What's new?
While IBM® values the use of inclusive language, terms that are outside of IBM’s direct influence are sometimes required for the sake of maintaining user understanding. As other industry leaders join IBM in embracing the use of inclusive language, IBM will continue to update the documentation to reflect those changes.
You might also like to refer to the CICS Transaction Server for z/OS V5.6 announcement letter. New features in CICS Explorer® are described in the CICS Explorer product documentation.
The following features and enhancements are delivered as part of CICS Transaction Server for z/OS, Version 5 Release 6 , and cover the following areas:
The features in the following tables are not exclusive to each of the job roles shown; several are of interest across roles.
Java support features
| For application developers | For system programmers |
|---|---|
| New API makes CICS bundle deployment faster | Users product extension capability |
| Java build toolchain support | Enhanced administration commands for JVM server |
| Support for Java EE 8 Full Platform | Performance and storage improvements |
| Support for Jakarta EE 8 Platform | GATHER SPI function |
| Enhanced CICS Java API (JCICSX) allows easy mocking and remote development | Service
<applicationManager
autoExpand="true"> applied by default to Liberty configuration
settings |
| Support for Spring Boot | Service Alternative Liberty install available |
| Support for EXEC CICS LINK to a Spring Boot application running in a Liberty JVM server | |
| Service Support for Java 11 | |
| Service Support for Java 17 |
System management features
Security features
| For application developers | For system programmers |
|---|---|
| New Java security API (JSR 375) provided with Java EE 8 support in Liberty. | GMTRAN option DISCONNECT extended to CESF |
| Monitoring capability introduced for the security domain | |
| VERIFY TOKEN support for JWT | |
| SNI now supported in CICS TS communications with an HTTP server over TLS connections | |
| Changes to default user ID security definitions | |
| Service Default cipher file for outbound web requests | |
| Service Key rings can be shared between regions in an easier way | |
| Service Minimum key size can be set during TLS handshakes for increased key strength | |
| Service HTTP strict transport security (HSTS) is supported |
Performance features
| For system programmers |
|---|
| Monitoring capability introduced for the security domain |
| VERIFY TOKEN support for JWT |
| Ability of CICS-MQ bridge to write SMF type 110 records |
| CICS capability of exploiting IBM z/OS Workload Interaction Correlator |
Resilience features
| For application developers | For system programmers |
|---|---|
| COMMAREAs greater than 24 KB now supported for DPLs over MRO connections | Enforced protection for CICSPlex SM API program data space usage |
| Service Support for passing XID to Db2 | CICSPlex SM high data space utilization warnings |
| CICS-MQ trigger monitor and CICS-MQ bridge improvements | |
| More 64-bit storage exploitation | |
| Enhanced SOS protection and monitoring of 24-bit and 31-bit MVS storage | |
| Service Changes to CICSPlex® SM sysplex optimized workload routing behavior | |
| Service Improved Temporary storage expiry processing |
Continuous delivery APAR updates
| For application developers | For system programmers |
|---|---|
| Support for Java EE 8 Full Platform | New replication log record |
| New policy system rule types | |
| SNI now supported in CICS TS communications with an HTTP server over TLS connections | |
| CICS capability of exploiting IBM z/OS Workload Interaction Correlator | |
| CICS-MQ trigger monitor and CICS-MQ bridge improvements | |
| Service Key rings can be shared between regions in an easier way | |
| Service Service Minimum key size can be set during TLS handshakes for increased key strength |
Ansible IBM z/OS CICS collection to automate CICS resource and region actions
Red Hat® Ansible® is a popular open source tool to automate configuration management and deployments on IBM z/OS and many other platforms with a consistent approach, architecture, and set of skills. It supports automation tasks through Ansible playbooks, which you can run from command line interfaces (CLI), browser dashboards, within editors, or DevOps pipelines.
The IBM z/OS CICS collection collection uses the CMCI REST API to automate tasks in either a CICSPlex System Manager environment or a single CICS region that is not part of a CICSPlex SM. The automation tasks can define, install, and perform actions on CICS definitions and resources such as creating a PROGRAM definition, installing and updating it, and then deleting the definition.
To use this collection, a CICS management client interface (CMCI) (CMCI) connection is required in the CICSPlex SM or the single CICS region.
The IBM z/OS CICS collection collection is developed as an open source project at IBM z/OS CICS collection GitHub and is available on Ansible Galaxy and Ansible Automation Hub.
Enhancements to CICS policies
Support for CICS policies is continuously expanded with new rule types, new actions, and other enhancements.
