SM workload management routing algorithms has been updated to increase the likelihood that work is routed to healthy, local target regions. This change applies only to the QUEUE and GOAL algorithms, not to the link neutral variants (LNQUEUE and LNGOAL).

Where a routing region might be subject to surges of extremely high frequency, short duration transactions, workload batching might occur. A new feature toggle, com.ibm.cics.cpsm.wlm.surgeresist={true|false}, has been introduced to mitigate these surges by reducing the likelihood that recently selected target regions are reselected. Enabling this feature toggle increases the average routing cost per transaction, but restores the routing behavior of CICSPlex SM at CICS TS 5.6 before APAR PH30768 is applied.

Learn more ...

Back to table

Default cipher file for outbound web requests

A new feature toggle, com.ibm.cics.web.defaultcipherfile={true|false}, is provided to enable CICS to use a default set of ciphers from a cipher file named defaultciphers.xml, instead of the current default list of 2 digit ciphers (3538392F3233). This allows a greater set of ciphers to be used for outbound requests without having to create a URIMAP for each potential endpoint.

The use of a default cipher file applies to outbound HTTPS requests that are made by using EXEC CICS WEB OPEN or EXEC CICS INVOKE SERVICE commands, where those commands do not already specify a set of ciphers to use via the CIPHERS or URIMAP parameter.

To use this capability the feature toggle must be set to true and the defaultciphers.xml file must exist in the USSCONFIG/security/ciphers directory. A sample defaultciphers.xml file is shipped in the USSHOME/security/ciphers directory. This file must be copied to the USSCONFIG/security/ciphers directory and customized to meet your security requirements.

If the feature toggle is enabled but a problem exists with the defaultciphers.xml file, then message DFHWB0112 is issued and CICS reverts to using the default list of 2-digit ciphers.

This capability is also available on CICS TS 5.6 with APAR PH38091.

Back to table

Classify CICS regions by using region tagging

CICS regions can now be tagged or classified according to the key attributes of APPLID, region user ID, or job name. These tags can use exact or combine with specific wildcard characters, which you can use with any existing naming conventions. These tags can be viewed by using the INQUIRE TAG system command. They are also recorded in the SMF 1154 record.

In addition to classifying regions, the CICS region tag facility can be used to control the running of selected health checks. Region health check status is available through the INQUIRE SYSTEM or CEMT INQUIRE SYSTEM commands.

Learn more...

Back to table

Simplifying changing TLS protocol levels or ciphers

Improvements to CICS statistics and monitoring allow collection of data with more details about which ciphers and TLS protocols are in use in selected regions. TLS protocols includes both CICS-configured TLS and AT-TLS.
  • New cipher resource statistics provide details of the ciphers that are used in inbound and outbound connections. TLS protocol level usages are now available for review when you use the TCP/IP global statistics.
  • For the performance class in monitoring, this information is available for inbound connections. On the transaction resource class URIMAP this information is for outbound connections.

These changes to statistics and monitoring help you with upgrading ciphers or TLS protocol levels.

Learn more...

Back to table

Improved temporary storage expiry processing

The processing of expired temporary storage queues has been improved as follows:
  • Firstly, the processing of main and auxiliary tsqueues is separated from the processing of shared tsqueues so that they use separate calculated intervals.
  • Secondly, for shared tsqueues, an internal queue is used to hold when the last scan was performed. The internal queue is used to prevent a CICS region from scanning shared TS queues if another CICS region has performed such a scan within the previous minute. This means that even if multiple CICS regions are using a shared TS pool, each with TS models installed that specify short expiry intervals, the shared queues are never scanned more frequently than once per minute.
  • Thirdly, the CICS-MQ interface has been improved to only employ a DFHCKBR tsmodel with a nonzero expiry interval when the MQ bridge has been started; otherwise, it has a zero expiry interval. This avoids unwanted tsqueue scans.

This capability is also available on CICS TS 5.6 with APAR PH40863 and PH40409.

Back to table

Improved security diagnosis capability

Some security issues can be difficult to resolve. For example,
  • An application that is being investigated might traverse multiple regions, multiple LPARs, or even multiple sysplexes.
  • There might not be any messages that are associated with the reason that causes a security failure.
  • The application might grant access to something, when it mustn't.

You can use the CICS Explorer to enable security request recording (SRR) based on the type of request that is issued to CICS.

An SPI is also available to do enable SRR programmatically.

A batch utility and sample JCL are provided to output the logged data to a summary report and a .csv file for diagnosis.

Learn more...

Back to table

Enhanced CICS event processing support

Application events now support the PUT64 CONTAINER capture point. You can capture and emit events when your application program issues an EXEC CICS PUT64 CONTAINER command or when it invokes one of the two put methods or the putString method in the JCICS com.ibm.cics.server.Container class.

Learn more...

