z/os trends and directions - ibm€¦ · z/os trends and directions colin paice...

© 2008 IBM Corporation IBM SystemsIBM Systems

z/OS trends and directions

Colin [email protected]

222-Jun-08

© 2008 IBM Corporation

AIX*CICS*DataPower*DB2*DFSMSDFSMSdssDFSMShsmDFSMSrmmDFSORT*DRDA*DS6000DS8000FICON*

The following are trademarks of the International B usiness Machines Corporation in the United States a nd/or other countries.

The following are trademarks or registered trademar ks of other companies.

* All other products may be trademarks or registered trademarks of their respective companies.

Java and all Java-related trademarks and logos are trademarks of Sun Microsystems, Inc., in the United States and other countriesLinux is a trademark of Linus Torvalds in the united States and other countries..UNIX is a registered trademark of The Open Group in the United States and other countries.Microsoft and Excel are registered trademarks of Microsoft Corporation in the United States and other countries.

Notes : Performance is in Internal Throughput Rate (ITR) ratio based on measurements and projections using standard IBM benchmarks in a controlled environment. The actual throughput that any user will experience will vary depending upon considerations such as the amount of multiprogramming in the user's job stream, the I/O configuration, the storage configuration, and the workload processed. Therefore, no assurance can be given that an individual user will achieve throughput improvements equivalent to the performance ratios stated here. IBM hardware products are manufactured from new parts, or new and serviceable used parts. Regardless, our warranty terms apply.All customer examples cited or described in this presentation are presented as illustrations of the manner in which some customers have used IBM products and the results they may have achieved. Actual environmental costs and performance characteristics will vary depending on individual customer configurations and conditions.This publication was produced in the United States. IBM may not offer the products, services or features discussed in this document in other countries, and the information may be subject to change without notice. Consult your local IBM business contact for information on the product or services available in your area.All statements regarding IBM's future direction and intent are subject to change or withdrawal without notice, and represent goals and objectives only.Information about non-IBM products is obtained from the manufacturers of those products or their published announcements. IBM has not tested those products and cannot confirm the performance, compatibility, or any other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products.Prices subject to change without notice. Contact your IBM representative or Business Partner for the most current pricing in your geography.

* Registered trademarks of IBM Corporation

FlashCopy*GDPS*Geographically Dispersed Parallel SysplexHiperSocketsHyperSwapIBM*IBM logo*IMSLanguage Environment*MVS

OMEGAMON*Parallel Sysplex*POWER5PR/SMRACF*Rational*REXXRMFSystem Storage

WebSohere*z10z9z/Architecturez/OS*z/VM*zSeries*

Trademarks

System pSystem zSystem z10System z9*SystemPac*Tivoli*TotalStorage*

332-Jun-08


Agenda

� Availability

� ZIIPs and ZAAPs

� Application development

� Health checker

� Performance and scalability

� Security

� Reliability and availability

� You do not have to be old to work on Z/OS!

442-Jun-08


Getting to 99.999% availability

Improvements in availability over time

0

20

40

60

80

100

Time

Ava

ilabi

lity

Z/OS

552-Jun-08


Use ZAAPs and ZIIPs and save money

� Cost of purchasing a ZIIP or a ZAAP engine compared with GP processor

� Software running on ZIIPS and ZAAPs is not charged for

� Offload work to ZIIPs and ZAAPs to reduce the usage of GP processors– Reduces cost of software

662-Jun-08


� zAAPs and zIIPs are designed to help implement new application technologies on System z and to integrate them with core applica tions and data.

– Java eligible for zAAP– lowering the cost of computing for WebSphere Application Serverand other Java technology-based applications

– Centralized data serving eligible for zIIP - workloads such as BI, ERP, and CRM applications running on distributed servers with remote connectivity to DB2 V8

– Network encryption on zIIP - zIIP becomes an IPSec encryption engine helpful in creating highly secure connections in an enterprise (with z/OS V1.8)

– z/OS XML System Services eligible for zAAP and zIIP - helps make hosting XML data and transactions on System z more attractive. DB2 9, Enterprise Cobol V4.1, and XML Toolkit for z/OS V1.9 are first IBM exploiters (introduced with z/OS V1.9 and rolled back to V1.8 and V1.7)

– Remote mirror on zIIP – zIIP assisted z/OS Global Mirror function (zGM, formerly XRC) Most of the System Data Mover (SDM) processing eligible for zIIP offload. Helps reduce server utilization at recovery site (with z/OS V1.9)

– ISV exploitation of zIIPs

Available

starting

9/07

IBM System z10 Integrated Information Processor and IBM System z9 Integrated Information Processor

IBM System z10 Application Assist Processor and IBM System z9 Application Assist Processor

new!

Available

6/07

zAAPs and zIIPsMore application technology exploiters, more benefits

* Statements regarding IBM future direction and intent are subject to change or withdrawal, and represents goals and objectives only.

772-Jun-08


z/OS 1.8 Application development

� BPXBATCH stdout and stderr enhancements– Previous had to go to HFS file

� z/OS XML Services

� New LDAP server – Parallel sysplex enabled– Does not pre-req DB2

� Unicode support

� Common Information Model(CIM)– Level 2.5.1 from Open Group– Level 2.9 Schema– CIM Client can extract data ( C++ sample)– CIM client can subscribe for certain conditions ( Java sample)

• SQL like sytax

� Additional locale support for the Euro

882-Jun-08


� z/OS 1.9 XML System Services– z/OS XML System Services parsing workload done in TCB mode offloaded to zAAP, enclave-mode

SRB work to zIIP in the future*– IBM intends to add validating parsing to z/OS XML System Services*– IBM intends to enhance the XML Toolkit for z/OS so eligible workloads use z/OS XML*

� System REXX– Designed to allow authorized REXX code to run outside the TSO/E environment, via programming

interface or operator command– IBM plans to make this available for z/OS V1.8 via a Web deliverable– Can be used by customer, IBM (e.g. Health Checker) and ISV code

� New METAL C option:– No need for LE– Designed for XL C system program development– Can imbed HLASM statements in a C for calls to system services– XL C/C++ support in IBM WebSphere Developer for System z V7.0 (5724-L44)

� New decimal floating point formats support– z/OS V1.9 XL C/C++ supports decimal floating point formats in addition to the current hex and

binary floating point– Decimal floating point arithmetic is often better suited for business and financial applications

•All statements regarding IBM future direction and intent are subject to change or withdrawal without notice, and represent goals and objectives only.

z/OS 1.9 Application Development

5% Sales tax on $0.70

= 0.73499999999986

= 0.73

Should be 0.74

992-Jun-08


z/OS 1.9 SDSF REXX � Using SDSF REXX, you can perform SDSF functions

through REXX:

– Display and modify jobs

– Display and modify devices

– Browse sysout data sets

– Print sysout data sets

� SDSF functions designed to be supported via REXX va riables

– Variables loaded with data from the SDSF panels

– Designed to enable scripts to access the data programmatically

Example: Cancel Jobrc=isfcalls(”ON”)

Address SDSF “ISFEXEC ST”

do ix=1 to JNAME.0 (variable names same as FLD na mes)if pos(“KEN”,JNAME.ix) = 1 then

Address SDSF “ISFACT ST TOKEN(‘”TOKEN.ix”’) PARM(NP P)”

rc=isfcalls(“OFF”)

Add host command environmentAdd host command environment

Access the ST panelAccess the ST panel

Find the jobFind the job

Take an action on the jobTake an action on the job

Remove host command environmentRemove host command environment

10102-Jun-08


� Health Checker– Supports checks written with System REXX

– More health checks for VSM, USS, Communications Server, TSO/E

– Improved SDSF interface

� ISPF improvements– Edit and Browse support for z/OS UNIX and ASCII files

– Cross-system sharing of profile variables in a parallel sysplex• Profile sharing is aimed to support the same user being logged on the multiple systems concurrently

– ISPF can now resolve system symbols:

� Enhancements to the CF structure REALLOCATE process designed to:– Dynamically, non-disruptively determine optimal CF structure placement among CFs in a parallel sysplex in a way

that is simple and easy-to-use– Automatically initiate duplexing for CF structures that should be duplexed

– Complete pending policy changes for structures without rebuilding in many cases

� “Maintenance Mode” support for CFs– A CF is logically ineligible for CF structure allocation as if it had been removed from the CFRM policy (without policy

updates)– With the REALLOCATE command, maintenance mode support is expected to greatly simplify operational

procedures related to taking a CF down for maintenance or upgrade

z/OS 1.9 Usability

11112-Jun-08


z/OS 1.9 Usability: Edit and Browse z/OS UNIX Files

� Users get full functionality of ISPF EDIT and BROWSE

� Enables ISPF VIEW for z/OS UNIX files

� Easier when having to process both z/OS UNIX files and MVS data sets

� Applications can process z/OS UNIX files using the EDIT, VIEW, and BROWSE services

12122-Jun-08


z/OS 1.9 Usability: Support for Editing ASCII Data� ISPF editor to support the display and manipulation of ASCII data

� No need for the users to download ASCII data files to workstation to view or change the data

� SOURCE ASCII command– Converts the data from ASCII to the CCSID of the terminal using z/OS Unicode Services– Data converted back to ASCII when saved

� New edit LF primary and macro command– Restructures the data display using the ASCII linefeed character (x’0A’) as record delimiter

� RESET SOURCE reverts display back to normal mode

13132-Jun-08


z/OS 1.10 ISPF enhancements

• Multiple targets for the ISPF EDIT move and copy line commands. • DIRLIST, to display z/OS UNIX directory. • Multiscreen – At bottom Point and shoot to session. SWAP Next ++• The ISPF Data Set List panel (Option 3.4) is enhanced to support block commands.

