Prerequisites
Learn about hardware and software requirements for ZD&T Enterprise Edition.
For a complete list of ZD&T hardware and software requirements, you can generate the report from Software Product Compatibility Reports. Hardware and software requirements are also documented in the zPDT® Guide and Reference.
z/OS system requirements
If you want to extract volumes from z/OS® systems, the following requirements are needed.
- An SSH server must be running and accessible by the system to run Enterprise Edition.
- The FTP or SFTP client must be able to connect to the Enterprise Edition image storage server.
- To use SFTP, Java™ 1.6 or later versions must be installed, and the PATH needs to be pointed to the bin directory of the Java installation.
- To use SFTP as the transferring method of z/OS volumes, you need to put the zDTMainframeSFTP-12.0.1.0.jar that is included in the z/OS package into the UNIX System Services(USS) folder /usr/lpp/IBM/zdt.
- Make sure to grant access to each volume or data set that is extracted. For more information, see Creating application components from IBM Z® mainframe volumes and Creating application components from IBM Z mainframe data sets.
- Make sure to grant READ access to DFDSS program ADRDSSU.
- Configure zEnterprise® Data Compression (zEDC) if it is available. Grant READ access to the resource FPZ.ACCELERATOR.COMPRESSION in SAF class FACILITY to the user ID that is used in the Enterprise Edition.
- Grant READ access to resource STGADMIN.ADR.DUMP.CNCURRNT in SAF class FACILITY.
Image storage server requirements
To install and run ZD&T Enterprise Edition, an image storage server to host the Enterprise Edition artifacts, such as z system volumes, data sets, Enterprise Edition metadata, must be set up. To transfer volumes images files from the image storage server or to the image storage server, you can choose FTP or SFTP as the transferring method.
- Disk space
- Sufficient space is needed to hold numerous and potentially large files for extracted IBM Z volumes.
- 150 GB of disk space is needed for ADCD z/OS V2.3 distribution.
- Software requirements
- A running FTP or SFTP server
- FTP server
- Enable passive mode by configuring PASV_ENABLED=YES in the vsftpd.conf.
- Set SElinux to Permissive or Disabled mode.
- Open firewall ports for FTP command and data channels.
- SFTP server
- Open the firewall port for SFTP command.
Target environments requirements
- Linux environments
- If you choose to install the required Linux packages
during the deployment, the software repository needs to be available and accessible by the target environments.
- A Red Hat software repository for 'yum' needs to be available and accessible by the target environments.
- An Ubuntu software repository for 'apt-get' need to be available and accessible by the target environments.
- An SSH server must be running on the target environments and accessible by the system to run Enterprise Edition.
- The command ftp client must reside on the target environments.
- The root permission is needed for the users who are responsible for deployment.
- An extra 100 M of disk space is needed for the folder /root in the target environment, as the loadparm.txt that is generated for a script to modify z/OS parameters might cause space problem.
Note: ZD&T Hardware-Based and Software-Based License Server installation options open the ports 1947, 3270, 9451 and 9450 to communicate between License server and Terminal emulator. You need to remove any restriction that might prevent the installer from opening the ports cannot be on your Linux machine. To deactivate any firewall that is active, or ask your network administrator to deactivate the firewall. For more information about the opened ports, see Firewall ports list. - If you choose to install the required Linux packages
during the deployment, the software repository needs to be available and accessible by the target environments.
- OpenStack Cloud environments
- Make sure that the default security group of the OpenStack Cloud contains the rules that enable all the required ports of a target environment. For more information, see Firewall ports list.
- Access to software repository to run YUM or
apt-get commands
Make sure that you have access to software repository to run YUM commands on RHEL machine, or run apt-get commands on Ubuntu machine. ZD&T installer will install all required packages. However, if you don't want ZD&T installer to install the required packages that are listed below, you need to install the packages before you start ZD&T installer.
- YUM commands on RHEL operating
system
yum -y install iptables yum -y install ftp yum -y install libstdc++.i686 yum -y install perl yum -y install zip yum -y install unzip yum -y install gzip yum -y install bc
- apt-get commands on UBUNTU operating
system
apt-get -y install iptables dpkg --add-architecture i386 apt-get -y update apt-get -y install libc6:i386 libncurses5:i386 libstdc++6:i386 lib32z1 lib32stdc++6 apt-get -y install ftp apt-get -y install perl apt-get -y install zip apt-get -y install unzip apt-get -y install gzip apt-get -y install bc apt-get -y install libasound2 apt-get -f install
- YUM commands on RHEL operating
system
- Users and group settingsBefore you deploy application images, make sure to create a new group 'zpdt' in the target environment if the group does not exist.
- If you use the root user ID to deploy application images, create a user ID 'ibmsys1' if the user ID does not exist, and assign the user ID 'ibmsys1' to the group 'zpdt'.
- If you use a non-root user ID to deploy application images, assign the user ID to the group 'zpdt'.
- Sudo access configuration
The term sudo stands for super user do. Sudoers is the configuration file with the corresponding operating system sudo settings. This file is typically at /etc/sudoers. For more information about the specific sudoers file format, see Sudoers Manual.
The following code shows an example of a sudoers entry.ibmsys1 ALL = (root) NOPASSWD: ALL
In the code example, user ibmsys1 can access any shell script file on any host in any location as the root user without providing an identification password.
