z/OS : Update Réunion Guide 29 Septembre 2005 - gsefr. · PDF filez/OS : Update...

Systems and Technology Group

© 2005 IBM Corporation

29 Septembre 2005

[email protected]

z/OS : Update

Réunion Guide



� z/OS® – the mainframe operating system designed to deliver

– A highly available and security-rich base for integrating applications

– Resources optimized to meet business priorities

– Scalability for data and transaction growth

– Robust and resilient networking

– Business resiliency

� With new directions – Simplifying z/OS management

– Extending z/OS capabilities to help manage your mixed environment

Single platform

Heterogeneous

Integration

Workload management

Business resiliency & security

Heterogeneous enterprise

Virtualization

IT simplification

z/OS – IBM’s flagship mainframe operating systemProviding the difference for On Demand Business



Platform Readiness (Technology, Sub-capacity pricing (WLC))

IMS v9

CICSv3

DB2v8

System z9 or zSeries servers & zAAP

NetView ®

v5.2

Integrated Tool Set

WebSphere ®

v6WebSphere

MQ v6

z/OS 1.7 Operating System

� Be positioned for a competitive edge

– Business resiliency

– Security

– Business process integration

– Rapid deployment of enterprise-wide solutions

– Reuse of skills and resources

– Leverage, extend and integrate core applications

Platform readiness …Be ready for the next business opportunity!

zOSSUM070



Advances in I/O scale and performance� Improved FICON ® performance

Modified Indirect Data Address Word (MIDAWs)(z/OS 1.6 and z/OS 1.7)

– New system architecture designed to improve FICON performance

– Can improve FICON performance for extended format data sets – including

• DB2 queries, utilities and logs• VSAM, HFS, zFS, PDSE, IMS Fast Path, SAM-E

– Can improve channel utilization– Can improve I/O response times

� Relief for 64K device limit Multiple Subchannel Sets (MSS) (z/OS 1.7)

Up to two-times increase in the number of logical volumes for typical z/OS images

– Each z/OS image can use a second set of subchannels for defining Parallel Access Volumes (PAV) aliases

– Provide an additional 64K subchannels

z/OS Support for z9-109 � z/OS 1.4 and 1.5 - compatibility support

– 60 logical partitions1

– OSA-Express2 CDLC support1

– 63.75K subchannel1

– OSA-Express2 1000BASE-T Ethernet1

� z/OS 1.6 – exploitation – Modified Indirect Addressing (MIDAWs)– Hipersockets support of IPv6– Large send for IPv4 traffic2

– zAAP2

– CPACF enhancements– Crypto Express2 – Single system image – up to 32 engines3

� z/OS 1.7 – further exploitation– Multiple subchannel sets– z/OS 1.7 is planned to support Server Timer

Protocol*– FICON link incident reporting – Wild branch diagnosis support

1 Requires the z/OS V1.4 z990 Exploitation Support Feature or z/OS V1.4 z990 Compatibility Feature – see z/OS 1.7 Migration for more info

2 Also available on z990 and z890 3 Also available on z990

* All statements regarding IBM future direction and intent are subject to change or withdrawal without notice, and represents goals and objectives only.



World-class computing for On Demand Business * All statements regarding IBM future direction and intent are subject to change or

withdrawal without notice, and represents goals and objectives only.

Simplifying z/OS management– Easier to configure with “best practices”

– Simplified networking and network security – New user interface for z/OS management

• Statement of Direction* – planned for 4Q2005

Extending z/OS capabilities and qualities of servic e – Extending z/OS resiliency and security – Further performance optimization for TCP/IP networking – Improved scale with support for large I/O configurations

• Requires System z9-109

– Enhancements for business integration and application security

And more

Planned to be available September 2005

z/OS 1.7 Simplifying z/OS management for new IT professionals while extending z/OS robust capabilities