- New policy system rule types
- Support for the following new policy system rule types is introduced:
- DBCTL connection status
- Use this rule to monitor and react to the change in status of a connection between CICS and DBCTL.
- IBM MQ connection status
- Use this rule to monitor and react to the change in status of a connection between CICS and IBM MQ.
- Pipeline enable status
- Use this rule to monitor and react to the change in the enable status of a CICS PIPELINE resource.
These system rules are also available on CICS TS 5.5 with APAR PH07632.
- Service Transaction dump threshold
- Available with APAR PH34348. Use this rule type to set a maximum threshold for the total number of transaction dumps in a CICS region and take an automatic action when the threshold is exceeded.
With this system rule, you can monitor transaction dumps and prevent excessive dumping in a CICS region.
- New policy task rule types
- Support for the following new policy task rule types is introduced:
- Service Container storage
- Available with APAR PH29187. Use this rule type to define a threshold for the amount of container storage that is allocated to a user task, and take an automatic action if the threshold is exceeded. This rule does not apply to EXCI containers or BTS containers.
- New z/OS WLM health action for policy system rules
- Support for a new policy action for system rules to increase or decrease the z/OS WLM health value of a CICS region when all the rules conditions are met. The new action is not supported for task rules.
- Service Specify Transaction ID and User ID conditions for policy task rules
- Available with APAR PH26145. When defining a policy task rule, you can now limit this rule to be triggered when status changes are made in relation to a specific transaction or a range of transactions, in relation to a specific user ID or a range of user IDs, or in relation to a combination of both, by setting Transaction ID and User ID filters in the Condition section in the Rules tab of the Policy definition editor.
New replication log record
Replication logging in support of GDPS® Continuous Availability is enhanced to log a REDO record when an application issues an UNLOCK command after a read-update command, or a series of write-massinsert commands. It allows replication products to cater more efficiently for non-RLS applications, which, in the absence of browse for update support, issue read-update requests against all records in a file, but update very few and unlock most records.
This capability is also available on CICS TS 5.2, 5.3, 5.4 and 5.5 with APARs PH09381 and PH13200.
GMTRAN option DISCONNECT extended to CESF
The DISCONNECT option of the GMTRAN system initialization parameter is extended to the CICS-supplied sign-off transaction CESF, forcing the terminal session to be disconnected upon sign-off.
This enhancement increases your control over terminal session security by preventing access to CICS at the terminal when it is running only with the default user ID.
Service Minimum key size can be set during TLS handshakes for increased key strength
APAR PH50175 required
With the new feature toggle com.ibm.cics.tls.minimumkeystrength you can set a
minimum key size for ECC, RSA, DSA, and Diffie-Hellman keys during TLS handshakes to increase your
key strength.
This feature is also available in CICS TS 5.4 and 5.5 with APAR PH50175.
Monitoring capability introduced for the security domain
- The performance data in group DFHTASK provides two new fields that indicate the total elapsed time that a user task spent verifying authentication credentials.
- The user domain statistics provide new global statistics, giving a more comprehensive view of user instances.
- CICS now collects global statistics on the security domain, providing a comprehensive view of authentication requests. For a full listing, see Security domain statistics.
New options USER and SECURITY are introduced in EXEC CICS EXTRACT STATISTICS, EXEC CICS PERFORM STATISTICS RECORD, and CEMT PERFORM STATISTICS for retrieving and requesting user domain statistics and security domain statistics.
Capability to format recent trace entries for tasks
In addition to auxiliary trace and internal trace, CICS stores data about the most recent trace entries for each task in a separate table. To format the trace for a particular task, use the TRS parameter and specify the KE_NUM of the task of interest.
The most recent trace entries contain basic information and are primarily intended for use in diagnosing problems with stalled tasks, where the data concerning the tasks might have been overwritten in the internal trace table.
VERIFY TOKEN support for JWT
The VERIFY TOKEN command is enhanced to support JSON Web Tokens (JWTs) provided by RACF®. With this capability, basic authentication credentials of a user can be converted to a time-limited secure token. This is useful where applications currently using passwords are being converted to use MFA tokens.
This support requires RACF APAR OA55926 and SAF APAR OA55927.
New feature toggle to help you with RLS migration
A new feature toggle com.ibm.cics.rls.delete.ridfld has been introduced to help
you with RLS migration. When this feature is enabled, you can issue a DELETE
command with the RIDFLD option for a single record without causing AFCG abends.
This capability is also available on CICS TS 5.4 and 5.5 with APAR PH07596.