Menu Options View Utilities Compilers Help

DSLIST - Data Sets Matching SCEN.* Row 1 of 122

Command ===> _______________________________________ Scroll ===> CSR

Command - Enter "/" to select action Message Volume

________ SCEN.APA.DEFS CAP005

DD_____ SCEN.APPPERF.V710.SCAZEXEC CAP003

________ SCEN.APPS.LOAD CAP002

DD_____ SCEN.APPS.LOAD.PDSE CAP005

________ SCEN.C.HEADER CAP006

14142-Jun-08


� HLASM source-level dbx debug support (ISVs)– This is expected to help you debug applications that include High-Level

Assembler source parts.

� Submit jobs from z/OS UNIX shell– New submit shell command

� New Run-time options support for Language Environme nt®

– Support CEEROPT for batch outside CICS and IMS environments

– Support for AMODE 64

� Invoke z/OS Communication Server FTP Client from Ja va programs

– Includes API and sample program

� NFS v4 support– Expanded platform support for z/OS NFS Clients and Servers to

interoperate with Linux on System z NFS Servers and Clients

– 64-bit exploitation

Application development and integration*Announced/Previewed with z/OS with z/OS V1.10


15152-Jun-08


� Rational ® Developer for System z (RDz) provides a modern, efficient, Eclipse-based environment for developing:

– Dynamic Web applications including Java and Java 2 Enterprise Edition, JSF, JSP, HTML, and more;

– Traditional COBOL and PL/I applications;

– CICS and IMS™ Web services using integrated SOA tools.

� WDz offers advantages over the traditional mainframe development environment:

– Single environment for programming tasks: design, code, debug from the same UI

– Productivity features like syntax-checking, JCL generation, visual debugging

– Integrated user assistance

The New Face of Application Development

16162-Jun-08


Configurable source editor; write code, check syntax, submit compile job…all from one location

JES view for browsing job output

z/OS dataset and file navigator

Old way!:� Start 3270 emulator� Logon to the z/OS system� Navigate to the dataset and member using ISPF� Select the member for editing� Locate the line in the source code� Change the source code and save the member� Switch to the JCL that is used to submit and

schedule the compile job� Submit the JCL job� Switch to SDSF to monitor the job and review the

output� Repeat 5-9 until program runs correctly

With Rational (WebSphere) Developer for System z:

Rational Developer for System z - Simplified application developmentExample: Correcting an error in COBOL source file

Outline of JOB steps

17172-Jun-08


z/OS Simplifying operations and programming*Announced/Previewed with z/OS with z/OS V1.10Configuration Assistant for z/OS Communications Ser ver

– The Configuration Assistant plans to import existing policy text files into the GUI. This allows the CA to learn of and absorb manual changes that the system administrator may have made to the policy configuration text files since the last time they were exported.

� Hardware Configuration Manager – Need help with I/O management? – Improved saved views.– Support for configuration packages similar to those supported by HCD– Support for importing and exporting I/O configuration data, similar to that provided by HCD

� Additional improvements to– Language Environment – new parmlib syntax checks– ISPF – allows you to specify multiple targets for move and copy line commands, and more!– New GRS ENQ monitor – to aid in identifying/optimizing resources– Logger – enhancement to aid in problem determination of log stream data sets.– z/OS Communications Server - New functions for network management and improvements to the

network management APIs – DFSMShsm – many improvements


18182-Jun-08


�It helps tremendously, it simplifies configuration�Tutorials and "Add for Beginners" helped to configure the required setting quickly.�Tool looks promising and makes security management more transparent� Quickly and easily configure security links within the network without the effort of writing all the different network parameters usually required to achieve this function.

�It helps tremendously, it simplifies configuration�Tutorials and "Add for Beginners" helped to configure the required setting quickly.�Tool looks promising and makes security management more transparent� Quickly and easily configure security links within the network without the effort of writing all the different network parameters usually required to achieve this function.

Examples of feedback ...

Choose the types of attacks that you want protection from. By default, all are enabled. You can disable some and also modify each attack type’s settings.

Available as Web download! ibm.com /support/docview.wss?rs=852&uid=swg24013160Available as Web download!

ibm.com /support/docview.wss?rs=852&uid=swg24013160

� Simplified setup, editing, and auditing of the following TCP/IP features for z/OS : � IP Security � Application Transparent-TLS � Quality of Service� Intrusion Detection Services � Network Security Services (1.9)� TCP/IP Policy-Based Routing (1.9)

� Ships with “best practice” default configurations.

� Performs self-checks of configurations; notifies when exceptions are detected.

� Can read and update existing policies, can re-export any changes – helpful when searching for any manual changes to network settings. (1.10)*

� Runs on Windows

� Simplified setup, editing, and auditing of the following TCP/IP features for z/OS : � IP Security � Application Transparent-TLS � Quality of Service� Intrusion Detection Services � Network Security Services (1.9)� TCP/IP Policy-Based Routing (1.9)

� Ships with “best practice” default configurations.

� Performs self-checks of configurations; notifies when exceptions are detected.

� Can read and update existing policies, can re-export any changes – helpful when searching for any manual changes to network settings. (1.10)*

� Runs on Windows

Configuration Assistant Value

Configuration Assistant for z/OS Communication Serv er (1.8) (formerly z/OS Network Security Configuration Assistant (1.7)Example - Intrusion detection made easy(1.10) Import capability


19192-Jun-08


Health checker

20202-Jun-08


Health Checker integration is a unique feature of t he IBM OMEGAMON ® z/OS Management Console (zMC)

Health Checker integration is a unique feature of t he IBM OMEGAMON ® z/OS Management Console (zMC)

The Health Checker examines configuration values for deviations from best practices.

Health check exceptions are highlighted in the zMC.

IT staff can open a report for details and recommended corrective actions.

Simplifying Diagnosis and Problem Avoidance –IBM Health Checker for z/OS

21212-Jun-08


Value

� Can help to configure for best practices► Helping to reduce the skill level► Helping to avoid outages

� Checks against active settings� Notifies when exceptions found � Runs on all supported releases of z/OS

� Framework and checks integrated in z/OS 1.7� zMC and SDSF to monitor (SDSF to control checks)

– Simplifies working with checks– Provides scroll, search, sort, and other

customization functions�Over 50 checks available

– New checks available in RRS, RACF, Consoles, GRS, RSM, UNIX® System Services

� Framework to support IBM, ISV, and user-written checks; checks can be added dynamically

�Enhancements in z/OS 1.8 designed to make it easier for middleware/ ISVs to write and manage checks

– improved parmlib, parsing, and display support for checks.

�New checks: Communications Server, GRS, storage management (ASM), RACF, BAM, DFSMS, and Resource Recovery Services (RRS)

Latest enhancements

�FRAMEWORK available from z/OS Download Web page

�Many CHECKS available as PTFs Use Enhanced Preventive Service Planning Tool to identify new PTF checks

�Write your own in System REXX

Simplifying configuration –IBM Health Checker for z/OS

22222-Jun-08


Examples of feedback…

� Is very valuable.� Only a few hours of setup... it can’t hurt

anything and only reports potential problems.

� Is helpful in lobbying for operational changes when nothing has broken yet.

� Configuration problems may be detected that otherwise would likely have remained unknown

� A strong start on a central, common framework for finding configuration exceptions on the platform.

� The RACF Sensitive Resources health check is outstanding.

Examples of exceptions found by HealthChecker…

Simplifying configuration –Health Checker for z/OS … continued

�XCF Coupling Facility Connectivity – Designed to verify that there is proper connectivity to the CF (ie. no single point of failure for backup and recovery). Check duplexed CF is duplexed ! – helps accelerate diagnosis of CF messages.

