Identifying driving system software requirements for installing z/OS using CBPDO

When you use the CBPDO method of installing z/OS® you install in three stages called waves. (Wave 1, in order to be more manageable, is divided into several tasks called ripples.) This section describes the driving system requirements for each wave.

Internet delivery requirements. As of May 22, 2016, you can no longer download your CBPDO order to your z/OS host system from IBM download servers using Standard FTP. If you intend to receive your order by way of the Internet, observe the following considerations:
  • The Standard FTP (FTP) option is available only for orders that are downloaded from an intermediate server.
  • If you intend to receive your order using Secure FTP (FTPS), you need the following:
    • SMP/E V3R6 or higher
    • Either of the following features is installed, which enables strong cryptographic ciphers to be used for SSL/TLS connections in non-FIPS mode:
      • System SSL Security Level 3 Feature
      • CP Assist for Cryptographic Functions (CPACF) DES/TDES Enablement Feature 3863 with PTF UA95810.
    • ICSF is configured and active or IBM 31-bit SDK for z/OS Java Technology Edition V6.0 (5655-R31), or IBM 64-bit SDK for z/OS Java Technology Edition V6.0 (5655-R32) or higher is installed, which enables SMP/E to calculate SHA-1 hash values to verify the integrity of data being transmitted. If ICSF is not configured and active, SMP/E will use its Java application class instead for calculating the SHA-1 hash values. IBM recommends the ICSF method because it is likely to perform better than the SMP/E method. (To find out how to configure and activate ICSF, see z/OS Cryptographic Services ICSF System Programmer's Guide).
    • A download file system. Your order is provided in a compressed format and is saved in a download file system. The size of this file system should be approximately twice the compressed size of your order to accommodate the order and workspace to process it.
    • Firewall configuration. If your enterprise requires specific commands to allow the download of your order through a local firewall, you must identify these commands for later use in the RFNJOBS job, which manages the download of your order.
    • Ensure that the DigiCert Global Root CA certificate (in addition to the Root 2 - GeoTrust Global CA Certificate) is connected to your security manager keyring or stored in your default Java keystore file and is trusted on your system. Also, ensure that the user ID that executes SMP/E is authorized to use the keyring or default Java keystore file.
    • Ensure that your FTP.DATA data set statements used in the RFNJOBS job are set appropriately for your environment. For example, an FTPKEEPALIVE statement with a value of 0 (the default) can cause an FTP control connection to time out in some environments. Also, the security manager keyring file specified by the KEYRING statement in the FTP.DATA file might require certificates to be added. For details about specifying FTP.DATA statements, see z/OS Network File System Guide and Reference.
  • If you intend to download your order using HTTP Secure (HTTPS), you need the following:
    • SMP/E V3R6 with PTFs UO01693 (Base), UO01695 (Japanese), and UO01741 (Base) or higher
    • SMP/E uses the services of IBM 31-bit SDK for z/OS Java Technology Edition V6.0 (5655-R31), or IBM 64-bit SDK for z/OS Java Technology Edition V6.0 (5655-R32) or higher.
    • A download file system. Your order is provided in a compressed format and is saved in a download file system. The size of this file system should be approximately twice the compressed size of your order to accommodate the order and workspace to process it.
    • HTTP or SOCKS Proxy Server configuration. If your enterprise requires specific commands to allow the download of your order through an HTTP or SOCKS Proxy Server, you must identify these commands for later use in the RFNJOBH job.
    • Ensure that the DigiCert Global Root CA certificate (in addition to the Root 2 - GeoTrust Global CA Certificate) is connected to your security manager keyring or stored in your default Java keystore file and is trusted on your system. Also, ensure that the user ID that executes SMP/E is authorized to use the keyring or default Java keystore file.
  • For more information about how to set up FTPS or HTTPS, see the topic on preparing for secure Internet delivery in SMP/E for z/OS User's Guide.
  • For instructions on how to set up and verify that your system can connect to the IBM download servers, see Connectivity Test for SW Download Readiness.
Additional Internet delivery requirements for intermediate download: If you intend to download your CBPDO order to a workstation and from there to z/OS, in addition to these requirements you need the following:
  • Download Director. This is a Java™ applet that is used to transfer IBM® software to your workstation. For Download Director requirements, see Download Director - FAQ.
  • The CBPDO order accessible to the host. To make the CBPDO order (files) accessible to z/OS, you can do any of the following:
    • Configure the workstation as an FTP server. After you download the order to your workstation, the RECEIVE FROMNETWORK job (RFNJOBS) can point to a network location (in this case, your workstation) to access the order. Consult the documentation for your workstation operating system to determine if this FTP capability is provided or if you have to install additional software. Commercial, shareware, and freeware applications are available to provide this support. However, IBM cannot directly recommend or endorse any specific application. This option requires the use of ICSF or the SMP/E Java application class for calculation of SHA-1 hash values.
    • Use FTP commands to upload your package. The CBPDO Internet Delivery Installation Checklist contains sample FTP commands that you can use to transfer your package to the host. You can copy/paste and update as required to provide a user ID and password, and to replace your_package_id with the actual workstation location (directory) and packid with the host location (directory) for your environment. To make the transfer easier, you can create a text file that contains these FTP commands. This file then becomes input to the FTP program on your workstation.
    • Use network drives that are mounted to z/OS. The mounting can be accomplished using the Network File System base element, server message block (SMB) support provided by the Distributed File Service base element, or the Distributed FileManager component of the DFSMSdfp base element. The package is received from the file system defined as your SMPNTS.

      For information about Network File System, see z/OS Network File System Guide and Reference. For information about using the Distributed FileManager, see z/OS DFSMS DFM Guide and Reference.

  • CD write capability. A number of CD images might be associated with your order. The images are delivered in ISO9660 format and are packaged in zip files (with an extension of .zip). These files require your workstation to have CD write capability and you might have to acquire software to support this capability.
  • DVD delivery driving system requirements. If you intend to receive your CBPDO order by way of DVD, you need SMP/E V3R6 or higher.
  • Additional DVD delivery requirements. If you plan to copy the contents of the DVD(s) to a workstation before making them available on a z/OS host system, then the following requirements apply:
    1. The ability to share or transfer data to the z/OS host system where the order will be installed.
    2. Disk space for storing DVD files. The amount of disk space required varies by order. You need to have sufficient space for the compressed package. The package will be uncompressed on your host.
    3. If you plan to use RFNJOBD GIMGTPKG steps to receive order content using the workstation as the server, do the following:
      • Set up an FTP server on that workstation.
      • ICSF must be configured and active or IBM 31-bit SDK for z/OS Java Technology Edition V6.0 (5655-R31), or IBM 64-bit SDK for z/OS Java Technology Edition V6.0 (5655-R32) or higher must be installed so that SMP/E can calculate SHA-1 hash values in order to verify the integrity of data being transmitted.

        If ICSF is not configured and active, SMP/E will use its Java application class instead for calculating the SHA-1 hash values. IBM recommends the ICSF method because it is likely to perform better than the SMP/E method. To find out how to configure and activate ICSF, see z/OS Cryptographic Services ICSF System Programmer's Guide. For the required SMP/E setup, see SMP/E for z/OS User's Guide.