z/OS V1.11 z/OS Management Facility V1 - GSE Young ... - zos...z/OS Management Facility V1.11 –...
Transcript of z/OS V1.11 z/OS Management Facility V1 - GSE Young ... - zos...z/OS Management Facility V1.11 –...
© 2009 IBM Corporation
IBM System z
2
IBM
CICS* DataPower* DB2* DFSMS DFSMSdss DFSMShsm DFSMSrmm DS6000 DS8000 FlashCopy* GDPS* Geographically Dispersed Parallel Sysplex
The following are trademarks of the International Business Machines Corporation in the United States and/or other countries.
HiperSockets HyperSwap Language Environment IBM* IBM logo* IBM Scalable Financial Reporting IMS MVS MQSeries* NetView* Parallel Sysplex*
ProductPac* RACF* Redbooks* REXX SystemPac* System Storage System z System z10 System z9* SYSREXX Tivoli*
WebSphere* z10 z10 BC z10 Business Class z10 EC z9 z/OS* z/VM* zSeries*
Trademarks
The following are trademarks or registered trademarks of other companies. * Registered trademarks of IBM Corporation
* All other products may be trademarks or registered trademarks of their respective companies. Notes: Performance is in Internal Throughput Rate (ITR) ratio based on measurements and projections using standard IBM benchmarks in a controlled environment. The actual throughput that any user will experience will vary depending upon considerations such as the amount of multiprogramming in the user's job stream, the I/O configuration, the storage configuration, and the workload processed. Therefore, no assurance can be given that an individual user will achieve throughput improvements equivalent to the performance ratios stated here. IBM hardware products are manufactured from new parts, or new and serviceable used parts. Regardless, our warranty terms apply. All customer examples cited or described in this presentation are presented as illustrations of the manner in which some customers have used IBM products and the results they may have achieved. Actual environmental costs and performance characteristics will vary depending on individual customer configurations and conditions. This publication was produced in the United States. IBM may not offer the products, services or features discussed in this document in other countries, and the information may be subject to change without notice. Consult your local IBM business contact for information on the product or services available in your area. All statements regarding IBM's future direction and intent are subject to change or withdrawal without notice, and represent goals and objectives only. Information about non-IBM products is obtained from the manufacturers of those products or their published announcements. IBM has not tested those products and cannot confirm the performance, compatibility, or any other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products. Prices subject to change without notice. Contact your IBM representative or Business Partner for the most current pricing in your geography.
Adobe, the Adobe logo, PostScript, and the PostScript logo are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States, and/or other countries. Cell Broadband Engine is a trademark of Sony Computer Entertainment, Inc. in the United States, other countries, or both and is used under license therefrom. Java and all Java-based trademarks are trademarks of Sun Microsystems, Inc. in the United States, other countries, or both. Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in the United States, other countries, or both. INFINIBAND, InfiniBand Trade Association and the INFINIBAND design marks are trademarks and/or service marks of the INFINIBAND Trade Association. Intel, Intel logo, Intel Inside, Intel Inside logo, Intel Centrino, Intel Centrino logo, Celeron, Intel Xeon, Intel SpeedStep, Itanium, and Pentium are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries. UNIX is a registered trademark of The Open Group in the United States and other countries. Linux is a registered trademark of Linus Torvalds in the United States, other countries, or both. ITIL is a registered trademark, and a registered community trademark of the Office of Government Commerce, and is registered in the U.S. Patent and Trademark Office. IT Infrastructure Library is a registered trademark of the Central Computer and Telecommunications Agency, which is now part of the Office of Government Commerce.
© 2009 IBM Corporation
IBM System z
3
IBM Agenda
z/OS 1.11 – zAAPs and zIIPs – Statements of direction
z/OS Management Facility V1.11 – Overview – Incident Log capability – Configuration Assistant for the z/OS® Communications Server – Administration – Details
© 2009 IBM Corporation
IBM System z
5
IBM
Efficient – New user interface helps system programmers to more easily manage and administer a mainframe system
Trusted - the latest encryption technologies, centralized security certificates, and foundation for unified enterprise-wide identity and access management reduce risk of fraud.
Smart - a system that learns heuristically from its own environment and is able to anticipate and report on potential issues for predictive analysis
Responsive - communications that improve network recoverability, availability, and reduce complexity and latency of transactions
Accountable - enhanced measurement to support comprehensive control, analysis, risk management, audit, and compliance plans
Synergies - with new IBM System Storage™ DS8000® to make the most of your information asset
Availability September 2009
z/OS® Version 1 Release 11
z/OS Version 1 Release 11
© 2009 IBM Corporation
IBM System z
6
IBM
Enabled technologies, in order of introduction: Java – IBM z/OS JVM Java technology-based applications eligible for zAAP
Centralized data serving eligible for zIIP - Portions of BI, ERP, and CRM remote connectivity to DB2® V8, as well as portions of long running parallel queries, and select utilities
Network encryption on zIIP - IPSec network encryption/ decryption (with z/OS V1.8)
XML parsing – z/OS XML System Services eligible on zAAP or zIIP (w/ z/OS V1.9, V1.8 and V1.7 w/ maint.)
Remote mirror– zIIP assisted z/OS Global Mirror function (with z/OS V1.9)
HiperSockets™ Multiple Write operation for outbound large messages (w/z/OS V1.9) eligible for zIIP
Business Intelligence - IBM Scalable Architecture for Financial Reporting™ provides a high-volume, high performance reporting – can be eligible for zIIP.