�Virtual Storage Map – Designed to identify early in the IPL process if the requested private and common storage allocations changed. This check compares common and private memory allocations and can alert you for change - helps you find memory problem much earlier in the IPL process and prior to production.

�RACF Sensitive Resources – Designed to identify improper RACF setting for a sensitive resource (in this particular case data sets that contain authorized programs). RACF setting easily updated avoiding possible security exposure. Are Key userids revoked?

23232-Jun-08


z/OS Performance and scalability

24242-Jun-08


� Support for more real memory

– New z/OS limit will be 4 TB; old limit was 128 GB

– Up to 512 GB supported on z9 EC, up to 256 GB on z990

� GRS support for more concurrent ENQs

– Default limits unchanged: Unauthorized ENQ default limit remains 4096; authorized default ENQ limit is 250,000; can specify higher maximums than the defaults

– New maximum is 2,147,483,647 (x’7FFFFFFF’)

– New ISGADMIN authorized interface, T GRS command, and GRSCNFxx parmlib support for setting higher maximums

� GRS 31-bit constraint relief

– Move star-mode global QCBs and QCBS control blocks above the bar

– Better compaction for remaining QCBs

� z/OS UNIX asynch socket read/write now designed to use fast-path processing

– Expected to improve performance for SRB-mode fast path syscalls

z/OS 1.8 Scalability

25252-Jun-08


� CFRM performance enhancements Stage 2

– Designed to allow more systems, structures, and connectors to be added without availability impacts

� Parallel VARY ONLINE processing

– Designed to reduce the duration of VARY commands for large numbers of devices

– Expected to reduce serialization contention

– Complements parallel VARY OFFLINE processing, available with z/OS 1.7

� Language Environment support for sequential data se ts larger than 64K tracks and for VSAM extended addressability data sets

– QSAM support in Language Environment for C/C++ programs (using noseek)

– Support for ESDS, KSDS, RRS extended format data sets with extended addressability


26262-Jun-08


� z/OS UNIX limit on file descriptors per process inc reased from 128K to 512K– MAXFILEPROC limit will be 524288 in BPXPRMxx and SET OMVS command – Can restrict for individual users by setting FILEPROCMAX in the OMVS segment– C and assembler programming interfaces support new limit

� Support for more than 32K device groups – Device groups are consumed by tape devices (1 per device) and DASD esoteric names (1 per

device range per esoteric name). – You can reach this limit with fewer than the 63.75K maximum number of devices– APAR OA02983 increased the limit to 64K-1 devices (x’FFFF’) at the end of 2003– The new limit will be really high (4G-1, or x’FFFFFFFF’)– Note: You can check on your systems by looking at the number of entries in the Group Pointer

Table using the IPCS LISTEDT command.� DADSM/CVAF Rapid VTOC Index Rebuild� 64-bit exploitation by PDSE

– SMSPDSE and SMSPDSE1 will use storage above the bar for control blocks– New SMS initialization parameter to specify amount of storage to use above the bar– Relieves the prior limitation of about a million open PDSE members– Can allow over a million concurrently-open PDSE members– Also, option to retain directory and member cache for closed data sets and SMF 14/15 cache

statistics


27272-Jun-08


z/OS 1.9 Scalability and Performance� Support for more CPUs on System z9/z10 EC servers

� 64-bit GRS

� TSO/E support for large (>64K TRK) sequential data sets� SMF data to System Logger

– System Logger captures data faster than MAN datasets– Expected to support much higher write rates when the CF is used– SMF records from different systems be combined into one log stream

• or can write data based on record types to different log streams– No need to figure out which GDGs SMF data is in any more!

� Message Flooding Automation– Policy-driven automation for dealing with high volumes of messages occurring at

very high message rates

� XCF Couple Data Set performance– Designed for more parallelism to improve performance– Available on z/OS 1.6 and higher with the PTF for APAR OA15409

� Dynamic LAN Idle– TCP/IP adjusts interruption interval for OSA-Express2 adaptors based on network

traffic– Designed to improve throughput on z9 EC and z9 BC servers having OSA-

Express 2 with dynamic LAN idle timer support configured in QDIO mode (CHP type OSD)

– Available on z/OS 1.8 with APARs OA21405 and PK46764

28282-Jun-08


� Improved price/performance with new Enterprise quad core z10 EC processor chip– Up to 64 processors (zIIPs, zAAPs and CPs) per LPAR (available with z/OS 1.9)– Over 50% more specialty engine capacity at no extra charge – On-chip: Data compression, cryptographic functions, Hardware

Decimal Floating Point

� More real memory and reduced memory management overhead

– Up to 4 TB of memory per z/OS image (z/OS V1.8 architectural limit)

• Up to 1.5 TB per z10 EC server• Up to 1.0 TB per z10 EC LPAR

– Support for 1MB page frames (z/OS V1.10)* in addition to existing 4 KB page sizes

� Intelligent, optimized workload dispatching with Hi perDispatch (Avail w/ z/OS V1.7)

� Java performance– IBM 64-bit SDK for z/OS, Java Technology Edition, V6 on z10 EC designed to deliver improved

performance over SDK5 on z9™ EC– The new z10 EC processor chip design, more available server memory, large page support, and

support for new decimal floating point by Java BigDecimal

z/OS 1.10 Extreme scalability and high performance

29292-Jun-08


� Decimal arithmetic widely used in commercial and fi nancial applications– Computations often handled in software– Avoids rounding and other problems with binary/decimal conversions

� On IBM System z9 ® delivered in millicode - brought improved precision and function

� On System z10 integrated on every core - giving a performance boost to execution of decimal arithmetic

� Growing industry support for hardware decimal float ing point standardization– Open standard definition led by IBM, endorsed by key ISVs including Microsoft® and SAP– Java BigDecimal, C#, XML, C/C++, GCC, DB2® V9, Enterprise PL/1, Assembler

� z/OS V1.9 Hardware Decimal Floating Point support r equires:– High Level Assembler (z/OS V1.8)– Enterprise PL/1– XL C/C++ with PTF– Debug tool (in support of C/C++, PL/1, and HLASM)– dbx (in support of C/ C++)– DB2 9 for z/OS (allows you to define DFP data in DB2)

Bringing high performance computing benefits to commercial workloads

z/OS 1.10 Focused performance boostHardware Decimal Floating Point

30302-Jun-08


� z/OS provides additional constraint relief for common storage, z/OS Communications Server, Allocation, OAM, XES/XCF CF locking, and GRS Latch and ENQ processing.

� Network TCP/IP stack performance improvements in multiple areas, including CPU consumption, cache line contention, and common storage utilization.

� Metro Mirror (PPRC) secondary devices can be define d in Subchannel Set 1– Can free Subchannel Set 0 slots for additional devices– Complements PAV alias definitions in SCS 1

� Hashed DSAB searches– Improve Allocation performance for large numbers of data sets, any workload with lots of open data

sets can benefit (ex:DB2 and IMS™)– Use GETDSAB!

� Minimize the delay in starting CDS Backup due to an active DFSMShsm ™ workload

� Mark selected devices unavailable for Allocation– Reduce recovery Allocation overhead, help

keep purposefully offline devices offline– Three device states: ONLINE; OFFLINE;

and OFFLINE UNAVAILABLE


Additional scalability/performance enhancements*Announced/Previewed with z/OS with z/OS V1.10

31312-Jun-08


3390-9 3390-9

3390-A

3GB3,339 cyl

9GB10,017 cyl

27GB32,760 cyl

54GB65,520 cyl

Architectural Limit:100s of TB**

* When available z/OS V1.10 GA planned to be 3Q 2008, DS8000 function planned 2H 2008**Statements regarding IBM future direction and intent are subject to change or withdrawal, and represents goals and objectives only.