During the deployment, Enterprise Edition runs several scripts that require the root access. For the security reasons, Enterprise Edition also changes the ownership of the scripts to the root user ID. The user ID that is used for the deployment needs to have the permission to run the scripts and change the ownership of the scripts. The scripts list is shown as below.[deployment directory]/zdt/zdtInstall/z1091-1-8.51.14.x86_64 [deployment directory]/zdt/zdtInstall/zdt_install_product_byRoot.sh [deployment directory]/zdt/zdtInstall/zdt_install_dependencies_byRoot.sh (optional) [deployment directory]/zdt/zdtInstall/zdt_config_user_byRoot.sh (optional) [deployment directory]/zdt/zdtInstall/zdt_config_network_byRoot.sh (optional) [deployment directory]/zdt/zdtInstall/zdt_cleanup_byRoot.sh (optional) [deployment directory]/zdt/zdtInstall/zdt_config_tcpports (optional) [deployment directory]/zdt/zdtInstall/zdt_config_udpports (optional)
The deployment directory is an optional input value that can be specified from web user interface or REST API. By default, the deployment directory is /home/ibmsys1 if you log in as the root user, and /home/[userid] if you log in as a non-root user.
The following code shows an example of the sudoers entry. The user ID that is used is ibmsys1, and the deployment directory is /home/ibmsys1.Cmnd_Alias CHOWNTOROOT=/bin/chown root /home/ibmsys1/zdt/zdtInstall/zdt_install_product_byRoot.sh, /bin/chown root /home/ibmsys1/zdt/zdtInstall/zdt_install_dependencies_byRoot.sh, /bin/chown root /home/ibmsys1/zdt/zdtInstall/zdt_config_user_byRoot.sh, /bin/chown root /home/ibmsys1/zdt/zdtInstall/zdt_config_network_byRoot.sh, /bin/chown root /home/ibmsys1/zdt/zdtInstall/z1091-1-8.51.14.x86_64, /bin/chown root /home/ibmsys1/zdt/zdtInstall/zdt_cleanup_byRoot.sh, /bin/chown root /home/ibmsys1/zdt/zdtInstall/zdt_config_tcpports, /bin/chown root /home/ibmsys1/zdt/zdtInstall/zdt_config_udpports ibmsys1 ALL=(root) NOPASSWD: /home/ibmsys1/zdt/zdtInstall/zdt_install_dependencies_byRoot.sh, /home/ibmsys1/zdt/zdtInstall/zdt_config_user_byRoot.sh, /home/ibmsys1/zdt/zdtInstall/zdt_install_product_byRoot.sh, /home/ibmsys1/zdt/zdtInstall/zdt_config_network_byRoot.sh, /home/ibmsys1/zdt/zdtInstall/zdt_cleanup_byRoot.sh, CHOWNTOROOT
If you use other privilege management tools other than sudo, you also need to do the configuration.
Network configuration
To make other systems communicate with your emulated z/OS, you need to configure the emulated environment with an IP of 10.1.1.2 to ensure that the emulated environment can be accessible. A user is always able to configure the routing, and the only requirement is to route the port 2022 on the Linux to port 22 on the emulated z/OS.
- Back up the current iptables rules.
- Run the following
commands.
iptables --flush iptables --table nat --flush iptables --table nat --append POSTROUTING --out-interface eth1 -j MASQUERADE iptables --table filter --append FORWARD --in-interface tap0 -j ACCEPT iptables --table filter -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A PREROUTING --table nat -i eth1 -p tcp --dport 0:21 -j DNAT --to 10.1.1.2 iptables -A FORWARD -p tcp -d 10.1.1.2 --dport 0:21 -j ACCEPT iptables -A PREROUTING --table nat -i eth1 -p tcp --dport 23:2021 -j DNAT --to 10.1.1.2 iptables -A FORWARD -p tcp -d 10.1.1.2 --dport 23:2021 -j ACCEPT iptables -A PREROUTING --table nat -i eth1 -p tcp --dport 2022 -j DNAT --to 10.1.1.2:22 iptables -A FORWARD -p tcp -d 10.1.1.2 --dport 2022 -j ACCEPT iptables -A PREROUTING --table nat -i eth1 -p tcp --dport 2023:3269 -j DNAT --to 10.1.1.2 iptables -A FORWARD -p tcp -d 10.1.1.2 --dport 2023:3269 -j ACCEPT iptables -A PREROUTING --table nat -i eth1 -p tcp --dport 3271:9449 -j DNAT --to 10.1.1.2 iptables -A FORWARD -p tcp -d 10.1.1.2 --dport 3271:9449 -j ACCEPT iptables -A PREROUTING --table nat -i eth1 -p tcp --dport 9452:65535 -j DNAT --to 10.1.1.2 iptables -A FORWARD -p tcp -d 10.1.1.2 --dport 9452:65535 -j ACCEPT iptables -A PREROUTING --table nat -i eth1 -p udp --dport 111 -j DNAT --to 10.1.1.2 iptables -A FORWARD -p udp -d 10.1.1.2 --dport 111 -j ACCEPT iptables -A PREROUTING --table nat -i eth1 -p udp --dport 514 -j DNAT --to 10.1.1.2 iptables -A FORWARD -p udp -d 10.1.1.2 --dport 514 -j ACCEPT iptables -A PREROUTING --table nat -i eth1 -p udp --dport 1023 -j DNAT --to 10.1.1.2 iptables -A FORWARD -p udp -d 10.1.1.2 --dport 1023 -j ACCEPT iptables -A PREROUTING --table nat -i eth1 -p udp --dport 1044:1049 -j DNAT --to 10.1.1.2 iptables -A FORWARD -p udp -d 10.1.1.2 --dport 1044:1049 -j ACCEPT iptables -A PREROUTING --table nat -i eth1 -p udp --dport 2049 -j DNAT --to 10.1.1.2 iptables -A FORWARD -p udp -d 10.1.1.2 --dport 2049 -j ACCEPT echo 1 > /proc/sys/net/ipv4/ip_forward
eth1 is an example of the network interface name. To find available network interfaces, run the command ifconfig, ip -o address show, and so on.