Intra-server communications – z/OS CIM Server processing eligible for zIIP (with z/OS V1.11).
zAAP on zIIP capability - Optimize the purchase of a new zIIP or maximize your investment in existing zIIPs.
DB2 sort utility – DB2 utilities sorting fixed-length records using IBM's memory object sorting technique
zAAPs and zIIPs – Designed to help implement, integrate, optimize new technologies
© 2009 IBM Corporation
IBM System z
7
IBM
Example with z/OS system data and RMF metrics
CIM Client
CIM Server
CIM XML Processor
CIM HTTP Client
CIM XML Processor
CIM HTTP Server
RMF monitoring providers
z/OS OS management
providers
RMF Distributed data Server (DDS)
native z/OS data
CIM clients send requests to CIM server
CIM server responds with data to CIM client
RMF Monitor III gathers and returns metrics to the DDS
Application
Managed System
CIM is used within z/OS to communicate information on or to manage resources for system components
– The CIM client on z/OS is a programming API that enables z/OS applications written in Java for local and remote access to CIM servers.
• Java classes and Java libraries • Java-based CIM client applications on z/OS are
already eligible to execute on the zAAP – Communication is via CIM-XML over HTTP
access protocol.
IBM, ISV, or custom written applications can access CIM-enabled resources, can monitor or manage z/OS resources
– z/OS Common Information Model User's Guide • ibm.com/systems/z/os/zos/bkserv/r9pdf/#cim
CIM on z/OS
Java-based CIM client eligible for zAAP
© 2009 IBM Corporation
IBM System z
8
IBM
An example with z/OS system data and RMF metrics
CIM Client
CIM Server
CIM XML Processor
CIM HTTP Client
CIM XML Processor
CIM HTTP Server
RMF monitoring providers
z/OS OS management
providers
RMF Distributed data Server (DDS)
native z/OS data
CIM clients send requests to CIM server
CIM server responds with data to CIM client
RMF Monitor III gathers and returns metrics to the DDS
z/OS V1.11 is planned to be updated so z/OS CIM server processing is eligible to run on the System (zIIP)
– Eligible workloads include CIM server and CIM provider
– Other CIM-related workloads (such as CIM client and CIM-enabled resource systems processing) are not eligible for zIIP
Makes the development and deployment of z/OS systems management applications more attractive option
Applications that access CIM-enabled resources and providers can benefit
– Information providers include RMF™, WLM, DFSMS and BCP
– Applications include z/OS Capacity Provisioning Manager and parts of z/OS Management Facility
Java-based CIM client eligible for zAAP
CIM server
eligible for zIIP
Application
z/OS CIM server workload eligible for zIIP
© 2009 IBM Corporation
IBM System z
9
IBM What is the zAAP on zIIP capability?
A new capability that can enable System z Application Assist Processor (zAAP) eligible workloads to run on System z Integrated Information Processors (zIIPs). – For customers with no zAAPs and zIIPs
• The combined eligible workloads may make the acquisition of a single zIIP cost effective.
– For customers with only zIIP processors • Makes Java and z/OS XML System Services -based workloads
eligible to run on existing zIIPs – maximizes zIIP investment.
– Available September 25, 2009 with z/OS V1.11 and z/OS V1.9 and V1.10 (with PTF) • This new capability is not available for z/OS LPARS if zAAPs
are installed on the server.
© 2009 IBM Corporation
IBM System z
10
IBM Maximize your specialty engine investment
Can enable you to run zIIP- and zAAP-eligible workloads on the zIIP. – Optimize the purchase of a new zIIP – Maximize your investment in existing zIIPs. – Can help simplify systems management by reducing the
need to plan for and manage multiple types of specialty engines
Customers who have already invested in zAAP, or have invested in both zAAP and zIIP processors, should continue to use these as this maximizes the new workload potential for the platform. – This new capability is not available for z/OS LPARS if
zAAPs are installed on the server
© 2009 IBM Corporation
IBM System z
11
IBM How to enable the zAAP on zIIP capability
The capability ships default enabled with z/OS V1.11. – Parameter in IEASYSxx: ZAAPZIIP = YES (default in z/OS V1.11) – If you wish to disable the function for any reason, you must IPL with ZAAPZIIP=NO in
the IEASYSxx Parmlib member.
Also available with z/OS V1.9 and V1.10 – With PTF for APAR OA27495, and – Enabled with ZAAPZIIP=YES in the IEASYSxx Parmlib (the default is NO)
This new capability does not remove the requirement to purchase and maintain one or more general purpose processors for every zIIP processor on the server. – This part of the IBM terms and conditions surrounding the IBM System z specialty
engines is unchanged.