3390-A

223GB*262,668 cyl

3390-3

� An Extended Address Volume (EAV) is a volume with o ver 65,280 cylinders– 223 GB volumes initially supported on z/OS V1.10* and IBM System Storage DS8000* – Larger volumes are planned to be rolled out over time *– First exploiter is VSAM – applications that uses VSAM data sets

(including DB2 and CICS®) can benefit from EAV– IBM intends to enable other access methods in the future *

� EAV helps address storage constraints for very larg e storage

� In the future, EAV can help simplify storage manage ment.– Manage fewer, large volumes as opposed to many small volumes

� DS8000 HyperPAV function complements EAV by allowing the scaling of the I/O rates against a single, larg er volume

� DS8000 Dynamic Volume Expansion can allow non-disruptive migration to larger volume sizes

3390-9

29 MB~300 cyl

2314-1

101MB404 cyl

3330-1

317MB555 cyl

3350

z/OS 1.10 Taking z/OS storage volumes to the extrem e

EAV

32322-Jun-08


Security

33332-Jun-08


z/OS Security leadership continues� Extending user authentication management

– Support for SAF Identity Tokens (1.8) (Smart cards )– CS: Support for defining Intrusion Detection Servic es (IDS) policies in a

policy agent configuration file (as well as an LDAP server) (1.8)

� Improved RACF interoperability across platforms– Support for mixed-case passwords in RACF, TSO/E, FT P, CONSOLES,

and z/OS UNIX System Services (1.7)– Infrastructure for support for RACF password phrase s from 14 to 100

characters in length (1.8)– RACF support for passtickets (1.7)– RACF support for virtual key rings (1.8) (all certs I own)

� Adopting innovative new technologies– PKI

• Enhanced z/OS PKI services to support multiple cert ificate authorities (in one image) (daemons)

• SCEP (Simple Certificate Enrollment Protocol) suppo rt to accept certificate request from network devices (routers) (1.8)

– Cryptography• IPSec and InfoPrint applications (1.8)Tape data set protection using DFSMS and

RACF (or other security manager) (1.8)

34342-Jun-08


� Flexible options for business partner exchange

� Partners can encrypt and decrypt using no-charge Java client

� Supports public key or password based exchange

� Highly secure tape library

� High performance archive encryption

� Transparent to existing processes and applications

� Can help provide audit compliance

Data Encryption in the Server

Enterprise scope

TS1120 with Encryption

Protected Encryption Keys

�Can help to protect and manage keys

– Highly secure and available key data store

– Long term key management

– Disaster recovery capabilities

�Single point of control

�Over a decade of production use

Why z/OS centralized key management?

CentralizedKey Management

Encryption Facility for z/OS, 1.1

Tape Encryption with Key Management on System z

35352-Jun-08


z/OS 1.9 Security� Additional password phrase support

– Minimum length of a password phrase lowered from 14 characters to 9– Sample exit planned using the new System REXX facility to check password/phrase

quality rules – Password change logging to be extended to include RACF password phrases.– Hardware Configuration Manager (HCM) is the first application to exploit password

phrases

� Java user and group SAF admin classes– Java classes designed to enable RACF user & group administration

� PKI Services and RACF digital certificate enhanceme nts planned– Provide e-mail notification to PKI administrators for pending certificate requests.– Change the maximum period for certificate validity from 3650 to 9999 days– Allow queries based on the number of days until certificates will expire– Automated certificate renewal via e-mail before certificates expire

� Improved auditability for z/OS UNIX– z/OS UNIX file and directory deletion recorded in new SMF92 subtype

� New Network Security Services function designed to provide– Single, centralized certificate storage for IPSEC – Cross-system and –sysplex monitoring and management for IPSec security

� AT-TLS support for FTP server, FTP client, and TN32 70 server

� Enhanced System SSL support– Hardware to Software cryptography notification to warn that software cryptography is

being used after a hardware services error– CRL processing enhancements:

36362-Jun-08


� z/OS Communications Server IPSec processing to use zIIPs if they are available in the LPAR configuration on System z9/z10 servers

� Eligible enclave-mode SRB processing will be offloaded:

– Encryption processing– Cryptographic validation of message integrity– IPSec header processing

� All IPSec enclave Service Request Block (SRB) work made eligible to run on a zIIP

� Specify GLOBALCONFIG ZIIP IPSECURITY=YES in your TCPPARMS data set– Note: To enable IPSec, specify IPCONFIG IPSECURITY (IPv4) and/or

IPCONFIG6 IPSECURITY (IPv6)

� Available on z/OS 1.8 with APAR PK40178

ServerPrinterATMPOS

z/OS Network

Device

Network

DeviceIPSec IPSec

zIIP

z/OS 1.9 Security: IPSec offload to zIIPs

37372-Jun-08


Audit and governance policies

Protect System

Protect data

RACF

Protect Networks

z/OS System Integrity

� EAL 5 for z9 LPAR � EAL(1.8) & FIPS Certifications� Linux on System z as DMZ � z/OS CommServer Security

� EAL 5 for z9 LPAR � EAL(1.8) & FIPS Certifications� Linux on System z as DMZ � z/OS CommServer Security

� System Integrity� RACF MLS� z/OS PKI Services� Tivoli Identity Manager (TIM)� Tivoli Federated Identity Manager (TAM)� Tivoli zSecure

� System Integrity� RACF MLS� z/OS PKI Services� Tivoli Identity Manager (TIM)� Tivoli Federated Identity Manager (TAM)� Tivoli zSecure

* Statements regarding IBM future direction and intent are subject to change or withdrawal, and represents goals and objectives only.**With appropriate HW

� With z/OS V1.10, designed to support industry security standards!*

� ICSF– 4096-bit RSA key support (with

z10 EC, z9 EC and z9 BC)– IBM: SHA-224, SHA-384**, and

SHA-512**– AES-192 and AES-256 algorithms

**– ISO Format-3 PIN Block support

(meets ISO 9564-1 Banking standard) (with z10 EC, z9 EC and z9 BC)

– ALSO in ICSF - Random number callable service

� System SSL– Utilize hardware support for RSA

digital signature **– SHA-224, SHA-256, SHA-384, and

SHA-512 algorithms **� z/OS Communications Server

– IPV6 standards RFCs 4301-4305, 4308

System z and z/OS Security

� Robust Encryption Infrastructure� Tape encryption� DB2 & IMS Encryption & Test Tools� z/OS Encryption Facility V1.2 (Jan 2007)� Network encryption: SSL/TLS, IPSec, AT-TLS, OpenSSH, NSS� ISO Format 3 Pin Block (1.9)

� Robust Encryption Infrastructure� Tape encryption� DB2 & IMS Encryption & Test Tools� z/OS Encryption Facility V1.2 (Jan 2007)� Network encryption: SSL/TLS, IPSec, AT-TLS, OpenSSH, NSS� ISO Format 3 Pin Block (1.9)

� z/OS CommServer (IDS)� System zAlerts� SMF & Tivoli zSecure� z/OS Healthchecker� DB2 Audit Tool

� z/OS CommServer (IDS)� System zAlerts� SMF & Tivoli zSecure� z/OS Healthchecker� DB2 Audit Tool

� ISS� Global Services: Security & Privacy Consulting� IBM Services: Ethical Hacking

� ISS� Global Services: Security & Privacy Consulting� IBM Services: Ethical Hacking

38382-Jun-08


� RACF can report if users have attempted to perform unauthorized actions–All subsystems can log system event records

– Comprehensive SMF records can document system activities

–System audit records can report access to protected resources, security violations, unauthorized action� Tivoli Compliance InSight Manager (Consul InSight) log continuity reporting (avail 12/07) helps validate that logs have been collected – addressing a core compliance requirement

� RACF can report if users have attempted to perform unauthorized actions–All subsystems can log system event records

– Comprehensive SMF records can document system activities

–System audit records can report access to protected resources, security violations, unauthorized action� Tivoli Compliance InSight Manager (Consul InSight) log continuity reporting (avail 12/07) helps validate that logs have been collected – addressing a core compliance requirement

Consistent, comprehensive logging

� z/OS system integrity - IBM's long term commitment to protecting key z/OS system resources

Intended to prevent unauthorized application programs, subsystems, and users from gaining access, circumventing, disabling, altering, or obtaining control of key z/OS system processes and resources unless allowed by the installation.

� z/OS system integrity - IBM's long term commitment to protecting key z/OS system resources

Intended to prevent unauthorized application programs, subsystems, and users from gaining access, circumventing, disabling, altering, or obtaining control of key z/OS system processes and resources unless allowed by the installation.

* It is the customer's responsibility to identify, interpret, and comply with laws or regulatory requirements that affect its business. IBM does not represent that its products or services will ensure that the customer is in compliance with the law.