1.8*

1.7

1.6

1.5

1.4

x

x

x

x

x

z800

9/05*1.99/08*xxxx

9/041.89/07*xxxx

x

x

G5/G5Multiprise ®

3000

9/06*1.109/09*xxxx

3/041.83/07*xxxx

9/021.73/07xxxx

Ship Date

Coexists with

End of Servicez900z890z990z9-109

*Plannedz/OS.e – Available for z890 and z800 only

z/OS Support Summary



Simplifying z/OS management for the new generation of IT professionals

� Continue to extend the robustness and flexibility of z/OS

� Designed to automate, eliminate and simplify management tasks �z/OS management portal that is easy to use and more familiar

�Can integrate with IBM Tivoli® and other systems management products

�Task-based approach for operations and configuration

� z/OS learning center for new users– Introduces fundamental z/OS concepts and tasks

– Includes tutorials and hands-on exercises

A community project spanning the z/OS platform• Design teams from z/OS, IBM middleware and system management products• Allowing for integration of non-IBM middleware and system management products • Partnering with more than 40 z/OS customers - and growing



Simplifying z/OS management – Planned for 2005*Systems management tasks

� Operations:Management console for system health monitoring (Planned for 4Q 2005)

� Configuration:z/OS Health Checker to help configure with best practicesNew in z/OS 1.7: More checks, integrated in z/OS, and new user interface

� Maintenance:SMP/E Internet Service DeliveryCan simplify and automate service acquisition

� Security: RACF® based products to help administer security & monitor compliance– Working with Vanguard Integrity Professionals, Inc. – IBM Tivoli Administration for RACF – lower function alternative

� Networking:z/OS Network Security Configuration Assistant (Planned for Sept. 2005 via Web)

z/OS learning center for new users� New publication: z/OS Basics

– Go to ibm.com /zseries/zos, see “Library”* All statements regarding IBM's future direction and intent are subject to change or withdrawal without notice, and represent goals and objectives only.



�Simplify z/OS management for the new generation of IT professionals

�Automating, eliminating, and streamlining tasks�Easily upgradeable to OMEGAMON® solutions

Value

�Task-oriented approach with GUI front end� z/OS Health Checker data plus Tivoli Monitoring

Services base capabilities– Expert Advice– Take Action

�Configuration status metrics for z/OS resources displayed using Tivoli Enterprise Portal

– Improved ease-of-use of z/OS management– Value-add upgrades to comprehensive Tivoli

Monitoring Services products

�Planned Capabilities

New product planned to be available in 4Q 2005 for no charge to z/OS customers

Simplifying operations –New z/OS management console* (Planned for 4Q 2005)

* All statements regarding IBM's future direction and intent are subject to change or withdrawal without notice, and represent goals and objectives only.



Value

• Configuring for best practices– Helping to reduce the skill level– Helping to avoid outages

• Checks against active settings• Notifies when exceptions found • Runs on all supported releases of z/OS

� Integrated as new base function in z/OS 1.7� New SDSF panel to display and control the active

checks– Simplifies working with checks– SDSF provides scroll, search, sort, filtering and

other customization functions– Browse check output

� More checking of z/OS components– Over 50 checks available1

– New checks available in RRS, RACF, Consoles, GRS, RSM, UNIX® System Services

� Framework to support IBM, ISV, and user-written checks

– Checks can be added dynamically

� User-overrides for check defaults

Latest enhancements

1 Majority of these checks are available on prior releases

Simplifying configuration –IBM Health Checker for z/OS



Value

�Can simplify and automate service acquisition

�Can help eliminate manual tasks currently required for ordering and delivery of IBM software maintenance

�Can improve availability by helping to ensure current service and service information is readily available

�Allows you to automate ordering and delivery of PTFs and HOLDDATA

�PTFs and HOLDDATA can be processed in the same job step

�Can be triggered with a batch scheduling system (such as IBM Tivoli Workload Scheduler for z/OS) to retrieve service on a regular basis

Latest enhancements

Simplifying software maintenance –SMP/E Internet Service Delivery



Simplifying network security management Value

� Define TLS and SSL secure connections without anticipated application changes

� Easier to configure the latest networking security technologies

� Help ensure secure access to z/OS applications and data

� Easier to develop and maintain secure Web applications

� TLS and SSL support designed to be transparent to applications

– Application Transparent TLS for TLS (Transport Layer Security) and SSL (Secure Sockets Layer)