Back to table

Messages reporting changes to APPC and IRC log names

DFHRS2112 messages are issued when log name mismatches are detected for connections by using the APPC and IRC protocols. The message explanation provides advice about how to resynchronize any outstanding units of work but it can be difficult to work out what caused the mismatch and how to prevent a recurrence. To help you diagnose log name mismatches, the following three new messages that report changes to log names are introduced:
  • DFHRM0240 reports the local log name that is set during CICS initialization and sent to a remote system when CICS establishes an APPC or IRC connection.
  • DFHRM0241 reports a log name that has been set for an APPC or IRC connection.
  • DFHRM0242 reports a log name that has been deleted for an APPC or IRC connection.

This capability is also available on CICS TS 5.3, 5.4, 5.5, and 5.6 with APAR PH03691.

Back to table

WRITE OPERATOR enhanced to support writing messages to a specific console

The WRITE OPERATOR API command supports a new option CONSNAME, which you can use to specify a specific console to receive messages. This option enables messages to be sent to a specific console.

Learn more...

Updates to the JVM profiles

The supplied sample profiles for a CMCI JVM server have been updated as follows:
  • The sample for a CMCI JVM server in a WUI region is changed to add -Dcom.ibm.ws.zos.core.angelRequiredServices=SAFCRED,PRODMGR,ZOSAIO.
  • A new supplied sample profile for a CMCI JVM server in a single CICS region has the angelRequiredServices property set as follows: -Dcom.ibm.ws.zos.core.angelRequiredServices=SAFCRED,PRODMGR,ZOSAIO.

Learn more ...

Automatic recovery of failed user journals

When a log stream failure occurs, in addition to issuing message DFHLG0772 and taking a system dump, CICS now attaches CLGR at the time DFHLG0772 is issued. The new transaction CLGR attempts to recover and reset the failed user journal automatically for up to 60 minutes. This gives you an opportunity to fix the log stream problem, then allowing CICS to automatically recover journals for you. However, this feature comes with a cost in potential more system dumps being taken following a failed user journal, but you can control the number of system dumps taken.

Learn more ...

Back to table

Enabling multiple client URIMAPs that point to the same endpoint

With Version 6.1, multiple client URIMAPs that point to the same host, port and path can be installed and enabled in a CICS region. This enhancement removes the limitation in earlier CICS releases that only one client URIMAP for an endpoint can be enabled in a CICS region. As best practice, always use a URIMAP by name.

This capability is also available on CICS TS 5.4, 5.5, and 5.6 with APAR PH44683.

Learn more ...

Back to table

Compliance data collection with SMF 1154 subtype 80 records

To assist evidence providers in collecting evidence for auditors, CICS is able to collect compliance data as part of z/OS compliance evidence collection.

CICS regions can generate an SMF 1154 subtype 80 record in response to ENF86 triggered by the z/OSMF Compliance REST API. This provides much of the data usually requested by an auditor. The data is securely written to SMF. This compliance data can be formatted using a CICS sample, or can be consumed by the IBM Z® Security and Compliance Center.

Learn more...

Back to table

Running the Link3270 bridge with a custom transaction ID

The Link3270 bridge runs under CSMI by default. If you want to use a transaction ID other than CSMI for the Link3270 bridge, specify an INITPARM system initialization parameter for program DFHL3270.

Learn more...

Back to table

Automating the process of defining CICS application resources with CICS Transaction Server resource builder

CICS Transaction Server resource builder is a DevOps utility, complementary to the CSD update batch utility program DFHCSDUP, that provides a way to automate the creation and maintenance of CICS application resource definitions by using a configuration-as-code approach.

With CICS resource builder, system programmers can create resource models in YAML that describe which resources and attributes developers are allowed to specify and how to specify them (for example, by enforcing naming conventions on particular attributes). System programmers provide application developers with these resource standards by generating a resource definition schema from the resource models, which is used by developers in their IDEs to create valid application resource definitions in YAML. CICS resource builder builds the application resource definitions that are defined in YAML into a DFHCSDUP commands file to be consumed by the DFHCSDUP utility program, which runs to update the CICS system definitions data set (CSD) for a CICS region.

CICS resource builder makes it easier for system programmers to enforce best practices and organization standards. Application developers can also enjoy a guided and controlled experience for creating and modifying CICS resource definitions in which they can have the confidence to be standards-compliant and pre-approved.

To learn more about CICS resource builder, see Automating the process of defining CICS application resources with CICS Transaction Server resource builder and the CICS resource builder product documentation.

Back to table

Improved processing of WS-AT requests

A new transaction CPIW is introduced to handle WS-AT protocol messages. The DFHRSURI URIMAP is changed to specify TRANSCTION(CPIW) by default. CPIW tasks should not be put into a TCLASS. This allows WS-AT protocol messages to always be handled even if the limit of concurrent application requests has been reached.

If you are using a customized version of DFHRSURI that no longer specifies TRANSACTION(CPIH), no action is needed, and you can continue to use your customized DFHRSURI unchanged.

However, if the CSD is being shared with a back level region, see Changes to resource definitions to determine if any action is necessary.

Back to table