Foundation

z/OS Security Server – RACFHelping to address security and compliance* guidelines


39392-Jun-08


z/OS Security Server – RACFHelping to address security and compliance* guidelines� RACF supports passwords/phrases up to 100 character s - easier to share passwords

– 1-8 mixed case characters, 9-13 mixed case characters with new exit (ICHPWX11), 14-100 mixed case (z/OS V1.9)– Exploiters (z/OS V1.10*): TSO/E, z/OS UNIX, z/OS UNIX Shell and Utilities, Language Environment, Network

Authentication Service support for Kerberos , OpenSSH function of IBM Ported Tools for z/OS (5655-M23), and ...– ... IBM Tivoli Directory Server (LDAP) for z/OS, can be used to start to implement enterprise-wide password

synchronization (using, for example, IBM Tivoli Directory Integrator)**

� Tivoli Directory Server for z/OS– Integrated in the base of z/OS V1.8 – provides sophisticated LDAP services for z/OS, including:

• Plug in support• Improved compatibility with IBM Tivoli Directory Server [distributed]• Improved support for RACF

� RACF support for passtickets (1.7)

� RACF support of virtual key rings (1.8)

� RACF support for Java user and group SAF admin clas s (1.9)

� RACF (and ICSF) support of PKCS#11 standard (1.9)

40402-Jun-08


User requests certificate

Administrator generates

and distributes certificate

Requestor signs

message

Receiver verifies requestor’s signature

Administrator revokes

signature

Certificate expires

� z/OS PKI Services is a Certificate Authority soluti on provided in z/OS– Alleviate need to pay a third party Certificate Authority – Relatively low MIPS to drive thousands of certificates– Leverage existing z/OS skills and resources

� Provides full certificate life cycle management– User request driven via Web pages– Browser and server certificates– Automatic and administrator approval process– End user/administrator revocation process

• Supports CRL (Certificate Revocation List) and OCSP (Online Certificate Status Protocol)

� PKI Services, many updates over the years!– Multiple certificate authorities (in one image) (1.7)– SCEP (Simple Certificate Enrollment Protocol)

support to accept certificate request from network devices (routers) (1.8)

– Automated e-mail notification for certificate requests, renewals, expirations (1.9)

– Support for Unicode (UTF8 subset) – helps improve compatibility with existing CAs. (1.10)*

Used by a large bank to help secure connection between data center and branch offices - Saved an estimated $16M a year

Used by a large bank to help secure connection between data center and branch offices - Saved an estimated $16M a year

Example of feedback Example of feedback

A complete digital certificate solution z/OS PKI Services


41412-Jun-08


Availability

42422-Jun-08


z/OS 1.8 Enhanced sysplex availability� Dynamic registration and deregistration of Domain Name Server (DNS) based

on server/ host availability � New LDAP server for z/OS, IBM Tivoli Directory Server for z/OS, designed to

have stronger affinity toward sysplex (and allow a sysplex group to replicate with other LDAP server )

� z/OS UNIX System Services (z/OS UNIX) byte range lock manager (BRLM) is enhanced (locks can be replicated and recovered) to help improve availability for applications that use BRLM

� Improved CF Recovery time.� Improved CFRM. These enhancements can enhance sysplex

availability by significantly reducing I/O contention for CFRM couple data sets (CDS)

� The single master console is eliminated, and therefore it no longer can act as a single point of failure

� Backup & Recovery – DFSMS Fast Replication extended – Ability to backup and recover from to/from tape – Recovery at the data set level (from a backup on d isk or on tape)

43432-Jun-08


z/OS 1.9 Availability

�All statements regarding IBM's plans, directions, and intent are subject to change or withdrawal without notice.

� CF Duplexing performance

– Reduction in number of synchronous exchanges

– Designed to make duplexing feasible in some cases for which duplexing performance was prohibitive before

– Available on z/OS R6 and up with the PTF for APAR OA17055 (RMF support in APAR OA17070) and CFLEVEL 15 or later on System z9/z10 servers

� New SFM policy for unresponsive systems

– Intended to partition out unresponsive systems more quickly to help prevent sysplex-wide “sympathy sickness” problems from becoming severe

� Improved availability for System Logger

– Support provided for multiple concurrent migrated data set recall requests

44442-Jun-08


z/OS

System z10

Beyond� High availability clustering, autonomic Capacity on Demand, data backup and

recovery solutions let you be more responsive, frees your staff up to do more important work

� Designed with a ‘Never go down’ philosophy as opposed to a ‘rapid reboot’philosophy

� Extensive use of error checking and recovery code designed to ensure data and transaction integrity and reliability

� Concurrent HW maintenance and upgrades means fewer planned outages� Designed to try to eliminate single points of failure and reduce amount of

unplanned outages

There is more to 'availability' than just the serve r being up - the application and the data must be available as well.

System z availability

45452-Jun-08


� Improved consoles and message handling� JES2 dynamic exits – can help avoid JES2 restarts� JES2 NJE improvements – automatically restarts connections� Auto IPL – can reduce latency of operator response time by

automatically initiating a dump to capture data for analysis and a restart based on z/OS diagnostics.

� ASID reuse – helps reduce planned and unplanned outages by allowing more address spaces to be reused. Exploiters include: – CATALOG, LLA, and VLF (available with z/OS V1.9)– z/OS UNIX® RESOLVER, TCP/IP, DFSMSrmm™, and TN3270 (with z/OS V1.10)

� System to react automatically to high fixed storage users

� Parallel Sysplex ® improvements� Basic HyperSwap solution*� z/OS Global Mirror (eXtended Remote

Copy, XRC) enabled for zIIP**� ... and beyond with GDPS ® V3.5

** IBM System z10 Integrated Information Processor and IBM System z9 Integrated Information Processor


z/OS availability enhancements*Announced/Previewed with z/OS with z/OS V1.10

46462-Jun-08


Improved system availability, enhanced capacity and reliability

of message delivery


Improved consoles ...Improved availability

� z/OS V1.4 / V1.5 – First phase of Consoles Enhancements - Improved message production and consumption flows

to help reduce bottlenecks

� z/OS V1.7– Improved processes for deleting consoles, message

handling, support for subsystems, and improved availability– IBM Health Checker for z/OS - checks for console definitions

� z/OS V1.8– Master console and console switch functions were removed,

eliminating them as potential points of failure

� z/OS V1.9 (rolled back to V1.8)– Automation for dealing with large amounts of messages (also available with z/OS 1.6 -1.7 w/PTF)– Helps prevent the flood messages from being displayed on a console, from being logged, from being

queued for automation, from propagating to other systems in a sysplex.

� z/OS V1.10*– Designed to reduce serialization contention. – Increases the maximum number of MCS, SMCS, and subsystem consoles in a sysplex from

99 per sysplex to 99 active consoles per system; and more

47472-Jun-08


� Can seamlessly swap between primary and secondary d isk volumes– Protects from unplanned disk outages– Enables planned fail-over (testing) – Management is from z/OS, so GDPS multi-site automation is not required

� Basic HyperSwap is enabled by IBM TotalStorage ® ProductivityCenter for Replication, and requires:

– Planned: IBM TotalStorage Productivity Center for Replication Basic Edition for System z * - intended to have the intuitive z/OS graphical interface and administration capabilities for Basic HyperSwap

– z/OS V1.9 with maintenance, or z/OS V1.10. – IBM System Storage Metro Mirror (DS8000, DS6000™, ESS)– Planned: IBM System Services Runtime Environment for z/OS* - intended to provide Web

services, or WebSphere® 6.1.0 – DB2 V8 (or later). Customers without DB2 may use Apache Derby (planned to be available

with TotalStorage Productivity Center for Replication Basic Edition for System z).

� GDPS/PPRC HyperSwap and/or HyperSwap Manager still your first choice for robust multiple site, continuous availability, and DR solutions.

Primary Secondary


Data availability, protection from outagesBasic HyperSwap*

48482-Jun-08


� GDPS Extensions for Heterogeneous platforms– Distributed Cluster Management (DCM) for Symantec Veritas Cluster Server (VCS)

• Integration provides a Disaster Recovery (D/R) solution for both z/OS and open systems applications• Support for both GDPS/PPRC and GDPS/XRC

– Distributed Cluster Management (DCM) for Tivoli System Automation Application Manager (AppMan) (Preview) – Integration provides a D/R solution for both z/OS and open systems applications

� Systems Management– GUI interface expanded to include GDPS/PPRC HM and GDPS/Global Mirror

� Availability– z/OS Metro/Global Mirror Incremental Resync (Preview)– CBU and On/Off Cod Automation enhancements (Preview)

� Performance– Support for zGM Multi-Reader

� Cost savings– Support for all GDPS offerings for FlashCopy Space Efficient (SE)– System Data Mover offload to zIIP (GDPS/XRC)


GDPS 3.5 – The e-business availability solution

49492-Jun-08


Before zIIP assisted zGM

Test, Dev., Quality

Assurance,other z/OS and SDM function

z/OS Global Mirror

CPs CPs zIIPs

DFSMS

SDM

** For illustrative purposes only, your results wil l vary.

With zIIP assisted zGM**

DFSMS

SDM

Reduce utilization,create white space,optimize resources

Test, Dev., Quality

Assurance,other z/OS and SDM function

zIIP Assisted z/OS Global Mirror: a cost effective mirroring solution� z/OS Global Mirror (formerly Extended Remote Copy, XRC) is enabled for the zIIP

– z/OS DFSMS™ allows a part of System Data Mover (SDM) processing to be eligible for the zIIPs– Most SDM processing associated with zGM/XRC is made eligible to run on the zIIP.