– A new function in z/OS 1.7 Communications Server

– Support for C/C++, HL ASM, COBOL, PL/I, REXX, CICS C socket, and CICS and IMS CALL instructions

� z/OS Network Security Configuration Assistant (z/OS 1.7)

– GUI for simpler and consistent configuration of IPSec and TLS technologies

– Planned to be available Sept. 2005 via Web

Latest enhancements



� Vanguard Administrator can help simplifies and enhances RACF security management

� Vanguard Analyzer is designed to assist with security system snapshots or full-scale mainframe security a udits

� Vanguard Enforcer is designed to manage and enforce security policy in z/OS and RACF

� Vanguard Advisor is designed to provide Event Detection, Analysis and Reporting capabilities for z/OS and RA CF

� Vanguard Security Center offers browser-based RACF and DB2 security administration on z/OS

IBM Reseller of Vanguard Solutions

� Complete z/OS RACF security management solution, including administration, integrity auditing, and intrusion detection and management

� Helps organizations comply with security rules and regulations

� Helps reduce the complexities of RACF administration, eliminates user errors, and enforces best practices

Value

Vanguard Security Center

� IBM Tivoli Security Administrator for RACF provides low cost, rapidly deployable RACF management solution

IBM Tivoli

Simplifying security management and complianceIBM is a reseller of Vanguard Integrity Professionals, Inc. products



Get user security information with an easy to use display and interface.

This includes enterprise systems using Vanguard’s Integrated Enterprise products.

SecurityCenter is a product of Vanguard Integrity

Professionals, Inc.

IBM is a reseller of Vanguard Integrity

Professionals, Inc . products

SecurityCenter*



What’s New!� IBM Tivoli OMEGAMON enhancements

– Combined plex and non plex into single package– Added IBM TotalStorage® DS6000 and DS8000 support– Application correlation to track transactions across systems

� NetView for z/OS v5 enhancements– Real-time capture and formatting of packet traces to help debug IP problems– Automatic intrusion detection– TCP/IP connection management

� System Automation for z/OS v2.3 enhancements– Automated Operations from OMEGAMON– GDPS® interoperation– Integrated SA/Netview setup, SA fencing– WAS V5 precanned support and automation setup

� IBM Tivoli Decision Support for z/OS v1.7– Improved reporting performance, such as service level commitment and

charge back reports– Accounting Workstation option added– IBM DB2 V8 and z/OS 1.5 support

� IBM as a reseller of Vanguard Integrity Professiona ls, Inc. products for simplifying RACF security management and compliance

Other z/OS System Management Offerings

Designed to:� Improve service levels� Decrease problem to resolution time� Help reduce cost of operations



Enhanced IP Networking � A reduced need for SNA connections

JES2 NJE support for TCP/IP• Planned for 1Q2006• JES3 support is planned for a future z/OS release*

– Can also improve availability with NJE in a separate address space– Can easily add TLS encryption using Application Transparent TLS

� High availability and optimized performanceSysplex enhancements– Better interaction with network-based load balancers

• z/OS Load Balancing Advisor– Helping direct traffic to systems that are meeting response time goals

• Improved management with WLM and Sysplex Distributor – Simplified configuration of TCP/IP in a sysplex with improved operator commandsData transfer enhancements– Can improve performance for outbound TCP/IP traffic (Rollback to 1.6)

• Supports processing offload to OSA-Express2 • Requires z9-109, z990 or z890 – Large send for IPv4 packets

– Confidence level checking for data transfer (FTP) • Can report on transfers that have completed successfully

� IPv6 support extended to• HiperSockets and Advanced Socket API (1.7) • Sysplex (1.6)

z/OS 1.7

* All statements regarding IBM's future direction and intent are subject to change or withdrawal without notice, and represent goals and objectives only.