Ability of CICS-MQ bridge to write SMF type 110 records
A new parameter SMFMQGET has been introduced to the CICS-MQ bridge, CKBR, which instructs the bridge to write SMF type 110 records for the number of MQGET requests it issued. These records are useful for performance analysis.
Resource definition online enhanced to support definition of DUMPCODEs
The standard Resource definition online (RDO) interface, CEDA, DFHCSDUP, EXEC CICS CREATE and EXEC CICS CSD, has been enhanced to support the definition of transaction dump codes and system dump codes through the new DUMPCODE resources. This allows DUMPCODEs for a CICS region to be installed at startup, removing the need to write a PLT program that uses the SET TRANDUMPCODE ADD and SET SYSDUMPCODE ADD system programming commands to add dump codes. These commands are still supported. DUMPCODEs now have a resource signature returned on the SPI commands to denote how they were created and installed.
In addition, the DUMP system initialization parameter has been extended to support a third option TABLEONLY. The new option allows for all system dumps to be suppressed except for those dump codes that have an entry in the dump table added by CEDA or the SPI. This allows, for example, for an SDUMP to be taken for a specific dump code that happens in production while suppressing all other sdumps.
Java build toolchain support
Java build toolchains such as Gradle and Apache Maven are extremely popular for developing, building, and testing applications. To provide a natural experience for Java developers who are using such tools, CICS now offers JCICS and related artifacts that can be used as dependencies of Java applications on Maven Central, and Gradle Maven plug-ins for bundle packaging and deployment that are built on the CICS bundle deployment API.
With the Maven Central artifacts, you can manage Java dependencies in a simplified way, develop the applications in an integrated development environment (IDE) of your choice, and deploy CICS bundles at development in a faster and confident way.
New API makes CICS bundle deployment faster
CICS now supports deploying CICS bundles through the CICS bundle deployment API. It is a REST API that receives a CICS bundle as a zip file over HTTP. The bundle is unzipped, installed into, and enabled in the appropriate CICS region automatically.
The CICS bundle deployment API
can increase Java developers' productivity by enabling them to
see their application changes reflected in a running CICS
region within seconds. Developers can also use the CICS-provided Gradle or Maven plug-in (cics-bundle-maven-plugin or
com.ibm.cics.bundle) that leverages the API, to integrate CICS bundle build and deployment into a toolchain.
The API also enables Java developers to deploy bundles whilst the system programmer retains control. A functional ID or another user ID with sufficient access deals with the bundle lifecycle and interacts with zFS on behalf of developers.
Enhanced administration commands for JVM server
- PERFORM JVMSERVER offers facilities to take JVM server dumps, refresh JVM resources and gather JVM diagnostics.
- INQUIRE JVMENDPOINT enables you to monitor JVM server endpoints.
- SET JVMENDPOINT enables you to enable or disable JVM server endpoints.
Support for Java EE 8 Full Platform
By using the embedded version of IBM WebSphere® Liberty (Liberty), CICS supports applications that are written to the Java Enterprise Edition (EE) 8 Full Platform specification. Java EE 8 includes many new and enhanced APIs, such as: JSON processing, RESTful web services, and JavaMail™.
A new Java security API (JSR 375) introduces a portable, flexible, and standardized security model for Web applications.
Java EE 8 also provides new versions of features for: JavaBean validation, servlet, JavaServer Faces and Contexts and Dependency Injection (CDI).
Java applications that are hosted in CICS TS are integrated with a CICS task by default and can use the JCICS API to call other CICS programs and services. This provides a powerful mechanism to modernize CICS applications by using the latest Java EE 8 features and capabilities.
This capability is also available on CICS TS 5.5 with APAR PH15017.
Support for Jakarta EE 8 Platform
The CICS Liberty JVM server supports now supports the Jakarta Enterprise Edition (EE) 8. The Jakarta EE 8 full platform technologies and specifications are an evolution of Java EE 8, allowing developers and applications to transition more easily from Java EE to Jakarta EE. The promise of Jakarta EE is a community-driven open source model, enjoying more frequent releases than Java EE, and evolving more quickly to address the needs of modern applications.
This capability is also available on CICS TS 5.5.
Enhanced CICS Java API (JCICSX) allows easy mocking and remote development
The JCICSX API classes support a subset of CICS functionality with a more natural, modern, Java style that is easier to understand for Java developers new to CICS. JCICSX is also remoteable, and easier to mock and stub than the existing Java classes of JCICS. Code written using the JCICSX API classes will execute without change, both in remote development mode and when deployed to run in CICS.