� zIIP assisted z/OS Global Mirror function, can help provide better price performance and improved utilization of resources a t the mirrored site. – A part of DFSMS SDM processing is redirected to

a zIIP processor which can lower system utilization at the mirrored site.

� Available with:– z/OS V1.10 (when available), or

z/OS V1.9 and V1.8 with PTF for APAR OA23174

– IBM System Storage DS8000, or any storage controller supporting z/OS Global Mirror

– IBM System z9 or z10 server


50502-Jun-08


Workload Management

51512-Jun-08


1.8 Sophisticated management and optimization

� Improved WLM Goal Mode management for zAAP workload s

– WLM designed to manage based on both CP and zAAP de lays� Improved IFAHONORPRIORITY=YES processing

– New design intended to use CP resource only when zA AP workload goals are expected to be missed

– Help maximize the use zAAP engines

� Alternative option for determining tape I/O priorit y

– If no WLM I/O priority is provided, then SRM is des igned to provide the priority.

� WLM services for “troubled applications”– Designed so instances of distributed applications a nd subsystems can tell WLM they are

having problems processing requests (e.g., full que ues, abending, etc.)

– WLM designed to adjust recommendations used by load balancers such as SysplexDistributor to help avoid routing more work to the a pplication having such a problem

– WLM will pass abnormal transaction counts to Sysple xDistributor from subsystems that provide these coun ts (CICS today, DB2 9

52522-Jun-08


� Networking and Optimization – z/OS Sysplex Distributor now has the option to favo r local servers where

possible, while avoiding servers that are no longer active or are overloaded. – Global Resource Serialization (GRS) enhancements ca n enable GRS Star

users to specify which system will be the contentio n notifying system (CNS), which may help you better balance workload.

– JES2 is designed to help balance workload in a mult i-access spool configuration within a sysplex

• Can help even out the 4-hour rolling average of bat ch– The sysplex autonomics function is enhanced to moni tor network interfaces

and designed to invoke recovery in the event of an i nterface failure.

1.8 Enhanced sysplex management and optimization

zOSSUM_370

53532-Jun-08


1.8 Enhanced sysplex management[LPAR] Group Capacity Limits (GCL)� The ability to define a capacity limit for not only a single logical

partition (LPAR), but for a group of LPARs as well – System z to manage the group of LPARs in such

a way that the sum of the LPAR capacity limits will not be exceeded.

– Capacity limits based on four-hour rolling average– Available on System z9 EC and z9 BC only

Capacity Limit

Capacity Limit

CapacityLimit

LPAR1

Capped

LPAR2 LPAR3 LPAR2LPAR1 LPAR3LPAR1

LPAR3

LPAR2

LPAR1

LPAR3

LPAR2

Individual LPAR capacity limits Group capacity limit

�May help reduce the amount of ‘capping’ �More productive use of ‘white space’ and higher utilization

Capped

No cap

No cap

54542-Jun-08


Enterprise-wide management capability� Enterprise workload management enhancements (1.8)

– EWLM / WLM service class correlation

• WLM to accept classification of work from EWLM

– zAAP reporting to EWLM

� A new version of the Common Information Model (CIM) (1.8)– Important standard for cross-platform management

– Upgrade of the CIM Server Runtime Environment to ve rsion 2.5.1 of OpenPegasus from the Open Group, the upgrade of the CIM Schema to 2.9

– RMF support to enable CIM client applications to su bscribe to RMF events and metrics

– Upgrade designed to help improve security, reliabil ity, and scalability improvements

� DFSMSrmm ™ enablement for removable media across the enterprise

– CIM agent can support Creation, Change and Deletion of volumes and data sets (1.8)

– Enterprise-wide Query and Display capabilities provided in z/OS 1.7

55552-Jun-08


z/OS 1.9 Optimization and Management Capabilities

� WLM “Trickle” Support– Ability to specify that a small amount of processor resource be used for

discretionary work that otherwise would “never” get done on a 100% busy system

– Available on z/OS R7 and later with APARs OA17735, OA18639

� Promotion of cancelled jobs– WLM designed to increase priority of cancelled jobs

– Designed to help get cancelled work out of the system more quickly so that held resources can be available in less time

� WLM control over server region start-up– Designed to allow server regions to tell WLM to start a number of server

regions in parallel

– New parameter for IWMSLIM allows applications to control whether WLM should start server regions in parallel or sequentially.

� WLM support for cross-system routing of zAAP and zIIP workloads– Designed to make routing services return weights for zAAPs and zIIPs,

as well as to those returned for CPs

56562-Jun-08


z/OS 1.9 Optimization and Management Capabilities (co nt)

� RMF Support for Coupling Facility Activity Reporting

– “What is my CF doing…?”– “What happened when I added or changed that structure…?”– Support in z/OS 1.9 RMF Monitor III and Postprocessor provide

information about CF processor resource consumption by structure

– Requires min CFLEVEL 15 (available on System z9/z10 servers)

– Also available on z/OS 1.6 and higher with the PTFs for APARs OA17055 (XES) and OA17070 (RMF)

SMF74RMF

Reports

RMF Monitor III Coupling Facility

activity display (S.7)

CF

57572-Jun-08


1.9 WLM routing service enhancements for zAAP and zII P

� Workload balancing is optimized by using specialty processors aswell as the general purpose System z processor.

– Configure expected processor usage proportions for BaseWLM• Analyze the capacity/utilization requirements for each workload to determine

the expected utilization proportion for each processor type– Sysplex distributor will make routing decisions using the composite weight– Load Balancing Advisor (LBA) will report the composite weights to external

load balancers in place of the conventional CP weight

System processor capacity

General CPs

zAAP

zIIP

General CPs

zAAP

General CPs

System z9

zSeries z990

zSeries z900

� BASEWLM - system weights– Based on a comparison of conventional

CP capacity

� SERVERWLM - server-specific weights– Based on a comparison of

• The CP capacity given the importance of the server's work

• How well each server is meeting the goals of its service class

– No configuration required for ServerWLM

58582-Jun-08


z/OS optimization and management*Announced/Previewed with z/OS with z/OS V1.10� Policy based Capacity Provisioning for System z10

– A new Capacity Provisioning Manager planned for z/OS V1.10 (and z/OS V1.9 with PTF) plans to monitor System z10 servers and manage z/OS 1.9 and 1.10 systems and add /remove temporary capacity automatically.

– In the future, z/OS will allow authorized applications to query, change, and perform basic operational procedures against the installed System z hardware base - efficiently deploying server resources when needed*

� z/OS Workload Manager: – Improved Contention Management

• Longer promotion, will now promote resource holders to the priority of the highest-priority waiter

– WLM to manage more address spaces in service class SYSTEM:

• XCFAS, GRS, SMSPDSE, SMSPDSE1, CONSOLE, IEFSCHAS, IXGLOGR, SMF, and CATALOG (in addition to *MASTER* and WLM)

– More Performance Block (PB) delays

• Up to 15 from 5• Applications can specify names to replace the default names

– zIIP CPU management = Manage zIIPs like CPs and zAAPs


59592-Jun-08


Migration

60602-Jun-08


�New users and experienced users like it�Nice tool�Valuable tool�Great tool�Love the tool

�Provides useful information�A great idea that will improve as time passes.�One of the best ideas I’ve seen from IBM in a long time.

�New users and experienced users like it�Nice tool�Valuable tool�Great tool�Love the tool

�Provides useful information�A great idea that will improve as time passes.�One of the best ideas I’ve seen from IBM in a long time.

Examples of feedback ...

� When run on the older system, Migration Checker for z/OS can help you determine if migration actions are applicable

� When run on the new target system, Migration Checker for z/OS can help verify migration actionshave been done correctly.

� Best used in conjunction with z/OS Migration book, to assist in creating your migration plan.

� Intended for migrations from z/OS 1.7 to z/OS 1.8 or 1.9, or from 1.8 to 1.9, with some checks useful for other migration paths.

� When run on the older system, Migration Checker for z/OS can help you determine if migration actions are applicable

� When run on the new target system, Migration Checker for z/OS can help verify migration actionshave been done correctly.

� Best used in conjunction with z/OS Migration book, to assist in creating your migration plan.

� Intended for migrations from z/OS 1.7 to z/OS 1.8 or 1.9, or from 1.8 to 1.9, with some checks useful for other migration paths.