Enterprise Network SecurityHelping to keep your data more secure

� Improved IP Security– Designed to

• Improve scale and performance• Simplify configuration and monitoring

– Integrated in z/OS Communications ServerIP filteringInternet Key Exchange (IKE)Virtual Private Network (VPN)

– Available for z/OS 1.4, 1.5, 1.6 via SPE

� NAT Traversal support (z/OS 1.7)– Designed to allow IPSec protected data to

traverse a NAT device (Uses IETF standard)

� Networking security designed to be transparent to applications (z/OS 1.7)

– Can help reduce development complexity and costs

– Define a TLS or SSL secured connection with no anticipated changes to existing applications

• For both TLS (Transport Layer Security) and SSL (Secure Sockets Layer)

• Support for C/C++, HL ASM, COBOL, PL/I, REXX, CICS sockets, and CICS and IMS CALL instructions

� Simplified configuration for networking security (z /OS 1.7)– z/OS Network Security Configuration Assistant (Web deliverable

planned for Sept. 2005)– GUI for simpler and consistent configuration of the above technologies

z/OS 1.7



� Secure encryption facility for z/OS to help protect data shared with partners, suppliers, and customers **

– Designed to leverage z/OS key management and high performance hardware encryption

� Extending user authentication management – Support for mixed-case passwords in RACF, TSO/E, FTP,

CONSOLES, and z/OS UNIX System Services – RACF pass ticket support

� Innovative new technologies– Digital Certificate life-cycle management

• Improvements to z/OS PKI services

– Cryptography• 64-bit cryptography support in ICSF

• AES support for TLS and SSL applications

� Can simplifying RACF administration and compliance management

– Products from Vanguard Integrity Professionals, Inc.

COMMON CRITERIAz/OS 1.6 with RACF is certified at EAL3+ for

- Controlled Access Protection Profile (CAPP) - Labeled Security Protection Profile (LSPP)

z/OS 1.7 with RACF is under evaluation for certification at EAL4

CERTIFICATIONS:

IDENTRUS Public Key Infrastructure (PKI) Services provided by z/OS 1.5 has achieved Identrus compliance.

Security leadership continues z/OS 1.7

Learn more about IBM mainframe security: ibm.com/zseries/security

* All statements regarding IBM future direction and intent are subject to change or withdrawal without notice, and represents goals and objectives only.



z/OS IMAGE32-way single z/OS image� Up to 32 processors in a single

logical partition (z/OS 1.6 and above)

– 32 = central processors + zAAPs– Statement of direction* for >32 way

in future z/OS release

Scale with higher availability� Up to 32 z/OS images in a

Parallel Sysplex® cluster� Scale out

– up to 60 partitions on z9-109(z/OS 1.4 and above)

Largest single z/OS image32 logical processors128 GB Real Memory

256 Channels

* All statements regarding IBM future direction and intent are subject to change or withdrawal without notice, and represent goals and objectives only.

z/OS 1.7

FILE SYSTEMS

Support for larger sequential and EXCP data sets (>64K tracks)

– Larger JES spool, and DFSMShsm™ and DFSMSrmm™ journal data sets

– Also used by: ISPF, SADMP, IPCS, AMASPZAP, DFSMSdss™, and DFSORT™

� More than 255 extents per VSAM component

– Can help reduce out-of-space failures

– Can allow you to reorganize data sets less often

I/O CONFIGURATION

z9-109 enhancements � MIDAW -

Designed to improve FICON performance

(z/OS 1.6,1.7)

� Multiple Subchannel Sets -Relief for 64 K device limit

(z/OS 1.7) – Up to two-times increase

in the number of logical volumes for z/OS images

IBM TotalStorage DS6000 & DS8000 enhancements

� Support for 64 K cylinder volumes

(z/OS 1.4 and above)

zOSSUM_240

Extending Scale and Flexibility



z/OS availability – Extending z/OS leadership

� TCP/IP high availability in a sysplex– z/OS Load Balancing Advisor - better interaction with network-based

load balancers (1.7)– Improved management with WLM and Sysplex Distributor (1.7) – Designed for IP Automatic Takeover when IP stack is not healthy (1.6)

� Help reduce the need to IPL– z/OS UNIX System Services dynamic service activation may reduce

the need to IPL – PDSE restartable address space (1.6)