The JCICSX API classes can be used together with the JCICS API, but only the commands that use JCICSX can benefit from the enhanced features.
Support for Spring Boot
The CICS Liberty JVM server supports Spring Boot applications using the Spring application programming model. Spring was originally designed to simplify Java Enterprise Edition (EE), using plain old Java objects (POJOs) and dependency injection. It has since grown to extend and encompass many aspects of Java EE development.
Spring Boot builds on Spring by adding components to avoid complex configuration, reduce development time, and offer a simpler startup experience. Support is added for the Liberty features springBoot-1.5 and springBoot-2.0, allowing Spring Boot JARs to be deployed directly to a Liberty JVM server. Spring Boot applications can run on CICS without modification. It also is possible to configure Spring Boot applications for integration with CICS transactions and security, and to call the CICS API using JCICS.
When built as a web application archive (WAR), a Spring Boot application can be deployed and managed using CICS bundles in the same way as can other CICS Liberty applications.
A Spring Boot application can use the annotation @CICSProgram to define a method as the target of a CICS program. This can be linked from COBOL or other non-Java CICS programs through the channel and container interface.
This capability is available also for CICS TS 5.5 for Spring Boot applications that are packaged as WAR and JAR files, and for Spring Boot applications packaged as WAR files in CICS TS 5.4 and 5.3.
Support for EXEC CICS LINK to a Spring Boot application running in a Liberty JVM server
You can add the @CICSProgram annotation to a method on a Spring bean. When the
application is started in Liberty, a CICS program definition
is dynamically created. Then, the Spring Boot application can be invoked by any CICS program through an EXEC CICS LINK call.
Performance and storage improvements
Default storage settings in CICS and through example JVM profiles are updated for performance and storage optimization.
Users product extension capability
New CICS JVM profile option LIBERTY_PRODUCT_EXTENSIONS supports installation of user product extensions into a Liberty server.
GATHER SPI function
The PERFORM JVMSERVER JVM GATHER DIAGNOSTICS command (the GATHER SPI) collects
useful JVM server diagnostic information, aggregating multiple existing trace, dump, log and
configuration files into a single tar file. On request, you can send this file to IBM Service teams when they are helping you with JVM server
problems.
<applicationManager autoExpand="true"> applied by default to
Liberty configuration settings
This setting causes application file archives to expand automatically into the ${server.config.dir}/apps directory on first use. This avoids expansion of file archives into the Liberty work area on server startup, reducing zFS file I/O, and making more efficient use of the Java shared class cache.
This capability is available also on CICS TS 5.3 through 5.6 with APAR PH28793.
Changes to feature toggle configuration and processing
You can now apply feature toggle configurations to a specific CICS region by using a region-level feature toggle configuration file in a subdirectory of the USSCONFIG, with a directory name equal to the CICS region's APPLID. This allows region-level feature toggles to override the common set of feature toggles in the USSCONFIG.
The group-level feature toggle configuration files that are described in previous releases are deprecated. Their use will be removed in a future release of CICS TS. No messages will refer to the group-level feature toggles unless they are specified.
COMMAREAs greater than 24 KB now supported for DPLs over MRO connections
The restriction on the COMMAREA that its length cannot be greater than 24 KB for DPLs over MRO connections between CICS TS regions is removed. If both regions are at the level of CICS TS 5.6 or above, then a COMMAREA that is greater than 24 KB is shipped by using the DFHTRANSACTION channel. If the transaction that issues the LINK command does not have a DFHTRANSACTION channel, one is created.
Changes to CICSPlex SM resource tables
To aid application developers, the key fields now appear in key order at the top of the attributes table. The non key attributes follow, in ascending alphabetical order.
The CICSPlex SM security class information for each resource table listed after the Copybook identifier. Where applicable the CICS commands that require security access are also listed.
The DSECT offset for resource table attributes is also added.
SNI now supported in CICS TS communications with an HTTP server over TLS connections
CICS now supports the use of the Server Name Indication (SNI) extension as defined in Internet Engineering Task Force RFC 6066. With this enhancement, CICS TS, when acting as an HTTP client, can use a TLS connection to a virtual host where the server supports multiple virtual hosts using a single IP address.
No configuration change is required in CICS TS. CICS TS supports SNI if it is supported by the HTTP server.
This capability is available also on CICS TS 5.3, 5.4, and 5.5 with APAR PH20063.