Value

� Run the TN3270E Telnet server as a separate address space

� Migrate from HFS file systems to zFS file systems

� Discontinue use of multi-file system aggregates

� Use the new default for BLOCKTOKENSIZE in IGDSMSxx

� Remove deleted data sets, paths, and references

� Accommodate the removal of 1-byte console IDs

� Update /etc z/OS UNIX and Communications Server configuration files changed by IBM

� Ensure the integrity of SMS control data sets

� Redefine existing VSAM data set that contain the IMBED, REPLICATE, and KEYRANGE attributes

� Ensure that UDP port 514 is available to syslogd if not started with the -i option

� Run the TN3270E Telnet server as a separate address space

� Migrate from HFS file systems to zFS file systems

� Discontinue use of multi-file system aggregates

� Use the new default for BLOCKTOKENSIZE in IGDSMSxx

� Remove deleted data sets, paths, and references

� Accommodate the removal of 1-byte console IDs

� Update /etc z/OS UNIX and Communications Server configuration files changed by IBM

� Ensure the integrity of SMS control data sets

� Redefine existing VSAM data set that contain the IMBED, REPLICATE, and KEYRANGE attributes

� Ensure that UDP port 514 is available to syslogd if not started with the -i option

Samples of programs

ibm.com /servers/eserver/zseries/zos/downloads/#mchecker

ibm.com /servers/eserver/zseries/zos/downloads/#mchecker

� … perform any migration actions on your system

� … replace the z/OS Migration books. The Migration Checker for z/OS programs do not cover all migration actions outlined in the Migration books.

� … perform any migration actions on your system

� … replace the z/OS Migration books. The Migration Checker for z/OS programs do not cover all migration actions outlined in the Migration books.

Migration Checker will not ...

Migration Checker for z/OSSimplifying migration to z/OS 1.8 and 1.9No charge Web download

61612-Jun-08


You do not have to be old….

� Master the Mainframe contest – US 1750 people from 325 colleges

– UK 650 started

� 3 stages1. Introduction to the Mainframe – detailed instructions

2. Problem solving – hardest was EBCDIC to ASCII conversion (win a Sony Play station)

3. The hard problems (Months of work!)

– working with JCL problems.

– looking at the system log and issuing operator commands.

– a performance challenge, modifying an existing application to make it run as fast as possible.

– updating the front page for their own HTTP server.

– Starting DB2 and running numerous complex queries.

– And finally debugging a very nasty application scenario involving a small suite of WMQ, Batch and CICS programs

� First 3 winners each got high spec laptop, and day at Hursley

62622-Jun-08


You do not have to be old….

� Z Graduates at Hursley– Education for (young) people within the labs

– Self study and courses

– Get people using grown up systems with high throughput and availability

– Understand (and can use)

• CICS , DB2, RACF, JCL

63632-Jun-08


� The infrastructure is complete and fully operational

� Enabling students and faculty– Faculty seminars and

workshops– Remote Mainframe access, no-

charge access to hubs WW – Courses and e-Learning– Mastery Test & Student

Opportunity System– Student Mainframe contests

� You are encouraged to leverage it

� Networking opportunities– Mainframe community

roundtables on campus– zNextGen network at SHARE– Opportunity system– Be an ambassador

Mainframe Skills Help Desk ([email protected])


ibm.com /systems/z/about/charter/university.htmlibm.com /systems/z/about/charter/university.html

IBM Academic Initiative for the Mainframe is ready for you. Are you ready for it?

64642-Jun-08


Fill the pipeline with new talent :� Academic initiative � z/OS Basic Skills Information Center for new and experienced users � IBM Education Assistant (IEA)

► Online education on z/OS performance, tuning, and best practices tips.

Helping to reduce z/OS complexity� Make it easier to develop experts� Eliminate, automate, and simplify complex tasks� Modernize the “face” of z/OS

� Maintain current “faces” for experienced users� Leverage mainframe’s centralized management

The New Face of z/OSSimplifying and Modernizing the Mainframe for IT Professionals

65652-Jun-08


Any questions?

66662-Jun-08


Other

� Prelinker is stabilized – use the Binder

� Removal of the C/C++ open class libraries

� TN3270 now standalone – removal from TCPIP stack

67672-Jun-08


z/OS 1.9 Networking� Policy-Based TCP/IP Routing

– Designed to provide policy-based routing based on j ob name, source/destination port, protocol type (TCP or UDP), source IP address , NetAccess security zone, security label, application

– Can specify that outbound traffic be separated by applica tion

� FTP Unicode support

– Added file transfer support for UTF-16, UTF-16LE, a nd UTF-16BE

– Added file storage support for UTF-16

� z/OS Communications Server provides:

– New APIs designed to allow applications to specify source filter lists

– Support to allow local systems to filter on source addresses even when not attached to multicast routers with source address filtering support

– Host support for IGMPv3 and MLDv2

68682-Jun-08


Meeting the challenges of on demand business with designs for:

Improving AvailabilityImproved latch contention detection, CF duplexing

enhancements, SFM improvements, New RRS options

….

Scalability & Performance54-way support, 64-bit GRS, SMF to Logger, TSO/E support for large

sequential data sets, Message Flooding Automation, XCF CDS Performance, heap pools, VSCR Self Managing Capabilities

WLM support for cross-system routing of zAAP workloads,

WLM “Trickle” Support, Promotion of canceled jobs, Start

servers in parallel, …

Enhancing SecurityIPSec offload to zIIP, Additional

password phrase support, Kerberos AES support, Enhanced CRL

support, PKI Services & RACF extensions, better z/OS UNIX

Systaem Services auditability, Java user and group SAF admin classes

Enterprise-Wide RolesCIM monitoring enhancements, Updated

Pegasus server, DFSMSrmm CIM Update

Improving Usability and SkillsHealth Checker improvements &

checks, ISPF, DFSMSrmm, Configuration and Management Usability for Communications

Server, …

Integrating new Applications and Supporting Industry and Open

StandardsXML offload to zIIPs and zAAPs,

System REXX, pthreadenhancements, debugging

improvements with dbx, Binder improvements, PKCS#11 support

Extending the NetworkPolicy-based TCP/IP Routing,

Centralized Policy-Based Networking, Expanded Network

Encryption, FTP Unicode support

z/OS Release 9 Summary

z/OSz/OSR9R9

69692-Jun-08


� z/OS® and IBM System z ™ together– Redefine investment protection

– Going to great lengths to keep applications and data available

– System resources secure

– Server utilization high, and

– Programming environments adaptable

What’s new in z/OSPreview of z/OS V1.10 and more.

70702-Jun-08


IBM System z10 ™ Enterprise Class (z10 ™ EC) to help:� Consolidate and virtualize the server environment� Reduce costs and simplify IT infrastructure� Provide high performance, energy efficient technologies� Resilient and secure system to support business innovation

and growth.

IBM System Storage ™ can help:� Simplify the IT infrastructure and its management � Assure business continuity, security, and data durability� Efficiently manage information over its lifecycle

z/OS platform - synergy with IBM System z servers and IBM System Storage

71712-Jun-08


� Building on leadership capabilities– Over 50% more capacity and flexibility to

support growth and consolidation of workloads

– Enhanced algorithms to strengthen security– Improved resiliency to help reduce risk– Improved efficiency to help further reduce

energy consumption– 100 Capacity settings for ‘right-sizing’ to

optimize capacity and cost

� Delivering new capabilities– 4.4 GHz quad core processor for performance

for open workloads such as Java®, Linux® and, z/OS

– Expanded choice and value for future workloads enabled through the integration of Cell technology

– Just in Time deployment of capacity– Over 50% extra specialty engine capacity at

no extra cost– Can reduce labor, software license, and

energy costs through large scale consolidation

A marriage of evolution and revolution

Introducing the IBM System z10 Enterprise Class

72722-Jun-08


z/OS

z/OS XML System ServicesIn general, what XML workloads can be eligible for zIIP or zAAP

zAAP enablementzIIP enablement

z/OS XML System Services

Validating parsing**

Example: DB2 9

IBM SDK XercesJ/XML4J(or any Java-based XML parser)

Example: EnterpriseCOBOL V4.1

IBM XMLToolkit for z/OS

Non-validating parsing

Par

tial r

edire

ct d

ue to

DR

DA

Other XML processes

� How much work is eligible for the zAAP will depend on amount of XML data being processed.� ** No exploiters for z/OS XML System Services valid ation parsing, yet. SOD – IBM intends to extend the IBM XML Toolkit for z/OS to

include exploitation of z/OS XML System Serivces val idation parsing

Example: DB2 9 DRDAover TCP/IP

Application call from TCB mode

Application call executing from enclave SRB mode

Available

6/07

Available

9/07

new!