© 2009 IBM Corporation
IBM System z
12
IBM Example 1: zAAP on zIIP**
CPs only, NO zAAPs NO zIIPs
CPs zIIP
** For illustrative purposes only, your results will vary. This new capability is not available for z/OS LPARS if zAAPs are installed on the server
CPs
All workloads on general purpose
processors
Small amount of zIIP
and zAAP eligible work
White space
General purpose workload
White space
Can enable you to run zIIP- and zAAP-eligible workloads on the zIIP. – Optimize the purchase of a new zIIP
The potential to run these workloads on a zIIP Java via the IBM SDK (IBM Java Virtual Machine (JVM)),
exploiters include portions of : – WebSphere Application Server – IMS™
– DB2 – CICS® – Java batch – CIM Client applications
z/OS XML System Services, exploiters include portions of: – DB2 9 (New Function Mode) – Enterprise COBOL V4.1 – Enterprise PL/I V3.8 – IBM XML Toolkit for z/OS, V1.9 and later – CICS TS V4.1
Portions of DB2 V8 for z/OS, DB2 9 for z/OS for: – Data serving – Data Warehousing – Select utilities
Protions of z/OS Communications Server for: – Network encryption – HiperSockets for large messages
z/OS CIM server Some ISV workloads – see your ISV
ZAAPZIIP=YES
zAAP eligible zIIP eligible
CPs and zIIP
© 2009 IBM Corporation
IBM System z
13
IBM Example 2: zAAP on zIIP**
CPs and zIIPs
CPs zIIPs
** For illustrative purposes only, your results will vary. This new capability is not available for z/OS LPARS if zAAPs are installed on the server
CPs
General purpose workload
Some amount zAAP
eligible work
White space
General purpose workload
White space
Can enable you to run zIIP- and zAAP-eligible workloads on the zIIP.
– Maximize your investment in existing zIIPs.
Potentially ADD the following workloads to your existing zIIPs
Java via the IBM SDK (IBM Java Virtual Machine (JVM)), exploiters include portions of :
– WebSphere® Application Server – IMS™
– DB2 – CICS® – Java batch – CIM Client applications
z/OS XML System Services, exploiters include portions of:
– DB2 9 (New Function Mode) – Enterprise COBOL V4.1 – Enterprise PL/I V3.8 – IBM XML Toolkit for z/OS – CICS TS V4.1
zIIP
ZAAPZIIP=YES
© 2009 IBM Corporation
IBM System z
14
IBM zAAP is still available!
Customers with zAAPs should continue to invest in zAAPs – Maximizes the new workload potential for the platform.
This new capability is not available for z/OS LPARS if zAAPs are installed on the server. – If there are any zAAPs installed on the server, then the ZAAPZIIP=YES
cannot be honored for any z/OS partition on that server. At this point IBM does not recommend converting zAAPs to
zIIPs in order to take advantage of the zAAP on zIIP capability – zAAPs have a 5 year history, some application or middleware may have
zAAP-specific code dependencies • For example: code may count the number to zAAP engines for multithreading
performance optimization – Customer planning and testing is recommended before eliminating all
zAAPs as there may be some application code dependencies which may effect performance
© 2009 IBM Corporation
IBM System z
15
IBM Plan your zAAP on zIIP workloads accordingly
Remember: You must purchase and maintain one or more general purpose processors for every zIIP processor on the server.
Use the zPCR (Processor Capacity Reference for IBM System z) tool – zPCR is a Windows-based productivity tool, designed to provide capacity
planning insight for IBM System z processors running various workload environments under z/OS, z/VM®, and Linux for System z. Capacity results are based on IBM’s LSPR (Large Systems Performance Reference) data.
Use PROJECTCPU – Once the zAAP on zIIP capability is
engaged, PROJECTCPU will just measure zIIP-eligible work.
– It will not distinguish between what was once zAAP-eligible workload and zIIP-eligible workload. For illustrative purposes only, your results will vary.
ASSUMES no zAAPs on the server. This new capability is not available for z/OS LPARS if zAAPs are installed on the server
---APPL %--- CP 162.08 AAPCP 0.00 IIPCP 129.39
AAP 0.00 IIP 320.93
© 2009 IBM Corporation
IBM System z
16
IBM When is zAAP on zIIP capability NOT available?
z/OS LPARs = This new capability is not available for z/OS LPARS if zAAPs are installed on the server. – Why? The zAAP on zIIP capability is intended to enable the zAAP eligible work to
run on zIIP when no zAAP is defined. It is not intended to provide an overflow so additional zAAP eligible workload can run on the zIIP.
– If you have zAAPs on the server and zAAP on zIIP is enabled, then z/OS will not honor zAAP on zIIP and workloads will be dispatched as normal on zAAP and zIIP engines.
z/OS as a guest of z/VM = This new capability is not available if zAAPs are defined in the virtual machine for z/OS. – This type of scenario, where z/OS is a guest of z/VM,
may be useful as a test environment.
© 2009 IBM Corporation
IBM System z
17
IBM When to use zAAP on zIIP capability
Current condition, if you have…. Then…
No zIIPs or zAAPs Consider zIIPs to support both zAAP and zIIP eligible workloads. As you plan your workloads, please keep the 1:1 zIIP-to-CP ratio in mind.
zAAPs only
Continue to use zAAP for zAAP-eligible workloads. If you have zIIP-eligilble workloads, you may want to consider a zIIP as well. zAAP on zIIP capability is not available for z/OS LPARs when zAAPs are installed on the server. At this time IBM does not recommend converting zAAPs to zIIPs.
Both zAAPs and zIIPs
Continue to use both zAAP and zIIP in support of the applicable workloads. zAAP on zIIP capability is not available for z/OS LPARs when zAAPs are installed on the server. At this time IBM does not recommend converting zAAPs to zIIPs.
zIIPs only Use zIIPs to meet your increasing zIIP eligible workloads and in support of any zAAP eligible workloads that you may have. Get zIIPs if you are not approaching the 1:1 zIIP-to-CP ratio. All zAAP- and zIIP-eligible workloads may execute on zIIP.