Enforced protection for CICSPlex SM API program data space usage
CICSPlex SM API commands now returns an appropriate response instead of terminating a CMAS if a request causes CICSPlex SM to exceed the available data space storage.
CICSPlex SM high data space utilization warnings
EYUXC0028 warning messages are now issued when the data space usage for a CICSPlex SM component such as WLM, BAS and so on exceeds any of the allocation tiers of 70%, 80%, 90%, and 95%, alerting you to potential CICSPlex SM auxiliary storage issues before they become problematic.
CICS-MQ trigger monitor and CICS-MQ bridge improvements
The CICS-MQ trigger monitor transaction CKTI now handles abends produced when starting user transactions. If an abend occurs when the CKTI transaction attempts to start the user transaction, rather than terminating, CKTI will now send the trigger message to the dead-letter queue, and trigger monitor processing continues.
Additionally, both the CICS-MQ trigger monitor transaction CKTI and the CICS-MQ bridge monitor transaction CKBR now handle temporary errors that occur when issuing MQOPEN and MQGET requests. Rather than terminating, CKTI and CKBR retries every minute for up to an hour. If the error is not resolved after an hour, the monitor transactions terminate. This caters for errors that are caused by the loss of a coupling facility when the monitor transactions are processing shared queues. The IBM MQ queue manager can recover from a coupling facility failure, and when the connection is restored, bridge and trigger monitor processing resumes.
This enhancement is available also on CICS TS 5.4 and 5.5 with APAR PH22136.
More 64-bit storage exploitation
The TSICDATA subpool is moved above the bar to provide greater resilience when a large number of tasks are started with data and queue on TCLASS limits. It avoids short on storage conditions in the 31-bit ECDSA in this situation.
Improvement to CICS exception handling when a JVM server encounters a TCB failure
CICS exception handling when a JVM server encounters a TCB failure is changed to ensure that the JVM server is recycled. The following process takes place:
- CICS disables the JVMSERVER resource with the PHASEOUT option to allow existing work in the JVM to complete where possible and prevent new work from using the JVM.
- If the PHASEOUT operation fails to disable the JVMSERVER within the interval specified by the PURGE_ESCALATION_TIMEOUT JVM server option, CICS escalates to the next disable action PURGE until the JVMSERVER is disabled.
- If the PURGE operation fails to disable the JVMSERVER within the interval, CICS escalates to the next disable action FORCEPURGE.
- If the FORCEPURGE operation fails to disable the JVMSERVER within the interval, CICS escalates to KILL.
- After the JVMSERVER is successfully disabled, message DFHSJ1008 is issued.
- CICS attempts to re-enable the resource to create a new JVM.
You can control the interval between the disable actions that CICS performs by setting the PURGE_ESCALATION_TIMEOUT JVM server option.
This capability is available also on CICS TS 5.3, 5.4, and 5.5 with APAR PH12280.
Changes to default user ID security definitions
It is no longer necessary for users of any Category 3 transactions including CESN, CESL and CESF, to be given command authority. As a result, the default user ID should not need command authority for any CICS transactions.
In previous releases of CICS, if you used CMDSEC=ALWAYS, you had to define all users of CESN, CESL and CESF with authority to issue INQUIRE TERMINAL, SET TERMINAL, and INQUIRE SYSTEM commands. This included giving this authority to the CICS default user ID.
Improved usage of BAS data space storage for large CICSplex environments
The CICSPlex SM BAS
component can now use all available BAS data space storage by spreading large resource deployment
lists for BAS across multiple data spaces instead of being constrained to a single data space. This
is controlled by the feature toggle com.ibm.cics.cpsm.bas.largecicsplex.
Service If APAR PH26781 is applied, this
feature is disabled, but you can opt into this feature by setting the feature toggle
com.ibm.cics.cpsm.bas.largecicsplex=true.
This capability is available also on CICS TS 5.4 and 5.5 with APAR PH19761.
Enhanced SOS protection and monitoring of 24-bit and 31-bit MVS storage
CICS has long provided monitoring and short on storage (SOS) support for CICS-managed storage in dynamic storage areas (DSAs). The use of z/OS address space storage that is not managed by CICS (MVS™ storage) is not covered by this mechanism. Out of storage conditions can cause the region to terminate.
This release of CICS introduces the capability to monitor user region (24-bit) MVS storage and extended user region (31-bit) MVS storage. By default, CICS periodically monitors the state of unallocated user region and extended user region storage, and issues console messages to notify you of SOS conditions or significant changes in unallocated MVS storage.