• May reduce the need to re-IPL a system due to a hang, deadlock condition, or out of storage condition� Recovery assistance for catalogs, UNICODE and JES2

– Integrated Catalog Forward Recovery Utility (formerly 5798-DXQ), now incorporated into z/OS – Unicode control block recovery for certain conditions– Extensions to JES2 Checkpoint data recovery

� Business resilience– Improve GDPS options for high volume applications with Extended Remote Copy Plus (XRC+) (1.7)

• Better support for remote mirroring of high volume logging applications (e.g., IMS and CICS)

Today’s Capabilities: Up to 99.999% availability* f or System z9 and zSeries to help avoid planned and unplanned outages

* Note : Based on Parallel Sysplex implementation

z/OS 1.7



Leveraging, extending and integrating core applications� Network Security

– Define a TLS or SSL secured connection with no anticipated changes to existing applications 1.7

• New function: Application Transparent TLS• CICS Sockets enhancements

� Easier to specify options for Language Environment ® (LE) – System-level defaults can be set in parmlib 1.7– Application options can be specified in a data set or file 1.7

� UNIX file system for z/OS: zSeries File System (zFS )– zFS can be used as file system root 1.7

• HFS function has been stabilized– Supported by RMF™ to help tune zFS 1.7– Can provide improved performance and availability 1.6

� C/C++ support– XL C/C++ designed for ISO C99 Standard 1.7 – New C/C++ compiler options to exploit z9-109, z990 and z890 1.6

� z/OS UNIX System Services - Easier management– Enhancements to AUTOMOUNT, ConfigHFS, and ISHELL 1.6– New commands supported (clear, uptime) 1.6– Enhancements to superkill command 1.6

z/OS 1.7Integrating applications on z/OS



z/OS 1.7 Configuration Considerations: � zSeries File System (zFS) can now be used as the ro ot

– zFS is the strategic z/OS UNIX Systems Services file system. The Hierarchical File System (HFS) has been stabilized.

� Examine JES2 exit routines and modify if needed – Changes have been made to JES2 exit routines due to JES2 structure changes

� Support for the following has been removed:– ISAM data sets– JOBCAT and STEPCAT – JES2 compatibility mode– OS/390® 2.10 C/C++ (ISO C/C++ compiler is still supported)

� 1-byte Console IDs and external interfaces supporting migration consol e IDs have been removed from the WTO, WTOR, and MCSOPER macros; and from operator commands

– Programs compiled using older versions of the macros will continue to work� More flexible ways to specify Language Environment options

– A new parmlib member, CEEPRMxx, can be used to specify Language Environment run-time options for the system

– Can simplify the management of Language Environment options and release to release migration� The optional source materials feature will not be o ffered

See z/OS 1.7 Migration guide for more information.

Reminder: Effective January 15, 2006 the S/390® Service Update Facility (SUF) will be discontinued.

z/OS 1.7



z/OS Statements of Direction*IBM intends to

– Deliver an encryption facility for z/OS to help protect data shared with partners, suppliers, and customers

• Designed to leverage z/OS key management and high performance hardware encryption. Targeted for availability in 2005

– Provide a new user interface for z/OS management that is planned to help the new generation of IT professionals

• Planned for 4Q 2005

– Support more than 32 processors in a single logical partition on the z9-109 in the future

– Announce a version of New Application License Charges (NALC) intended to help improve the price/performance of z/OS in certain new workload environments by delivering subcapacity pricing

• Targeted for availability in 2H2006

– Introduce a new system component called z/OS XML System Services(z/OS XML). This component will be designed to provide an optimized set of services for parsing XML documents.

• Planned for a future release of z/OS

Encryption facility

Simplify z/OS management

Increase z/OS scale

Improve price/ performance

Optimize new workloads

z/OS 1.7

* All statements regarding IBM future direction and intent are subject to change or withdrawal without notice, and represent goals and objectives only.

z/OS : Update Réunion Guide 29 Septembre 2005 - gsefr. · PDF filez/OS : Update...

Documents

Transcript of z/OS : Update Réunion Guide 29 Septembre 2005 - gsefr. · PDF filez/OS : Update...