PTF UJ94732 for APAR OA64188 (1Q24)

PTF UJ94732 for APAR OA64188 (1Q24) sets HTTPS as the default communication protocol for Tivoli Management Services on z/OS components, introduces related parameters RTE_TEMS_TRANSPORT_MODE and KDS_TEMS_HTTPS_PORT_NUM, and also introduces related message KFJ00226W.

Important: The application of this PTF affects the communication protocol that will be used for your runtime environment, regardless of any previous settings. You must proactively review your settings and make any necessary updates as needed, as described in this topic and in the APAR text. If you do not update your configuration, the default communication protocol will be HTTPS.
Important: In order to remain on HTTP for an existing runtime environment, you must add (or update) parameter RTE_TEMS_TRANSPORT_MODE set to value HTTP in the RTEDEF(rte_name) member for Configuration Manager or WCONFIG(rte_name) for PARMGEN. Do not refresh your environment until after you set this parameter. For more information, see Impact to an existing runtime environment or Update runtime environment to use HTTP.

New parameters

New parameter RTE_TEMS_TRANSPORT_MODE lets you specify the communication protocol for your runtime environment. Valid values are HTTPS, HTTP, and NONE. The default value is HTTPS.

New parameter KDS_TEMS_HTTPS_PORT_NUM lets you specify the HTTPS port number. The default value is 3661.

These parameters are supported by both Configuration Manager and PARMGEN.

For more information about the parameters, see RTE_TEMS_TRANSPORT_MODE and KDS_TEMS_HTTPS_PORT_NUM.

Impact to a new runtime environment

The application of this PTF impacts a new runtime environment as follows:
  • Using Configuration Manager: On the CREATE and MIGRATE actions, Configuration Manager exposes parameter RTE_TEMS_TRANSPORT_MODE in RTEDEF(rte_name) with the default value HTTPS, but it does not expose parameter KDS_TEMS_HTTPS_PORT_NUM. To use an HTTPS port other than the default, you must manually add parameter KDS_TEMS_HTTPS_PORT_NUM and specify the HTTPS port number.
  • Using PARMGEN: PARMGEN lists parameters RTE_TEMS_TRANSPORT_MODE and KDS_TEMS_HTTPS_PORT_NUM in WCONFIG(rte_name). You must manually review both settings and update per your environment setup if necessary; otherwise, the default values will be used.

Impact to an existing runtime environment

Important: After you apply this PTF and before you refresh your runtime environment, you must update your configuration to reflect your HTTP or HTTPS protocol setup. For Configuration Manager, any updates must be made before running the GENERATE action. For PARMGEN, any updates must be made before running the $PARSE job.
Important: In order to remain on HTTP for an existing runtime environment, you must add (or update) parameter RTE_TEMS_TRANSPORT_MODE set to value HTTP in the RTEDEF(rte_name) member for Configuration Manager or WCONFIG(rte_name) for PARMGEN. Do not refresh your environment until after you set this parameter.
The application of this PTF impacts existing runtime environments and requires manual configuration updates, as follows:

  • Using Configuration Manager: Before you run the GENERATE action, add the new RTE_TEMS_TRANSPORT_MODE parameter to the RTEDEF(rte_name) member and specify one of the acceptable values for this parameter: HTTP, HTTPS or NONE. The default value is HTTPS. If the parameter is not specified in the RTEDEF(rte_name) member, the default value will be used. Next, add the new KDS_TEMS_HTTPS_PORT_NUM parameter to the RTEDEF(KDS$PARM) member, the RTEDEF(KDS$lpar) member, or both, and specify the HTTPS port number. The default value is 3661. If the parameter is not specified in the RTEDEF(KDS$PARM) or RTEDEF(KDS$lpar) member, the default value will be used.

    If, prior to the application of the PTF, your existing runtime environment was set up to use the default HTTP protocol and specified the port with parameter KDS_TEMS_HTTP_PORT_NUM, then, when you apply the PTF and run the GENERATE action without doing any manual changes, HTTP will be disabled, the KDS_TEMS_HTTP_PORT_NUM value (HTTP:0) will be ignored, and the default setting (HTTPS:3661) will be enabled. To continue using HTTP, you must manually add the following line into the RTEDEF(rte_name) member: 
    RTE_TEMS_TRANSPORT_MODE  "HTTP"

    If HTTP is specified for RTE_TEMS_TRANSPORT_MODE, new message KFJ00226W is issued in the Configuration Manager KCIPRINT output data set, informing you that your runtime environment is using a non-secure communication protocol.

  • Using PARMGEN: After you run the PARMGEN Workflow primary option Set up/Refresh PARMGEN work environment (option 1), the new parameters appear in WCONFIG(rte_name). You can update the parameters as needed. For example, to continue using the HTTP protocol, change RTE_TEMS_TRANSPORT_MODE to HTTP manually before running the $PARSE job and the subsequent PARMGEN steps; otherwise, the HTTP protocol will be disabled and the HTTPS protocol will be enabled.
For more information about updating the communication protocol for your runtime environment, see the following topics:

Avoiding potential overrides

Existing HTTP and HTTPS communication protocol configuration in the following parameters can potentially override RTE_TEMS_TRANSPORT_MODE parameter output in the KppENV members:

  • For the Tivoli Enterprise Monitoring Server (product code KDS): If HTTPS:n or HTTP:n is specified in KDS_X_KDE_TRANSPORT_HTTP_OPTIONS or KDS_X_KDE_TRANSPORT_GBL_OPTIONS, consider removing those settings. The configuration tool will automatically update the KDSENV member using existing and newly introduced parameters.

  • For the agents: If HTTP:0 is specified in Kpp_X_KDE_TRANSPORT_HTTP_OPTIONS or Kpp_X_KDE_TRANSPORT_GBL_OPTIONS, consider removing it from the parameter value. By specifying RTE_TEMS_TRANSPORT_MODE "HTTPS", HTTP:0 will be added to all KppENV members automatically. All HTTPS-related configuration in these parameters can remain unchanged.