Question & Answer
What are Workflows used for?
For each Configuration Assistant technology, there are a number of setup tasks that must be performed before the technology can be used. Setting up the Policy Agent is a basic requirement. For IP Security, users may require the IKE, NSS, and DMD daemons. Syslogd and TRMD can be used for logging. Preparing this environment requires many steps that include enabling RACF permissions, defining start procedures, and setting up support and configuration files for these service applications. After these setup taks are complete, the administrator can then install policy configuration files for each of the technologies they have configured.
Prior to V2R1, setup tasks were provided as part of the Configuration Assistant using Application Setup Tasks. In V2R1, Application Setup Tasks have been replaced with the z/OSMF Workflow function. Workflows are provided which are a set of instructions that guide users through the setup of the environment required to run the policy-based networking technologies.
Many of these setup tasks can be performed once and will seldom need to be performed again. However, normal changes and updates to configuration such as adding a new z/OS image and TCP/IP stacks can require the need to re-run the workflow steps.
To use the Workflows:
From the z/OSMF navigation menu, select the Workflow link.
Several workflows are provided to help in setting up the environment for policy-based networking. Once in the Workflow, use the Actions and select Create Workflow. Users will be required to specify the full directory path to create the workflow. The z/OS Communications Server workflow definition files are provided in the /usr/lpp/zosmf/V2R1/workflow/plugins/izuca directory by default.
Workflows for Policy-based Networking
ezb_pagent_setup_wizard.xml - This workflow provides the steps for setting up the Policy Agent (Pagent). Pagent is required for all of the policy-based networking technologies: IPSec, AT-TLS, IDS, PBR, and QoS. Pagent uses syslogd for logging.
ezb_dmd_setup_wizard.xml - This workflow provides the steps for setting up the Defense Manager Daemon (DMD). DMD also uses TRMD and syslogd for logging.
ezb_ike_setup_wizard.xml - This workflow provides the steps for setting up to run the IKE daemon (iked). The IKE daemon uses syslogd for logging.
ezb_nss_setup_wizard.xml - This workflow provides the steps for setting up the Network Security Services (NSS) daemon. The NSS daemon uses syslogd for logging.
ezb_trmd_setup_wizard.xml - This workflow provides the steps for setting up the Traffic Regulation Management daemon (TRMD). This is used with IPSec, DMD, and IDS technologies for logging. It works in conjunction with syslogd to provide logging.
ezb_syslogd_setup_wizard.xml - This workflow provides the steps for setting up syslogd.
ezb_tcpip_profile_sample_wizard.xml - This workflow provides a sample TCP/IP profile which contains common statements required to enable AT-TLS and IP Security, and additionally includes port reservation statements for running daemons.
15 April 2015