In addition, CICS provides a new SOS wait feature. By default, this feature suspends tasks to stop the allocation of new TCBs, which are a major user of 24-bit storage, when the MVS user region or extended user region is short on storage, thereby minimizing the likelihood of an out of storage region abend.
You can use SOS messages that are issued when MVS storage is under stress in system policy rules with an action to set the z/OS WLM health value to 0, thus limiting new work coming to the affected region.
New statistics are available in Storage manager: Global statistics to provide information about the use of 24-bit and 31-bit MVS storage and to help you track fluctuations in the storage usage over time and take actions to prevent SOS conditions.
CICS capability of exploiting IBM z/OS Workload Interaction Correlator
IBM z/OS Workload Interaction Correlator (Correlator) is a priced feature that provides infrastructure for z/OS software to generate synchronized, standardized, concise, content-rich data with common context for automated analysis by an analytics engine such as the IBM z/OS Workload Interaction Navigator. You can use Correlator to generate standardized SMF records for CICS, making it easier to identify and correlate workload across your mainframe environment.
CICS uses the WIC IFAWIC service to register CICS regions for collecting data about transaction activities, and provides a WIC exit routine that SMF calls for WIC processing. The WIC exit routine aggregates and summarizes transaction activities from all registered CICS regions and records exceptional CICS regions into SMF type 98 subtype 1024 records.
Service Available with APAR PH30291, CICS-supplied Assembler copybook DFHWICCD is updated to enable IBM z/OS Workload Interaction Navigator with PTF UJ04388 to analyze multiple SMF files that are collected from multiple systems respectively and display the correlated anomalies across multiple systems for a single interval in one screen.
This capability is provided also to CICS TS 5.4 and 5.5 through APAR PH16392.
Service Support for resource definition overrides
With APAR PH30590, you can provide a consistent approach to the creation of certain resources by applying environment-specific overrides through a resource overrides file. You can override the resource definition for any currently supported resource type that can be defined by using resource definition online (RDO). You specify the required overrides in a resource overrides file that is loaded during CICS startup. The overrides are applied when CICS resources are installed.
This support is intended to make infrequent system-wide changes to tailor the resources for a specific CICS environment.
If this support is in use and the resource overrides file includes override rules for specified resource types, resource overrides are applied to the relevant resources when they are installed. Therefore, you must consider the effects of resource overrides when you install resources.
Service Enhanced capability for monitoring use of shared pool TS queues
Available with APAR PH28145, this enhancement makes it easier for you to monitor the change in capacity usage for shared pool TS queues. When the percentage of entries or elements in use in a pool structure reaches a specified threshold, DFHXQ0422 or DFHXQ0423 is issued. When the percentage of entries or elements in use drops below a threshold, DFHXQ0420 or DFHXQ0421 is issued.
Service Monitoring auxiliary temporary storage usage
Available with APAR PH28145, you are now alerted when auxiliary temporary storage data set usage is approaching a high percentage of its capacity so that you have time to free up storage before the auxiliary temporary storage becomes full.
CICS issues message DFHTS1316 when 75% or more of the maximum auxiliary temporary storage is in use, and message DFHTS1317 when storage usage falls below 70% of the maximum auxiliary temporary storage.
Service Support for passing XID to Db2
Available with APAR PH39766, a new feature toggle,
com.ibm.cics.db2.sharelocks={true|false}, is provided to enable CICS to pass an XID to Db2 and instruct Db2 to share locks between threads
that pass the same XID. Using the same XID, other threads that originate from other CICS regions or from other transaction managers such as IMS TM
can access Db2 in the same global
unit of work (UOW). The XID token is not used for recovery between CICS and Db2. Passing an XID
avoids having to deal with UOW affinities.
For CICS to pass an XID to Db2, CICS first queries MVS RRS to determine if there is a global UOW with a matching LU6.2 UOWID. The query for a global UOW involves issuing an ATRQUERY request with a sysplex scope for systems within the same RRS logging group. This has a performance impact in terms of CPU consumption. You should ensure READ access for the CICS user ID to the MVSADMIN.RRS.COMMANDS.gname.sysname resource or the MVSADMIN.RRS.COMMANDS resource in the FACILITY class. You should also ensure that auditing of successful access to RRS system management functions is not enabled; otherwise, an excessive number of SMF 80 records will be produced. For more information, see ATRQUERY — Obtain RRS Information in z/OS MVS Programming: Resource Recovery.
If the global UOW was initiated from outside CICS and is coordinated by MVS RRS, CICS obtains the XID associated with the RRS Unit of Recovery and passes it to Db2.
