Prerequisites

Learn about hardware and software requirements for ZD&T Enterprise Edition.

For a complete list of ZD&T hardware and software requirements, you can generate the report from Software Product Compatibility Reports. Hardware and software requirements are also documented in the zPDT® Guide and Reference.

z/OS system requirements

If you want to extract volumes from z/OS® systems, the following requirements are needed.

Required
  • An SSH server must be running and accessible by the system to run Enterprise Edition.
  • The FTP or SFTP client must be able to connect to the Enterprise Edition image storage server.
  • To use SFTP, Java™ 1.6 or later versions must be installed, and the PATH needs to be pointed to the bin directory of the Java installation.
  • To use SFTP as the transferring method of z/OS volumes, you need to put the zDTMainframeSFTP-12.0.1.0.jar that is included in the z/OS package into the UNIX System Services(USS) folder /usr/lpp/IBM/zdt.
  • Make sure to grant access to each volume or data set that is extracted. For more information, see Creating application components from IBM Z® mainframe volumes and Creating application components from IBM Z mainframe data sets.
  • Make sure to grant READ access to DFDSS program ADRDSSU.
Optional
  • Configure zEnterprise® Data Compression (zEDC) if it is available. Grant READ access to the resource FPZ.ACCELERATOR.COMPRESSION in SAF class FACILITY to the user ID that is used in the Enterprise Edition.
  • Grant READ access to resource STGADMIN.ADR.DUMP.CNCURRNT in SAF class FACILITY.

Image storage server requirements

To install and run ZD&T Enterprise Edition, an image storage server to host the Enterprise Edition artifacts, such as z system volumes, data sets, Enterprise Edition metadata, must be set up. To transfer volumes images files from the image storage server or to the image storage server, you can choose FTP or SFTP as the transferring method.

  • Disk space
    • Sufficient space is needed to hold numerous and potentially large files for extracted IBM Z volumes.
    • 150 GB of disk space is needed for ADCD z/OS V2.3 distribution.
  • Software requirements
    • A running FTP or SFTP server
  • FTP server
    • Enable passive mode by configuring PASV_ENABLED=YES in the vsftpd.conf.
    • Set SElinux to Permissive or Disabled mode.
    • Open firewall ports for FTP command and data channels.
  • SFTP server
    • Open the firewall port for SFTP command.

Target environments requirements

To automatically deploy application images to any target environment, the following requirements are needed.
  • Linux environments
    • If you choose to install the required Linux packages during the deployment, the software repository needs to be available and accessible by the target environments.
      • A Red Hat software repository for 'yum' needs to be available and accessible by the target environments.
      • An Ubuntu software repository for 'apt-get' need to be available and accessible by the target environments.
    • An SSH server must be running on the target environments and accessible by the system to run Enterprise Edition.
    • The command ftp client must reside on the target environments.
    • The root permission is needed for the users who are responsible for deployment.
    • An extra 100 M of disk space is needed for the folder /root in the target environment, as the loadparm.txt that is generated for a script to modify z/OS parameters might cause space problem.
    Note: ZD&T Hardware-Based and Software-Based License Server installation options open the ports 1947, 3270, 9451 and 9450 to communicate between License server and Terminal emulator. You need to remove any restriction that might prevent the installer from opening the ports cannot be on your Linux machine. To deactivate any firewall that is active, or ask your network administrator to deactivate the firewall. For more information about the opened ports, see Firewall ports list.
  • OpenStack Cloud environments
    • Make sure that the default security group of the OpenStack Cloud contains the rules that enable all the required ports of a target environment. For more information, see Firewall ports list.
  • Access to software repository to run YUM or apt-get commands

    Make sure that you have access to software repository to run YUM commands on RHEL machine, or run apt-get commands on Ubuntu machine. ZD&T installer will install all required packages. However, if you don't want ZD&T installer to install the required packages that are listed below, you need to install the packages before you start ZD&T installer.

