(Optional) Interactive ISPF Gateway

You need the assistance of a security administrator to complete this customization task, which requires the following resources or special customization tasks:
  • Define Common Event Adapter (CEA) security profiles
  • SYS1.PARMLIB update

As of z/OS® 2.2, Legacy ISPF Gateway, previously named TSO/ISPF Client Gateway, is deprecated and will no longer be enhanced. The functionality is now provided by Interactive ISPF Gateway. As the name implies, Interactive ISPF Gateway supports the usage of interactive commands (for example TSO RECEIVE). ISPF services are also supported, but ISPF panel applications are not supported.

z/OS Explorer uses the ISPF Gateway for the TSO Commands service.

Legacy ISPF Gateway relies on various CGI_ISP* variables in rse.env and the definitions in ISPF.conf. Except for CGI_ISPHOME and possible LINKLIST definitions, Interactive ISPF Gateway does not share any configuration definition with Legacy ISPF Gateway.

Interactive ISPF Gateway, which is activated with the CGI_CEATSO variable in rse.env, requires z/OS 2.2, and the Common Event Adapter (CEA) TSO/E address space manager service.

Common Event Adapter (CEA) TSO/E address space manager is a subcomponent of the z/OS CEA services. Refer to MVS™ Callable Services for HLL (SA22-7613) for details on prerequisites and setup instructions for the CEA TSO/E address space manager service. Refer to z/OS Common Information Model User's Guide (SC34-2671) for a description of error reason codes.

  • CEA started task must be active.
  • The CEA started task configuration file is SYS1.PARMLIB(CEAPRMxx).
  • CEA must be started in full function mode, which implies that security setup is required. See SYS1.SAMPLIB(CEASEC) for sample commands.
  • CEA started task must have the TRUSTED attribute. 
    RALTER STARTED (CEA.*) STDATA(TRUSTED(YES))
SETROPTS  RACLIST(STARTED)REFRESH
  • All z/OS Explorer users must have READ access to the CEA.CEATSO.TSOREQUEST profile in the SERVAUTH security class. 
    RDEFINE SERVAUTH (CEA.CEATSO.TSOREQUEST) UACC(NONE)
PERMIT CEA.CEATSO.TSOREQUEST CLASS(SERVAUTH) ID(*) ACCESS(READ)
SETROPTS  RACLIST(SERVAUTH) REFRESH

Unlike Legacy ISPF Gateway, Interactive ISPF Gateway creates traditional TSO address spaces, which result in different behavior on the host and client.

  • TSO address spaces that are created using CEA are regular TSUxxxxx user jobs in your JES system (whereas Legacy ISPF Gateway sessions are STCxxxxx started tasks).
  • CEA requires that a logon procedure, account number, group ID, and region size is provided by the caller (whereas Legacy ISPF Gateway required no TSO logon information).
  • z/OS Explorer clients allow the user to provide (and alter) this TSO logon information. The TSO logon information is specific to this client workspace. It does not alter the TSO logon data stored in the user’s TSO segment in your security software.
  • The TSO logon procedure that is used for Interactive ISPF Gateway may not invoke ISPF panel applications.
  • If users use multiple Interactive ISPF Gateways simultaneously, or use TSO via 3270 simultaneously with the Interactive ISPF Gateway, TSO and ISPF must be set up to allow for multiple simultaneous logons.
  • Interactive ISPF Gateway requires you to upper-case TSO commands and prefix them with the TSO keyword.