© 2009 IBM Corporation
IBM System z
18
IBM Statements of Direction* IBM plans to discontinue delivery of software on 3480, 3480 Compressed (3480C), and 3490E
tape media. (SOD August 2008) IBM intends to provide the capability to deliver the z/OS Customized Offerings (such as
ServerPac, CBPDO, Customized Offerings Driver, SystemPac®, ProductPac®) and service orders on DVD media. Though IBM recommends using Internet delivery when ordering z/OS products or service, eliminating tape handling, the option to specify DVD physical delivery may provide an option for those who cannot accept Internet delivery.
Order z/OS over the Internet. Did you know there are now more shipments of z/OS via the Internet than by tape? For more information see the Internet delivery website.
IF you have IBM 3590 and 3592 Enterprise Tape or IBM System Storage TS1120 Tape drives in-house THEN please order z/OS on 3590 and 3592 tape media.
– Using high-density media makes it much easier to handle and install z/OS because there are much fewer tapes to manage!
* Statements regarding IBM future direction and intent are subject to change or withdrawal, and represents goals and objectives only.
http://www-03.ibm.com/systems/z/os/zos/serverpac_internet_delivery.html
© 2009 IBM Corporation
IBM System z
19
IBM
August, 2004, IBM announced its intent to withdraw support for VSAM IMBED, REPLICATE, and KEYRANGE attributes in a future release. Based on customer feedback, IBM no longer plans to remove this support from z/OS in the foreseeable future. IBM still recommends that you stop using these attributes and plans to remove IMBED and REPLICATE attributes during logical DFSMSdss restore operations and DFSMShsm recall operations.
IBM intends to update z/OS with support for the latest Internet Key Exchange protocol, version 2 (IKEv2), as defined by industry standards documented in RFC4306, "Internet Key Exchange (IKEv2) Protocol," and RFC4718, "IKEv2 Clarifications and Implementation Guidelines”
IBM intends to update the Security Server RACF component of z/OS to support certificates with longer distinguished names. This function is planned to be made available on z/OS V1.10 and z/OS V1.11.
z/OS V1.11 Communications Server is designed to address FIPS 140-2 requirements for SSL/TLS connections via the Application Transparent Transport Layer Security (AT-TLS) component. The native SSL/TLS support in the TN3270 server and FTP client and server will not be enhanced to address FIPS 140-2 requirements. Customers who need to provide SSL/TLS-secured TN3270 and FTP connections that are designed to be consistent with FIPS 140-2 requirements are advised to use AT-TLS for this purpose.
In a future release of z/OS, IBM intends to make RFC4301 compliance mandatory. The Configuration Assistant for z/OS Communications Server includes functions to assist with identifying and making network configuration changes.
IBM plans to remove the Enhanced PSP Tool, host compare program, and the associated extract files from the IBM Technical Support Web site effective December 31, 2010. The Enhanced PSP Tool's function has been replaced by the addition of FIXCAT (fix category) information to Enhanced HOLDDATA and the REPORT MISSINGFIX function introduced in z/OS V1.10 SMP/E (SMP/E for z/OS V3.5 (5655-G44)).
* Statements regarding IBM future direction and intent are subject to change or withdrawal, and represents goals and objectives only.
Statements of Direction*
© 2009 IBM Corporation
IBM System z
20
IBM Statements of Direction* The last release of z/OS to support Run-Time Library Services for Language Environment was z/OS
V1.5. In the release following z/OS V1.11, IBM plans to remove the underlying CSVRTLS services from z/OS. A way to track its usage, and to enable you to find any programs that might be using these services, is planned to be made available for z/OS V1.9 and V1.10, and included in V1.11 orders with APAR OA29019 in September 2009.
The msys for Setup element of z/OS is planned to be removed in the release following z/OS V1.11. IBM intends to continue to deliver improvements to help with z/OS setup and configuration in the future.
In a future release, IBM plans to withdraw support for z/OS Distributed Computing Environment (DCE) and Distributed Computing Environment Security Server (DCE Security Server). IBM recommends the IBM WebSphere Application Server, the IBM Network Authentication Service, and/or the IBM Directory Server as replacement strategies for each of the DCE technologies. See the DCE Replacement Strategies Redbook for more details: http://www.redbooks.ibm.com/redbooks/pdfs/sg246935.pdf
In a future release, IBM plans to withdraw support for the z/OS Distributed File Service support that utilizes the Distributed Computing Environment (DCE) architecture. IBM recommends the z/OS Network File System (NFS) implementation as the replacement. The Distributed File Service also supports the Server Message Block (SMB) architecture. Support for SMB remains, and is not affected by this withdrawal of support.
In a future release, IBM plans to withdraw support for z/OS UNIX System Services Connection Scaling, specifically the Connection Manager and Process Manager components.
z/OS V1.11 is the last release for which SDK1.4 (5655-I56) support is planned. For more information about z/OS Java SDK products see : http://www.ibm.com/servers/eserver/zseries/software/java/
* Statements regarding IBM future direction and intent are subject to change or withdrawal, and represents goals and objectives only.