If RRS is not involved in the UOW, CICS generates an XID based on the data from the LU6.2 UOWID that is associated with the UOW. All CICS regions participating in the same UOW generate the same XID from the same LU6.2 UOWID.
The passing of an XID involves a partial signon to Db2 for each UOW. The number of partial signons increases if partial signons for each UOW were not previously necessary. If a partial signon for each UOW is already required as in the case of using ACCOUNTREC(UOW), the number of partial signons does not increase. A signon at the start of each UOW closes any cursors, so held cursors across syncpoints are not supported when the passing of an XID is enabled. Applications have to reposition cursors after a syncpoint.
Service Enhanced adapter tracking for CICS Db2 applications
Available with APAR PH30252, the CICS Db2 attachment facility is enhanced to pass adapter data to Db2. If a CICS task that is accessing Db2 has adapter data in the CICS origin data, the adapter ID is passed as appl-longname and the adapter data is passed as an accounting-string. Db2 writes the data in its SMF accounting records and the data is also available online through the Db2 special registers CURRENT CLIENT_APPLNAME and CURRENT CLIENT_ACCTNG. This capability also requires Db2 12 with APAR PH31447 or higher.
com.ibm.cics.db2.origindata=falseService Alternative Liberty install available
Available with APAR PH33149. If you choose, you can now specify a new WLP_INSTALL_DIR setting in your JVM profile to use an alternative version of Liberty: one that is not supplied with CICS.
Service Default cipher file for outbound web requests
With APAR PH38091, a new feature toggle,
com.ibm.cics.web.defaultcipherfile={true|false}, is provided to enable CICS to use a default set of ciphers from a cipher file called
defaultciphers.xml, instead of the current default list of 2-digit ciphers
(3538392F3233). This allows a greater set of ciphers to be used for outbound requests without having
to create a URIMAP for each potential endpoint.
The use of a default cipher file applies to outbound HTTPS requests that are made using EXEC CICS WEB OPEN or EXEC CICS INVOKE SERVICE commands, where those commands do not already specify a set of ciphers to use through the CIPHERS or URIMAP parameter.
To use this capability, the feature toggle must be set to true and the defaultciphers.xml file must exist in the USSCONFIG/security/ciphers directory. A sample defaultciphers.xml file is supplied in the USSHOME/security/ciphers directory. Copy this file to the USSCONFIG/security/ciphers directory and customize it for your security requirements.
If the feature toggle is enabled but there is a problem with the defaultciphers.xml file, message DFHWB0112 is issued and CICS reverts to using the default list of 2-digit ciphers.
Service Changes to CICSPlex SM sysplex optimized workload routing behavior
With APAR PH30768, the default behavior of CICSPlex SM workload management routing algorithms has been updated to increase the likelihood that work is routed to healthy, local target regions. This change applies only to the QUEUE and GOAL algorithms, not to the link neutral variants (LNQUEUE and LNGOAL).
Where a routing region might be subject to surges of extremely high frequency, short duration
transactions, workload batching might occur. A new feature toggle,
com.ibm.cics.cpsm.wlm.surgeresist={true|false}, has been introduced to mitigate these surges by reducing the likelihood that recently selected target regions are reselected. Enabling this feature toggle increases the average routing cost per transaction, but restores the routing behavior of CICSPlex SM at CICS TS 5.6 before APAR PH30768 is applied.
Service Messages reporting changes to APPC and IRC log names
Available with APAR PH03691.
- DFHRM0240 reports the local log name that is set during CICS initialization and sent to a remote system when CICS establishes an APPC or IRC connection.
- DFHRM0241 reports a log name that has been set for an APPC or IRC connection.
- DFHRM0242 reports a log name that has been deleted for an APPC or IRC connection.
Service Easier system management, efficient application development, and advanced client authentication available in single CICS regions with CMCI JVM server
The CICS Management Client Interface (CMCI) is a set of APIs that enable management of your CICS regions using tools such as CICS Explorer. When served from a JVM server, the CMCI provides additional capabilities such as multi-factor authentication (MFA), the GraphQL API, and the CICS bundle deployment API.
Available with APAR PH35122, the CMCI JVM server can be configured in a single CICS region outside of a CICSPlex SM environment to create an SMSS, enabling the following features:
- Enhanced security offered by multi-factor authentication (MFA), even in SMSS environments. Users can sign on to an SMSS with MFA credentials in CICS Explorer for Aqua 3.2 (Fix Pack 5.5.20).