    • YUM commands on RHEL operating system
      yum -y install iptables
yum -y install ftp
yum -y install libstdc++.i686
yum -y install perl 
yum -y install zip 
yum -y install unzip 
yum -y install gzip 
yum -y install bc
    • apt-get commands on UBUNTU operating system
      apt-get -y install iptables
dpkg --add-architecture i386
apt-get -y update
apt-get -y install libc6:i386 libncurses5:i386 libstdc++6:i386 lib32z1 lib32stdc++6
apt-get -y install ftp
apt-get -y install perl
apt-get -y install zip 
apt-get -y install unzip
apt-get -y install gzip
apt-get -y install bc
apt-get -y install libasound2
apt-get -f install
  • Start of changeUsers and group settings
    Before you deploy application images, make sure to create a new group 'zpdt' in the target environment if the group does not exist.
    • If you use the root user ID to deploy application images, create a user ID 'ibmsys1' if the user ID does not exist, and assign the user ID 'ibmsys1' to the group 'zpdt'.
    • If you use a non-root user ID to deploy application images, assign the user ID to the group 'zpdt'.
    End of change
  • Start of changeSudo access configuration

    The term sudo stands for super user do. Sudoers is the configuration file with the corresponding operating system sudo settings. This file is typically at /etc/sudoers. For more information about the specific sudoers file format, see Sudoers Manual.

    The following code shows an example of a sudoers entry.
     ibmsys1 ALL = (root) NOPASSWD: ALL

    In the code example, user ibmsys1 can access any shell script file on any host in any location as the root user without providing an identification password.

    During the deployment, Enterprise Edition runs several scripts that require the root access. For the security reasons, Enterprise Edition also changes the ownership of the scripts to the root user ID. The user ID that is used for the deployment needs to have the permission to run the scripts and change the ownership of the scripts. The scripts list is shown as below.
    [deployment directory]/zdt/zdtInstall/z1091-1-8.51.14.x86_64
[deployment directory]/zdt/zdtInstall/zdt_install_product_byRoot.sh
[deployment directory]/zdt/zdtInstall/zdt_install_dependencies_byRoot.sh (optional)
[deployment directory]/zdt/zdtInstall/zdt_config_user_byRoot.sh (optional)
[deployment directory]/zdt/zdtInstall/zdt_config_network_byRoot.sh (optional)
[deployment directory]/zdt/zdtInstall/zdt_cleanup_byRoot.sh (optional)
[deployment directory]/zdt/zdtInstall/zdt_config_tcpports (optional)
[deployment directory]/zdt/zdtInstall/zdt_config_udpports (optional)

    The deployment directory is an optional input value that can be specified from web user interface or REST API. By default, the deployment directory is /home/ibmsys1 if you log in as the root user, and /home/[userid] if you log in as a non-root user.

    The following code shows an example of the sudoers entry. The user ID that is used is ibmsys1, and the deployment directory is /home/ibmsys1.
    Cmnd_Alias CHOWNTOROOT=/bin/chown root 
/home/ibmsys1/zdt/zdtInstall/zdt_install_product_byRoot.sh, /bin/chown root 
/home/ibmsys1/zdt/zdtInstall/zdt_install_dependencies_byRoot.sh, /bin/chown root 
/home/ibmsys1/zdt/zdtInstall/zdt_config_user_byRoot.sh, /bin/chown root 
/home/ibmsys1/zdt/zdtInstall/zdt_config_network_byRoot.sh, /bin/chown root 
/home/ibmsys1/zdt/zdtInstall/z1091-1-8.51.14.x86_64, /bin/chown root 
/home/ibmsys1/zdt/zdtInstall/zdt_cleanup_byRoot.sh, /bin/chown root 
/home/ibmsys1/zdt/zdtInstall/zdt_config_tcpports, /bin/chown root 
/home/ibmsys1/zdt/zdtInstall/zdt_config_udpports 
ibmsys1 ALL=(root) NOPASSWD: /home/ibmsys1/zdt/zdtInstall/zdt_install_dependencies_byRoot.sh, 
/home/ibmsys1/zdt/zdtInstall/zdt_config_user_byRoot.sh, 
/home/ibmsys1/zdt/zdtInstall/zdt_install_product_byRoot.sh, 
/home/ibmsys1/zdt/zdtInstall/zdt_config_network_byRoot.sh, 
/home/ibmsys1/zdt/zdtInstall/zdt_cleanup_byRoot.sh, CHOWNTOROOT

    If you use other privilege management tools other than sudo, you also need to do the configuration.

