Installing software products for z/OS virtual server instances
You can install software products for your z/OS virtual server instances. The general software installation process for the z/OS virtual server instance is the same as the on-premises process. However, you need to upload specific certificates from your workstation to the z/OS virtual server instance and import them into Resource Access Control Facility (RACF) before you follow the on-premises standard installation process.
Before you begin
-
Make sure that you have the Shopz customer number to request the service certificate. For more information, see Shopz .
-
Make sure that you can connect to your z/OS virtual server instance through the public outbound connectivity. For example, you can use the SSH private key through a floating IP address to connect the z/OS UNIX shell environment or enable the public gateway for the VPC subnet. For more information, see Connect to z/OS virtual server instances and Creating a client-to-site VPN server for VPC.
Procedures
To install software products for the z/OS virtual server instance, complete the following steps:
-
Request a service certificate from Shopz and download the certificate to your workstation. For more information, see Obtaining a user certificate .
You need to specify the password for the certificate.
-
Download the
DigiCert Global Root CA
to your workstation. -
After you download these certificates to your workstation, you need to upload them to the target z/OS virtual server instance. For example, you can follow the commands by using the SSH File Transfer Protocol (SFTP).
sftp ibmuser@<vsi ip address> put DigiCertGlobalRootCA.crt /u/ibmuser/digicert_ca put ShopzCert.pfx /u/ibmuser/smpe_cert
-
Import these certificates to a new key ring in the RACF database. You can use the following settings and must replace the following
temp4pass
with the password that is specified on Shopz.//SMPECERT JOB CLASS=A,MSGCLASS=H,MSGLEVEL=(1,1),NOTIFY=&SYSUID., // REGION=0M //ALLOC EXEC PGM=IEFBR14 //ROOT DD DSN=IBMUSER.DIGICERT.ROOT.CERT, // DISP=(NEW,CATLG),UNIT=SYSDA, // SPACE=(TRK,(1,1)), // DCB=(RECFM=VB,LRECL=256) //CLIENT DD DSN=IBMUSER.SMPE.CLIENT.CERT, // DISP=(NEW,CATLG),UNIT=SYSDA, // SPACE=(TRK,(1,1)), // DCB=(RECFM=VB,LRECL=256) //* //OGET EXEC PGM=IKJEFT01 //SYSPRINT DD SYSOUT=* //SYSTSPRT DD SYSOUT=* //SYSTSIN DD * OGET '/u/ibmuser/digicert_ca' 'IBMUSER.DIGICERT.ROOT.CERT' BINARY OGET '/u/ibmuser/smpe_cert' 'IBMUSER.SMPE.CLIENT.CERT' BINARY /* //ADDCERT EXEC PGM=IKJEFT01 //SYSPRINT DD SYSOUT=* //SYSTSPRT DD SYSOUT=* //SYSTSIN DD * RACDCERT ADD('IBMUSER.DIGICERT.ROOT.CERT') + CERTAUTH TRUST + WITHLABEL('DigiCert Global Root CA') RACDCERT ADD('IBMUSER.SMPE.CLIENT.CERT') + ID(SYSTEM) TRUST + WITHLABEL('SMPE Client Certificate') + PASSWORD('temp4pass') /* //KEYRING EXEC PGM=IKJEFT01 //SYSPRINT DD SYSOUT=* //SYSTSPRT DD SYSOUT=* //SYSTSIN DD * RACDCERT ADDRING(SHOPZ_RING) ID(SYSTEM) RACDCERT ID(SYSTEM) CONNECT(CERTAUTH + LABEL('DigiCert Global Root CA') RING(SHOPZ_RING) + USAGE(CERTAUTH)) RACDCERT ID(SYSTEM) CONNECT(ID(SYSTEM) + LABEL('SMPE Client Certificate') RING(SHOPZ_RING) + USAGE(CERTAUTH)) SETROPTS REFRESH RACLIST(DIGTCERT DIGTRING) /*
-
Then, you can download software products from Shopz by using
HTTPS
. You need to replace theSERVINFO DD
block statement with the sample job that is provided by Shopz.//HTTPSGET JOB CLASS=A,MSGCLASS=H,MSGLEVEL=(1,1),NOTIFY=&SYSUID., // REGION=0M,TIME=1440 //SMPER1 EXEC PGM=GIMSMP,PARM='PROCESS=WAIT' //SMPCSI DD DISP=SHR,DSN=SMPE.PROGPROD.CSI //SMPNTS DD PATHDISP=KEEP,PATH='/tmp/' //SMPOUT DD SYSOUT=* //SMPRPT DD SYSOUT=* //SMPLIST DD SYSOUT=* //SYSPRINT DD SYSOUT=* //SMPCNTL DD * SET BOUNDARY (GLOBAL) . RECEIVE FROMNETWORK( SERVER(SERVINFO) /* TRANSFERONLY */ CLIENT(MYCLIENT) ) . /* //SERVINFO DD * <SERVER host="deliverycb-bld.dhe.ibm.com" user="<userid>" pw="<password>" > <PACKAGE file="<server_dir_name>/PROD/GIMPAF.XML" hash="<hash_value>" id="<order_id>" > </PACKAGE> </SERVER> /* //MYCLIENT DD * <CLIENT downloadmethod="https" downloadkeyring="javatruststore" javahome="/usr/lpp/java/current" classpath="/usr/lpp/smp/classes" > </CLIENT> /*
-
Now you can follow the on-premises installation process for different software products in their IBM Program Directories. For example, for COBOL V6.4, you can access the sample installation jobs by performing an SMP/E RECEIVE and then copy the jobs from the RELFILES to a work data set for editing and submission. The following sample installation jobs are provided as part of the product:
- IGYWSMPE: SMP/E zone definition
- IGYWALLOC: Product data sets allocation
- IGYWZFS: Product zFS allocation
- IGYISMKD: zFS directory allocation
- IGYWDDEF: SMP/E DDDEFs
- IGYWAPLY: SMP/E APPLY
- IGYWIVP1: IVP #1
- IGYWIVP2: IVP #2
- IGYWACPT: SMP/E ACCEPT
-
If the installation verification procedure (IVP) runs correctly, the software product installation is completed.