© 2009 IBM Corporation
IBM System z
22
IBM
Needs: – There was no central system
management portal for z/OS
– There are many interfaces foreign to users new to platform
– There are manual tasks requiring extensive documentation
– Requires years of z/OS experience to be productive
z/OS Management Facility V1.11
© 2009 IBM Corporation
IBM System z
23
IBM z/OS Management Facility V1.11 The IBM z/OS Management Facility is a new
product for z/OS that provides support for a Web-browser based management console for z/OS.
Helps system programmers to more easily manage and administer a mainframe system by simplifying day to day operations and administration of a z/OS system.
More than just a graphical user interface, the z/OS Management Facility is the infrastructure for addressing the needs of your workforce
– Automated tasks can help reduce the learning curve and improve productivity.
– Embedded active user assistance (such as wizards) guides you through tasks and helps provide simplified operations.
© 2009 IBM Corporation
IBM System z
24
IBM
Address the needs for a mixed skilled workforce.
Make System Programmers who are new to the mainframe productive more quickly by: – Providing a modern browser-based user interface that is more familiar to those
new to the platform – Automating tasks, thus reducing the learning curve – Embedding active user assistance in the UI (e.g., wizards that guide users
through tasks, interactive troubleshooting aids).
Make experienced System Programmers more productive by: – Making functions easier – z/OS Management Facility is optional for those who
prefer traditional interfaces
Focus on System Programming
© 2009 IBM Corporation
IBM System z
25
IBM
Problem Management and Analysis
Monitoring health; identifying real and potential problems
Analyzing and resolving problems
Configuration
Adding or changing system components; enabling new features; defining and updating policies that affect system behavior.
Simplify and modernize the System Programmer User Experience Deliver solutions in a task-oriented browser-based user interface with integrated user assistance
Information Finding the information needed to use z/OS
z/OS Management Facility Focus areas for simplification
© 2009 IBM Corporation
IBM System z
26
IBM
Browser
IBM z/OS Management Facility z/OS application, browser access
HTTP(s)
z/OS
z/OS Management
Facility application
z/OS Management Facility is an application on z/OS – Manages z/OS from z/OS – Browser communicates with z/OS MF via secure connection, anywhere, anytime
© 2009 IBM Corporation
IBM System z
27
IBM
Browser
IBM z/OS Management Facility Industry standards
HTTP(s)
z/OS V1.10 or V1.11 LPAR
App. server
z/OS MF app Servlets DOJO/Java script
z/OS elements
CIM System REXX™
RACF®
and others
z/OS Management Facility is based on industry standards – Java™ and Dojo
• Dojo is an Open Source DHTML toolkit written in JavaScript. Dojo allows you to build dynamic capabilities into web pages and any other environment supporting JavaScript.
© 2009 IBM Corporation
IBM System z
28
IBM
Browser
IBM z/OS Management Facility Specialty Engines
HTTP(s)
z/OS V1.10 or V1.11 LPAR
App. server
z/OS MF app Servlets DOJO/JAVA script
z/OS elements
CIM System REXX RACF and others
Java apps and Java-
based CIM client
eligible for zAAP
z/OS CIM server eligible for zIIP
(R11 only)
Parts of z/OS Management Facility, such as the Incident log capability, use Java and CIM
© 2009 IBM Corporation
IBM System z
29
IBM Guest view Login
Welcome page when user first accesses the URL and has not logged in yet
To log in you will need a z/OS userID that has been defined and enabled to for z/OSMF (and the WebSphere® runtime environment)
– Guidance is provided.
© 2009 IBM Corporation
IBM System z
30
IBM IBM z/OS Management Facility Welcome page
z/OSMF Administration category for the administrator: – Authorization services for administrator to add z/OSMF users and roles – Allows the administrator to dynamically add links to non-z/OSMF resources,
e.g. ISV products, commonly used installation Web sites Configuration category with Configuration Assistant for z/OS
Communication Server • Simplified configuration and setup of TCP/IP policy-based networking
functions Links category:
– Provides common launch point for accessing resources beyond the z/OSMF – Some links are pre-defined in the product.
Problem Determination category with the Incident Log task – The Incident Log provides a consolidated list of SVC Dump related problems,
along with details and diagnostic data captured with each incident. It also facilitates sending the data for further diagnostics.
© 2009 IBM Corporation
IBM System z
31
IBM
Pain Points – Need to troubleshoot a live system, recover from an apparent failure.
– Need to reduce risk to the business, reduce risk of re-occurrence. – Complexity of performing the task (number of steps, jargon). – Data collection very time-consuming
– Significant skill level needed to analyze problems, interact with IBM and ISVs to obtain additional diagnostic info (setting SLIP traps, traces, etc.)
Initial focus on Problem Determination capability - Incident Log: – Troubleshoot your system easier, faster – The incident log and underlying z/OS diagnostic data gathering greatly improves the tasks
related to: • Identifying system-detected problems (those related to SVC dumps taken by the system) • Collecting diagnostic materials related to a problem and sending materials to IBM or
another company's support area • Telling the system to take the next dump for a previously-recognized problem
z/OSMF Problem Determination
© 2009 IBM Corporation
IBM System z
32
IBM z/OSMF Problem Determination – Incident log Benefits
Without z/OSMF** With z/OSMF** Recognizing a system-detected (dumped) problem occurred
Requires 5 to 7 manual steps, plus skill on effective use of IPCS to extract data from each of the dumps.