    End of change
Start of change

Network configuration

To make other systems communicate with your emulated z/OS, you need to configure the emulated environment with an IP of 10.1.1.2 to ensure that the emulated environment can be accessible. A user is always able to configure the routing, and the only requirement is to route the port 2022 on the Linux to port 22 on the emulated z/OS.

To configure the network, complete the following steps:
  1. Back up the current iptables rules.
  2. Run the following commands.
    iptables --flush
iptables --table nat --flush
iptables --table nat --append POSTROUTING --out-interface eth1 -j MASQUERADE
iptables --table filter --append FORWARD --in-interface tap0 -j ACCEPT
iptables --table filter -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A PREROUTING --table  nat -i eth1 -p tcp --dport 0:21 -j DNAT --to 10.1.1.2
iptables -A FORWARD -p tcp -d 10.1.1.2 --dport 0:21 -j ACCEPT
iptables -A PREROUTING --table  nat -i eth1 -p tcp --dport 23:2021 -j DNAT --to 10.1.1.2
iptables -A FORWARD -p tcp -d 10.1.1.2 --dport 23:2021 -j ACCEPT
iptables -A PREROUTING --table  nat -i eth1 -p tcp --dport 2022 -j DNAT --to 10.1.1.2:22
iptables -A FORWARD -p tcp -d 10.1.1.2 --dport 2022 -j ACCEPT
iptables -A PREROUTING --table  nat -i eth1 -p tcp --dport 2023:3269 -j DNAT --to 10.1.1.2
iptables -A FORWARD -p tcp -d 10.1.1.2 --dport 2023:3269 -j ACCEPT
iptables -A PREROUTING --table  nat -i eth1 -p tcp --dport 3271:9449 -j DNAT --to 10.1.1.2
iptables -A FORWARD -p tcp -d 10.1.1.2 --dport 3271:9449 -j ACCEPT
iptables -A PREROUTING --table  nat -i eth1 -p tcp --dport 9452:65535 -j DNAT --to 10.1.1.2
iptables -A FORWARD -p tcp -d 10.1.1.2 --dport 9452:65535 -j ACCEPT
iptables -A PREROUTING --table  nat -i eth1 -p udp --dport 111 -j DNAT --to 10.1.1.2
iptables -A FORWARD -p udp -d 10.1.1.2 --dport 111 -j ACCEPT
iptables -A PREROUTING --table  nat -i eth1 -p udp --dport 514 -j DNAT --to 10.1.1.2
iptables -A FORWARD -p udp -d 10.1.1.2 --dport 514 -j ACCEPT
iptables -A PREROUTING --table  nat -i eth1 -p udp --dport 1023 -j DNAT --to 10.1.1.2
iptables -A FORWARD -p udp -d 10.1.1.2 --dport 1023 -j ACCEPT
iptables -A PREROUTING --table  nat -i eth1 -p udp --dport 1044:1049 -j DNAT --to 10.1.1.2
iptables -A FORWARD -p udp -d 10.1.1.2 --dport 1044:1049 -j ACCEPT
iptables -A PREROUTING --table  nat -i eth1 -p udp --dport 2049 -j DNAT --to 10.1.1.2
iptables -A FORWARD -p udp -d 10.1.1.2 --dport 2049 -j ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward

    eth1 is an example of the network interface name. To find available network interfaces, run the command ifconfig, ip -o address show, and so on.

End of change
Parent topic: Planning