General Page
For more V2R4 new functions, see z/OS V2R4 Communications Server: New Function Summary.
Enhancing security
IBM zERT Network Analyzer passphrase and password management support June 2022
The IBM zERT Network Analyzer with APAR PH43119 for z/OS V2R4 supports the use of passphrases up to 100 characters to connect to the Db2 for z/OS database. The IBM zERT Network Analyzer includes additional enhancements in the Database Settings panel to clear existing database credentials to allow for easier switching to a different database user ID.
Support for SMF compliance evidence May 2022
z/OS® V2R4 Communications Server with APAR PH37372 generates new SMF type 1154 records that provide compliance evidence for the TCP/IP stack (subtype 1), FTP daemon (subtype 2), TN3270E Telnet server (subtype 3), and CSSMTP client (subtype 4).
- The TCP/IP stack must be active to provide the TCP/IP stack compliance evidence SMF record.
- The FTP daemon must be active to provide the FTP daemon compliance evidence SMF record.
- The TN3270E Telnet server must be active to provide TN3270E Telnet server compliance evidence SMF records (one per server port).
- CSSMTP must be active to provide the CSSMTP client compliance evidence record.
FTP server JES access control March 2022
z/OS V2R4 Communications Server, with APAR PH42618, supports a new SAF resource in the SERVAUTH class to control which users are allowed to access FTP JES mode. When the SERVAUTH class is active and a profile is defined for the EZB.FTP.sysname.ftpdaemonname.ACCESS.JES SAF resource, only users with permission to the profile are allowed to access FTP JES mode.
IBM zERT Network Analyzer database administration enhancements May 2020
z/OS Management Facility (z/OSMF) with the IBM zERT Network Analyzer APAR PH24494 for z/OS V2R4, introduces a configurable report timeout and limits to the maximum number of open reports per user. The sample database schema tooling now includes additional templates to change the number of partitions in the partition-by-range query result tables.
IBM Health Checker for use of native TLS/SSL support for DCAS March 2020
z/OS® V2R4 Communications Server, with TCP/IP APAR PH16144 and SNA APAR OA58255, provides a new migration health check to use with the IBM Health Checker for z/OS function. The migration health check identifies if DCAS uses native TLS/SSL support.
IBM Health Checker for use of native TLS/SSL support for the FTP server March 2020
z/OS® V2R4 Communications Server, with TCP/IP APAR PH21573 and SNA APAR OA59022, provides a new migration health check to use with the IBM Health Checker for z/OS function. The migration health check identifies active FTP servers using native TLS/SSL support.
IBM Health Checker for use of native TLS/SSL support for the TN3270 server March 2020
z/OS® V2R4 Communications Server, with TCP/IP APAR PH16144 and SNA APAR OA58255, provides a new migration health check to use with the IBM Health Checker for z/OS function. The migration health check identifies active TN3270 servers using native TLS/SSL support.
IBM zERT Network Analyzer database administration enhancements January 2020
z/OS Management Facility (z/OSMF) V2R4 with the IBM zERT Network Analyzer APAR PH16223, provides additional flexibility in IBM zERT Network Analyzer's Db2 for z/OS database schema definitions and reduces the access privileges required by the IBM zERT Network Analyzer's database user ID. The supplied database schema tooling now supports customized values for the database schema name, index names and even table names along with many other operational parameters that were already configurable.
Sysplex Automonics for IPsec December 2019
z/OS V2R4 Communications Server, with APAR PH12788, enhances the sysplex autonomics function to monitor IPsec infrastructure. You can request that sysplex autonomics delay a TCP/IP stack from joining a sysplex group until the IPsec infrastructure is active. You can also request that sysplex autonomics monitor the IPsec infrastructure after the stack has joined the sysplex group. If monitoring the IPsec infrastructure is enabled, you are alerted with new messages when the IPsec infrastructure is not operational. You can optionally configure the TCP/IP stack to also take a recovery action and leave the sysplex when it detects that the IPsec infrastructure is not active. This allows a backup TCP/IP stack to take over DVIPAs from the system that left the sysplex.
With PH16303, you can configure this function in Network Configuration Assistant (NCA).
Restrictions:
- The monitoring of the IPsec infrastructure can only be enabled for a TCP/IP stack that is using sysplex-wide security sessions (SWSA) and has the DVIPSEC parameter configured on the IPSEC statement in the TCP/IP profile.
- While the EZBDVIPA coupling facility structure is required for IPsec sysplex-wide security associations (SWSA), the ability of the TCP/IP stack to connect to or access the EZBDVIPA structure is not monitored by sysplex autonomics for IPsec. A failure related to the EZBDVIPA structure would typically be sysplex-wide. It would not be beneficial for a TCP/IP stack to leave the sysplex for a sysplex-wide failure.
- In IPsec configurations where both a primary and backup NSSD are configured for certificate services, no monitoring of the IKED connection to NSSD is done after the TCP/IP stack joins the sysplex. See the IP Configuration Guide “Sysplex Autonomics for IPsec infrastructure” for additional information.
- If your IPsec infrastructure includes the Network Security Services daemon (NSSD), and the IKED to NSSD connection uses a DVIPA as the source or destination IP address, the sysplex autonomics IPsec infrastructure monitoring function should not be enabled.