Up to 5-6 minutes
Display in 1 click. Greatly reduced skill required
As little as 5 seconds
Collecting and sending diagnostic data
Requires 7 to 15 manual steps, plus skill to locate the right log files, build and run jobs, rename the output datasets, and use an FTP job to send the different data sets to the target destination.
Up to 20 minutes Up to 30 minutes for sysplex components
Send the material in 8 clicks: Select the incident materials Specify the FTP destination information Send the material Check whether the information was FTP’d
successfully As little as 30 seconds
Allow new dump to be taken for the same symptom
Requires 7 to 12 manual steps, plus skill on effective use of IPCS to locate the dump data set, obtain the symptom string, get into the IPCS DAE display, locate the matching symptom string (could be non-trivial) and indicate TakeNext on the IPCS display Up to 15 minutes
Make the update happen in 3 mouse clicks
As little as 10 seconds
** Based on IBM laboratory results, your results may vary
“So easy, even Marketing can use it!” – Gita Grube Berg, IBM System z® Marketing
© 2009 IBM Corporation
IBM System z
33
IBM
Auto-capture basic diagnostic materials, triggered when the dump is written to a data set, managed via parmlib member
– Initial focus is on Abend and user initiated SVC dumps – Improved FFDC for system-detected problems; – Diagnostic data “snapshots” for transient data;
• Snapshots of 30 min Operlog, • 1 hr Logrec detail, and • 24-hour Logrec summary
– Allow doc to be FTP'd to IBM (or ISV) without having to keep track of where logs are archived via easy to use interface
– Simplify informing DAE to take the next dump for the selected incident's symptom string
Functions include: – Display list of incidents (Filter/sort/configure table) – Set properties (associate problem number and tracking id) – Display properties – view list of diagnostic data, logs – Send diagnostic data via FTP, define FTP Profiles (firewall) – Manage ftp jobs status –View, Cancel Job, Delete Status – Allow next dump – Delete incident
z/OSMF Problem Determination – Incident Log Details
© 2009 IBM Corporation
IBM System z
34
IBM Incident Log – Summary Information
Set the duration
Many fields, set tracking IDs
Popup with actions
© 2009 IBM Corporation
IBM System z
35
IBM Incident Log – Incident Details
Tab shows lists of data (logrec and error log)
© 2009 IBM Corporation
IBM System z
37
IBM Incident Log – Send Diagnostic Data
Wizard guides you through
© 2009 IBM Corporation
IBM System z
38
IBM Incident log - Destinations
Pre-loaded with IBM destinations, or add your own
© 2009 IBM Corporation
IBM System z
40
IBM
Pain Points – Configuration task is highly fragmented
• Multiple tools, limited integration between tools – User interfaces not intuitive for new system programmers – Syntax is complicated and error-prone – Regression of dynamic changes not reflected in system control files – Difficult to assess impact of configuration changes
Initial focus on Configuration Assistant for the z/OS Comm. Server – A GUI application that simplifies the configuration and setup of the following TCP/IP
policy-based networking functions: • Application Transparent TLS (AT-TLS) • IP Security (IPSec) including filters and VPNs • Network Security Server(NSS) • Intrusion Detection Services (IDS) • Policy-based Routing (PBR) • Quality of Service (QoS)
z/OSMF Configuration
© 2009 IBM Corporation
IBM System z
41
IBM
A GUI that you can use to generate configuration files for z/OS Application Transparent-Transport Layer Security (AT-TLS), IP Security (IPSec), Network Security Services (NSS), Policy Based Routing (PBR), Quality of Service (QoS), and Intrusion Detection Services (IDS).
Originally available as a Microsoft® Windows® Web download since z/OS V1.7 – Functions have grown over time – Still available as a Windows download, but strategy is to provide it only with z/OSMF – All functions available with Windows are also provided with z/OSMF – If you are familiar with the Windows GUI, the Configuration Assistant on z/OSMF is essentially the
same
Now available with z/OSMF V1.11 and z/OS V1.11 – Configuration files can now be saved to local disk storage that is accessible to your z/OS system
where the Configuration Assistant is running so FTP (from Windows) is not required – Can also import configuration text files in cases where users have already defined policies and
would like to begin using the Configuration Assistant – z/OSMF V1.11 and z/OS V1.10 users will not see the Config Assistant for the z/OS Comm Server
Configuration Assistant for z/OS Comm. Server
© 2009 IBM Corporation
IBM System z
42
IBM
Do you need to protect your enterprise data over the network with IP Security or Application Transparent TLS?
Have you considered protecting your system from misuse from the network with Intrusion Detection Services and then using the Defense Manager Daemon to apply defensive filters?
If so, you know that these functions can be quite complex to understand and also to set up You can pour over manuals or you can use a great tool to help you configure your policies
and set up the environment to run these important functions right on the z/OS systems your configuring!
Use The Configuration Assistant for z/OS Communications Server application on z/OSMF Helps users build their networking policies and then generates configuration text files for
installation Guides users through setup tasks for the policy-base environment, including generation of
configuration files, sample started procedures, and RACF profiles
Configuration Assistant for z/OS Comm. Server Value
© 2009 IBM Corporation
IBM System z
43
IBM
Create configuration files for any number of z/OS images with any number of TCP/IP stacks per image.
Select the TCP/IP stack that you want to configure and the technology, such as AT-TLS or IPSec.
Click on "Action" and select "Configure" to begin configuring that technology.