- Easier system management with the CMCI GraphQL API, which supports queries about multiple CICS resources and inter-resource relationships in a single request. CICS Explorer as of Fix Pack 5.5.20 also uses the GraphQL API to provide the aggregation function when connected to SMSS regions at CICS TS 5.6 with APAR PH35122, or a later release.
- Efficient application development with the CICS bundle deployment API, which allows Java developers to use the CICS-provided Gradle or Maven plug-ins to deploy bundles into single CICS development environment. This way, developers can see their application changes reflected in a running CICS region within seconds, and integrate the CICS bundle build and deployment into a toolchain to increase productivity, whilst the system programmer retains control.
Service Prepare for a future release of CICS TS
Available with APAR PH54814 (supercedes APAR PH39798).
The DFHCSVC and DFHIRP modules for future CICS TS releases have been shipped as modules DFHNCSVC and DFHNIRP on current releases ahead of the general availability of the newest CICS TS release. If you wish to install the future release modules DFHCSVC and DFHIRP to fit in with your scheduled z/OS IPLs, follow the instruction here.
Service Improved Temporary storage expiry processing
Available with APAR PH40863 and PH40409.
- Firstly, the processing of main and auxiliary tsqueues is separated from the processing of shared tsqueues so that they use separate calculated intervals.
- Secondly, for shared tsqueues, an internal queue is used to hold when the last scan was performed. The internal queue is used to prevent a CICS region from scanning shared TS queues if another CICS region has performed such a scan within the previous minute. This means that even if multiple CICS regions are using a shared TS pool, each with TS models installed that specify short expiry intervals, the shared queues are never scanned more frequently than once per minute.
- Thirdly, the CICS-MQ interface has been improved to only employ a DFHCKBR tsmodel with a nonzero expiry interval when the MQ bridge has been started; otherwise, it has a zero expiry interval. This avoids unwanted tsqueue scans.
Service Enabling multiple client URIMAPs that point to the same endpoint
Available with APAR PH44683, multiple client URIMAPs that point to the same host, port and path can be installed and enabled in a CICS region. This enhancement removes the limitation that only one client URIMAP for an endpoint could be enabled in a CICS region. As best practice, always use a URIMAP by name.
Service Support for Java 11
APAR PH47221 adds support for Java 11 using IBM Semeru Runtime Certified Edition for z/OS. A minimum version of 11.0.17.0 is required. The CICS documentation will be updated to describe considerations for using Java 11.
Java 8 continues to be supported.
Service Support for Java 17
APAR PH55278 adds support for Java 17 using IBM Semeru Runtime Certified Edition for z/OS. A minimum version of 17.0.7.0 is required.
Java 17 is not supported for use with:
- SAML JVM servers at all CICS releases.
To enable Db2 type 2
connectivity when you are running Java 17, add
LIBPATH_SUFFIX=/usr/lpp/db2v12/jdbc/lib to the JVM profile.
Java 8 and Java 11 continues to be supported.
Service Key rings can be shared between regions in an easier way
Available with APAR PH49253, with the support of more acceptable formats of key ring names on the KEYRING system initialization parameter, you can now use key rings that are not owned by the current region user ID. To share a key ring owned by one region user ID with another region, you need to grant that other region authority to use the key ring.
This capability is also available on CICS TS 5.5 with APAR PH49253.
Service HTTP strict transport security (HSTS) is supported
Available with APAR PH55369.
HTTP strict transport security (HSTS) helps servers prevent man-in-the-middle attacks by instructing compliant user agents to only interact with the server through secure connections (HTTPS).
You can now configure a CICS server to use HSTS with a set of
com.ibm.cics.web.hsts feature toggles.
This feature is also available in CICS TS 5.5 with APAR PH55369.
CICS documentation and other information
- CICS online documentation and IBM Documentation Offline are now automatically translated in various languages other than English: Brazilian Portuguese, French, German, Italian, Japanese, Korean, Simplified Chinese, and Spanish. PDF documentation is not currently translated.
- CICSPlex SM system parameters is moved to the section in IBM Documentation.
- A summary of changes to security, including changes to RACF classes, through CICS releases is added to the Upgrading information: Changes to security and Changes to RACF classes.The CICS TS Version 5 Performance Report was added to IBM Documentation and as PDF: CICS TS V5 Performance Report . This report was previously published as an IBM Redbook: IBM CICS Performance Series: CICS TS for z/OS V5 Performance Report, (SG24-8298). This report will be extended with performance test results for CICS TS 5.6 when those results are made available.