- If you use a centralized Policy Agent server for IPsec or AT-TLS policy, and the connection from the policy client to the policy server uses a DVIPA as the source or destination IP address, the sysplex autonomics IPsec infrastructure monitoring function should not be enabled.
Simplification
Communications Server exploitation of the IBM Function Registry for z/OS Dec 2022
z/OS® V2R4 Communications Server, with SNA APAR OA63555, is enhanced to register VTAM general information with the IBM Function Registry for z/OS. This information allows you to understand the extent of SNA application activity in your network.
IBM Health Checker for the removal of VTAM LSA Architecture Dec 2021
z/OS V2R5 Communications Server, with SNA APAR OA62208, provides a new migration health check to use with the IBM Health Checker for z/OS function. The migration health check identifies if VTAM Link Station Architecture (LSA) devices are in use. These devices are configured with MEDIUM=CSMACD in the XCA major node PORT statement.
Support for VTAM Link Station Architecture (LSA) devices will be withdrawn in a future release of the IBM z/OS Communications Server.
- Apply the appropriate PTF for SNA APAR OA62208
- Start the IBM Health Checker for z/OS
IBM Health Checker for the removal of DEVICE, LINK, and HOME for OSA Express connectivity December 2021
z/OS V2R5 Communications Server, with SNA APAR OA62208 and TCP/IP APAR PH40875, provides a new migration health check to use with the IBM Health Checker for z/OS function. The migration health check identifies if TCP/IP profile statements DEVICE, LINK, and HOME for OSA-Express connectivity are in use.
Support for DEVICE/LINK/HOME TCP/IP profile statements for OSA-Express connectivity will be withdrawn in a future release of IBM z/OS Communications Server.
- Apply the appropriate PTF for SNA APAR OA62208
- Apply the appropriate PTF for TCP/IP APAR PH40875
- Start the IBM Health Checker for z/OS
Hardware support
OSA-Express Enhanced Inbound Blocking June 2022
z/OS® V2R4 Communications Server, with TCP/IP APAR PH44281 and SNA APAR OA62831, OSA-Express
Enhanced Inbound Blocking (EIB) is a QDIO performance enhancement that might be beneficial for OSA interfaces with
a high volume of inbound network bulk or streaming traffic.
subsequent systems only.
Communications Server support for RoCE Express3 April 2022
z/OS V2R3 Communications Server, with TCP/IP APAR PH34117 and SNA APAR OA60855, extends the Shared Memory Communications over Remote Direct Memory Access (SMC-R) function to support the next generation IBM RoCE Express3 feature. The IBM RoCE Express3 feature allows TCP/IP stacks on different LPARs within the same central processor complex (CPC) to leverage the power of these state-of-the-art adapters to optimize network connectivity for mission critical workloads by using Shared Memory Communications technology.
Dependencies:
Shared Memory Communications - Direct multiple IP subnet support (SMC-Dv2) September 2020
z/OS V2R4 Communications Server, with TCP/IP APAR PH22695 and SNA APAR OA59152, Shared Memory Communication - Direct Memory Access (SMC-D) is enhanced to remove the same subnet restriction by exploiting SMC-Dv2.
- SMC-Dv2 is enabled with new IBM Z capability provided by the IBM Z Internal Shared Memory (ISM) function. The new ISMv2 capability is available on IBM z15. For IBM z15 T01, refer to the MCL number P46601.067 driver D41C. The ISMv2 support is in the base of the IBM z15 T02.
- The PTF for z/OS IOS PCIe Services APAR OA59235 is required. Failure to apply that PTF will result in activation failures.
Scalability and performance
IBM zERT aggregation recording interval June 2020
z/OS V2R4 Communications Server, with APAR PH25049, introduces the INTVAL/SYNCVAL sub-parameters. The interval at which the SMF 119 subtype 12 records are created will be determined by the ZERT AGGregation sub-parameter INTVAL. To resolve a display issue related to ZERT AGGregation, install APAR PH26550.
Inbound Workload Queueing (IWQ) support for IBM z/OS Container Extentions December 2019
z/OS V2R4 Communications Server, with VTAM APAR OA58300 and TCP/IP APAR PH16581, is enhanced to support inbound workload queueing for IBM z/OS Container Extensions (zCX) workloads for OSA-Express® in QDIO mode.
- This function is limited to OSA-Express6S Ethernet features or later in QDIO mode running on IBM z14.
- This function is supported only for interfaces that are configured to use a virtual MAC (VMAC) address.
Application development
SMTPD compatibility enhancements for CSSMTP December 2019
z/OS V2R4 Communications Server with APAR PH18237, enhances the Communications Server SMTP (CSSMTP)application with three new configuration parameters to provide better compatibility with SMTPD for your migrationfrom SMTPD to CSSMTP.
OSIMGMT Health Checker July 2019
z/OS V2R4 Communications Server with APAR OA57753, provides a new OSIMGMT Health Checker, ZOSMIGV2R4_Next_CS_OSIMGMT, to check whether the VTAM OSIMGMT functions are in use on this system. z/OS V2R4 is planned to be the last release to support the VTAM Common Management Information Protocol (CMIP). CMIP services is an API that enables a management application program to gather various types of SNA topology data from a CMIP application called the topology agent that runs within VTAM. IBM recommends using the SNA network management interface (NMI) to monitor SNA Enterprise Extender and High Performance Routing data.
Was this topic helpful?
Document Information
Modified date:
05 July 2023
UID
ibm10959247