Configuration Assistant for z/OS Comm. Server
© 2009 IBM Corporation
IBM System z
44
IBM Configuration Assistant for z/OS Comm. Server (V1.11) Simplified AT-TLS Dialog
Simplified AT-TLS dialog
– Define AT-TLS from the application level
– Added a list of well- known applications with predefined rules
– Simple “click” to enable
– Rules can be modified or copied and modified
© 2009 IBM Corporation
IBM System z
45
IBM Configuration Assistant for z/OS Comm. Server (V1.11) Updates to z/OS System SSL
Using the latest security provided by z/OS System SSL is a key click away
© 2009 IBM Corporation
IBM System z
46
IBM Configuration Assistant for z/OS Comm. Server (V1.11) Simplified IPSec
Simplified IPSec Requirement Map
– Simplified panel to show more clearly that a requirement map was a Traffic Descriptor and a Security Level
– New “advanced wizard” to allow for easier panel navigation
© 2009 IBM Corporation
IBM System z
47
IBM Configuration Assistant for z/OS Comm. Server (V1.11) New Application setup tasks
“Application Setup” task panel is a customized set of tasks (step-by-step) for each policy perspective to deploy the applications required for that function
There are both image-level and stack-level setup tasks.
© 2009 IBM Corporation
IBM System z
48
IBM Configuration Assistant for z/OS Comm. Server (V1.11) Setup tasks – setting the base location for definition files
Base locations specify a z/OS UNIX® file directory or a PDS(E) library for storing the policy-related definitions that are created by the Configuration Assistant.
There are both image-level and stack-level base locations.
This example uses a PDS library.
© 2009 IBM Corporation
IBM System z
49
IBM
Define policies in one place (or read/ update existing policies) and apply them uniformly across the z/OS network
Uses z/OS Communications Server policy agent to create, manage, and distribute policies
IPSecurity, Application Transparent Transport Layer Security, Intrusion Detection Services, Quality of Service, Network Security Services, TCP/IP Policy-Based Routing
Policy-based networking IP Filtering to block
unwanted traffic from entering or leaving your z/OS system
Protection against “bad guys” trying to
attack you z/OS system
Making sure high-priority applications also get high-priority
processing by the network
Providing secure end-to-end IPSec VPN tunnels on z/OS
Connection-level security for TCP
applications without application changes
Application-specific selection of outbound interface and route
(policy based routing)
Application Transparent -TLS and IPSec – Simplified development and maintenance of security-rich Web apps – centralized configuration of AT-
TLS and IPSec can help you secure the network data with no application modification. • AT-TLS = for FTP and TN-3270 (1.9), for SASP Load balancing advisor (1.10), support for new SSL function(1.11*)
Quality of Services & Intrusion Detection Services (1.8) – Quality of Service policies help maintain network traffic prioritization – IDS policies help you detect and report suspicious network activities
Network Security Services (NSS) (1.9) – Provides single, centralized certificate storage, monitoring, and managing services for IPSec cross-
systems or cross-sysplex • NSS for WebSphere DataPower® appliance ID authentication and access checks (1.10), additional services (1.11*)
TCP/IP Policy-Based Routing (PBR) (1.9) – Outbound network traffic can be separated by application needs – Allows TCP/IP stack to make routing decisions based on job name, ports, protocol (TCP or UDP),
source IP address, NetAccess security zone, and security label
Defensive filtering (1.10) – Defensive filters (temporary security policies) can be quickly deployed to defeat network attacks
Centralized policy-based networking z/OS Communications Server
© 2009 IBM Corporation
IBM System z
50
IBM
z/OSMF Authorization – defining users and roles – The z/OSMF administrator must define the user to z/OSMF and assign a role in
order for the user to start working with z/OSMF tasks – The user must have a valid userid on the z/OS system
Adding Links – Allows the administrator to dynamically add links to non-z/OSMF resources, e.g.
ISV products, commonly used installation Web sites
Focus on z/OSMF Administration
© 2009 IBM Corporation
IBM System z
51
IBM z/OSMF Administration: Adding a z/OSMF user
View all users Click on "Action" and select “New" to add a user to z/OSMF
Scripts are provided. They encompass everything that is required define additional users , end to end, authorization they may require so that you can easily enable more users. For example, use the sample scripts to generate and submit the RACF commands needed to connect user to Configuration Assistant and/or Incident Log.
© 2009 IBM Corporation
IBM System z
52
IBM z/OSMF Administration - Users
User ID = RACF user ID Name = any name
© 2009 IBM Corporation
IBM System z
53
IBM z/OSMF Administration: Defining a role
Select individual tasks and subtasks for each user.
© 2009 IBM Corporation
IBM System z
54
IBM z/OSMF Administration: Adding a link
Define the documentation
Need to share sensitive information with a team?
Select who can see it
© 2009 IBM Corporation
IBM System z
55
IBM Focus on Links
This category contains the pre-defined links provided by IBM as well as any new links added by the z/OSMF administrator
The links are available to all users of z/OSMF
Administrator can define which roles have access to each of the defined links.
The IBM pre-defined links are accessible to all users, including guests, by default.
© 2009 IBM Corporation
IBM System z
56
IBM Client side environment checking tool
Your browser connects to the z/OS Management Facility and checks the browser settings
© 2009 IBM Corporation
IBM System z
57
IBM
z/OSMF V1R11 operating environment – One instance of z/OSMF can manage only one local system or sysplex – Multiple users may log into the same instance of z/OSMF from different
workstations/browsers • Expectation is to support up to 15 concurrent users
– From one client system, user can manage additional sysplexes by opening new browser windows (or tabs) and logging into the z/OSMF instance installed on those sysplexes (one browser per system/sysplex).
– Only one active instance of z/OSMF is supported within a sysplex at any point in time.
• Additional instance may be created e.g for test or service update or backup, but it should not be actively managing the systems at the same time (e.g. working on the same incident concurrently from 2 separate instances of z/OSMF) or using the same data repository.
Additional details on usage
© 2009 IBM Corporation
IBM System z
58
IBM
z/OS Management Facility required z/OS V1 R10 and later – z/OS V1R10 requires additional service, as defined in the program directory
The Configuration Assistant for z/OS Communications Server portion of z/OS Management Facility requires z/OS V1.11 or later.
Client machine (no client machine install requirements) – Windows XP® operating system and later – Supported browsers:
• Mozilla Firefox 3.0.6 (recommended) • Mozilla Firefox 2 • Internet Explorer® 7 • Internet Explorer 6
Prerequisites
© 2009 IBM Corporation
IBM System z
59
IBM Migration & Coexistence Considerations
In a mixed sysplex with some systems below z/OS V1R10: – z/OSMF V1R11 must be installed and run on z/OS V1R10 or above
– Incident Log: z/OS V1R9 system’s SVC dumps will be reflected, but with some property values missing
Configuration Assistant is only supported on z/OSMF V1R11 running on a z/OS V1R11 system.
z/OSMF can coexist with other ISV products – For example, all setup instructions are provided for RACF, but z/OSMF will operate
with other security products with equivalent instructions
© 2009 IBM Corporation
IBM System z
60
IBM Summary
IBM z/OS Management Facility (z/OSMF) V1R11 is a new product for z/OS customers.
z/OSMF will make the day to day operations and administration of the mainframe z/OS systems easier to manage for both new and experienced system programmers.
Delivers solutions in a task oriented, Web browser based user interface.
The initial functions include z/OSMF Administration, Incident Log, Configuration Assistant for z/OS Communication Server and Links
© 2009 IBM Corporation
IBM System z
61
IBM Additional information z/OS Management Facility, overview
– ibm.com/systems/z/os/zos/zosmf/ IBM z/OS Management Facility education modules in IBM Education Assistant
– When available
z/OS Hot Topics, Issue 21: – ibm.com/systems/z/os/zos/bkserv/hot_topics.html – z/OS Simplifies Your Life … An introduction to z/OSMF – What’s in your (incident) log? An introduction to the z/OSMF Incident Log – Setting up Operlog and Logrec for z/OSMF Incident Log – Removing the Mystery on using System Logger for z/OSMF
Program Directory for z/OS Management Facility GI11-2886-00
IBM z/OS Management Facility License Information GC52-1263-00
IBM z/OS Management Facility User's Guide SA38-0652-00
IBM WebSphere Application Server OEM Edition for z/OS Configuration Guide, Version 7.0, GA32-0631-00
© 2009 IBM Corporation
IBM System z
62
IBM z/OSMF packaging
z/OSMF V1R11 is comprised of: PID# 5655-S28 S/S PID# 5655-S29 FMID# HSMA110 FMID# HBBN700 (IBM WebSphere Application Server OEM Edition for z/
OS v7.0) – COMPID 5655I3512 - WEBS APP SVR OEM
HSMA110 FMID Description: IBM z/OS Management Facility – COMPID 5655S28SM – z/OSMF Core – COMPID 5655S2805 – z/OSMF Incident Log – COMPID 5655S28CA –Config Assist
ZSP03214-USEN-0
© 2009 IBM Corporation
IBM System z
63
IBM z/OS Version 1 Release 11 ... ... and z/OS Management Facility Version 1 Release 11
... simplified management A new face for z/OS, the z/OS Management Facility
(5655-S28) helps improve administrator, operator, and developer productivity, and ultimately provide less opportunity for error.
... failure avoidance Predictive failure analysis is designed to help provide
early warning about system trends that can cause system or application impacts, in many cases before they impact your business.
.... responsive networking New z/OS Communications Server designs improve
networking in a Parallel Sysplex, enable more efficient workload distribution, and help improve the quality of the load balancing in multitiered z/OS server and application environments.
... trusted system The ability to implement centralized authentication,
create a comprehensive audit and risk management plan, configure secure networks, and centrally manage digital certificate lifecycle can not only help reduce the risk from fraud and security breaches, but also help meet industry compliance guidelines.
... accountability Superior measurement and data collection and reporting
capabilities are updated and can be used for comprehensive risk management, auditing, and compliance plans.
A new identity propagation function can allow z/OS subsystems (like CICS TS V4.1) to associate distributed identities to RACF for improved cross-platform interoperability and accounting capabilities.
....improved economics and optimization Also, z/OS V1.11 is enhanced with a new function that can
enable System z Application Assist Processor (zAAP) eligible workloads to run on System z Integrated Information Processors (zIIPs).
z/OS CIM (Common Information Model) server processing eligible for System z Integrated Information processor (zIIP).
IBM DB2 for z/OS Version 8 or DB2 9 DB2 utilities is updated to enable part of sort utility processing to run on a zIIP.