new!

new!Available

12/07


73732-Jun-08


Centralized policy-based networkingz/OS Communications Server

� Define policies in one place (or read/ update existing policies*) and apply them uniformly across the z/OS network

� Uses z/OS Communications Server policy agent to create, manage, and distribute policies

� IPSecurity, Application Transparent Transport Layer Security, Intrusion Detection Services, Quality of Service, Network Security Services, TCP/IP Policy-Based Routing

� Define policies in one place (or read/ update existing policies*) and apply them uniformly across the z/OS network

� Uses z/OS Communications Server policy agent to create, manage, and distribute policies

� IPSecurity, Application Transparent Transport Layer Security, Intrusion Detection Services, Quality of Service, Network Security Services, TCP/IP Policy-Based Routing

Policy-based networking

� Application Transparent -TLS (1.7) and IPSec (1.7)– Simplified development and maintenance of security-rich Web apps – centralized configuration of AT-

TLS and IPSec can help you secure the network data with no application modification.– AT-TLS for FTP and TN-3270 (1.9) AT-TLS for SASP Load balancing advisor (1.10)*

� Quality of Services & Intrusion Detection Services (1.8)– Quality of Service policies help maintain network traffic prioritization– IDS policies help you detect and report suspicious network activities

� Network Security Services (NSS) (1.9)– Provides single, centralized certificate storage, monitoring, and

managing services for IPSec cross-systems or cross-sysplex– NSS for WebSphere DataPower appliance ID authentication and access checks (1.10)*

� TCP/IP Policy-Based Routing (PBR) (1.9)– Outbound network traffic can be separated by application needs– Allows TCP/IP stack to make routing decisions based on job name, ports, protocol (TCP or UDP),

source IP address, NetAccess security zone, and security label

� Defensive filtering (1.10)* – Defensive filters (temporary security policies) can be quickly deployed to defeat network attacks


74742-Jun-08


� Designed to provide the infrastructure, services, and interfaces to support a browser based graphical user interface needed to support a management console for z/OS.

� This initial release of the z/OS Management Facility plans to provide job and process management and Parallel Sysplex management support.

Navigator is tailored to each user’s role and responsibilities.

Navigator is tailored to each user’s role and responsibilities.

Log of system events. Clicking on an event brings up details.

Log of system events. Clicking on an event brings up details.

A z/OS Management Facility *A Web-browser based management console for z/OS


75752-Jun-08


z/OS integration with the z10 EC and IBM storageSupporting System z innovation, raising the IT bar and taking System z to the next level of...... scalability and performance� HiperDispatch for intelligent dispatching of work for

optimized performance1

� Up to 1 TB of real memory2 and 64 processors (zIIPs, zAAPs, and CPs) 3 per LPAR

� Extended Address Volume (EAV) capability for large storage volumes, improved storage managemement4,5

� Large (1 MB) pages expected to reduce memory management overhead for exploiting applications3

� Support for Hardware Decimal Floating Point enables high performance computing for your commercial workloads3

� Support for InfiniBand Coupling Links1

...availability� Support for Basic HyperSwap – for high availability

disk*,3

� Continued Parallel Sysplex clustering and GDPS enhancements

... networking and connectivity� Policy-based networking helps create a network responsive

to your application needs1

� Automatic intrusion defense capabilities*,4

... simplified operations� Capacity Provisioning Manager – Dynamically allocate/

deallocate resources on System z10*� z/OS Management Facility (SOD) - a single, modern,

Web-browser based management console for z/OS, intended to simplify day-to-day operations and administration of a z/OS system*.

....improved economics� Additional XML exploitation of specialty engines3

� zIIP assisted z/OS Global Mirror (XRC) 3

(1) available with z/OS V1.7 with appropriate main tenance(2) available with z/OS V1.8 and appropriate maint enance,

1TB memory on z10 E56 and E64 only(3) available with z/OS V1.9 and appropriate maint enance(4) planned for z/OS V1.10 *(5) with appropriate storage


76762-Jun-08


� IBM’s commitment to the mainframe helps deliver:

–Extreme scalability, and availability

–Reduced costs and simplified IT infrastructure

–High performance and energy efficient technologies

–a resilient and security rich system

Summary

77772-Jun-08


Thanks for listening

Garry Geokdjian

System z Technical Consultant

Chartered Member of British Computer Society

Email: [email protected]

Tel: +44 (0)20 8818 4768

This is session z01 – please leave your feedback – th anks!

79792-Jun-08


End of Service

Coexists with

z/OS...Ship Date

9/07 1.8

9/08 1.9

9/09* 1.10*

9/10* 1.11* 9/07

9/11* 1.12* 9/08*

9/12* 1.13* 9/09*

R10* x x x

z/OS z800z900

z890z990

z9 ECz9 BC

R6

R7

R8

x

x

x

x

x

x

x

x

x

R9 x x x

R11* x x

x

DS8000 DS6000

x

x

x

x

xx

x

TS1120

x

x

x

x

x

z/OS 1.9 Coexistence-supported releasesRelease Coexistence-supportedz/OS 1.9 z/OS 1.7, z/OS 1.8, z/OS 1.9z/OS 1.10* z/OS 1.8, z/OS 1.9, z/OS 1.10*z/OS 1.11* z/OS 1.9, z/OS 1.10*, z/OS 1.11*

z/OS.e 1.7, 1.8 supported on z800, z890, and z9 BC only. There is no z/OS.e 1.9.

x**

z10 EC

x

x

x

x

x


z/OS Support Summary

** zIIP Web Deliverable required for HiperDispach su pport on System z10

80802-Jun-08


System z10 EC New Functions and Features

New Capacity on Demand architecture and enhancements

Capacity Provisioning

Hardware Decimal Floating Point

Enhanced CPACF SHA 512, AES 192 and 256-bit keys

HiperDispatch

Large Page (1 MB)***

Fixed HSA as standard

Up to 1,520 GB memory**

Star Book Interconnect

36 CP Subcapacity Settings

Up to 64 customer PUs

Faster Processor Unit (PU)

Five hardware models

Power Monitoring support

Standard ETR Attachment

STP using InfiniBand (2Q08)

Improved RAS

Scheduled Outage Reduction

FICON LX Fiber Quick Connect

InfiniBand Coupling Links (2Q08)

6.0 GBps InfiniBand HCA to I/O interconnect

HiperSockets enhancements

OSA-Express3 10 GbE (2Q08)

SCSI IPL included in Base LIC

FICON Enhancements

* All statements regarding IBM's future direction and intent are subject to change or withdrawal without notice, and represent goals and objectives only.

** Maximum of 1 TB per LPAR. Maximum supported by z/OS R7 is 512 GB. z/OS R8 and later are designed to support up to 4 TB per image.*** z/OS R9 and later required for large page support

(z/OS Support in blue)

81812-Jun-08


� Additional features, service or Web downloads required )** Note: Please refer to the latest PSP bucket for latest PTFs for z10 EC Compatibility

and new functions/features support.

1.71 STP NTP Client Support

1.7OSA-Express3 10 Gbps – CHPID OSD

1.9HiperSockets Multi Write Facility

1.81520 GB per server, 1 TB per LPAR

1.714096-bit RSA support

1.964-way support

1.71InfiniBand Coupling

1.8HW Decimal Math Support

1.9Capacity Provisioning

1.71Basic System z10 EC support

1.71CPACF Enhancements

1.91Large Page (1MB)

1.71 HiperDispatch

z/OS(**) � Want new z10 EC function? no need to wait for z/OS V1.10

� Migrate to z/OS V1.9 today– All z10 EC capabilities available with z/OS V1.9

– z/OS V1.7 goes out of service September 2008

• Order z/OS V1.9 today

– Information on migration

• Feb 2008 z/OS Hot Topics articlewww-03.ibm.com /systems/z/os/zos/bkserv/hot_topics.html

• IBM Education Assistant modules• publib.boulder.ibm.com /infocenter/ieduasst/stgv1r0/index.jsp?topi

c=/com.ibm.iea.zos/zos/1.9/InstallationAndMigration.html

• Upcoming Migration Conference call (Mar 27)• Info at: www-03.ibm.com /systems/z/os/zos/index.html

• Migration workbooks• www-03.ibm.com /systems/z/os/zos/installation/

• Migration Checker• www-03.ibm.com /systems/z/os/zos/downloads/#mchecker

• IBM and IBM Business Partner Services• See your representative for more details

z10 EC and z/OS Support for New functions

82822-Jun-08


� IBM intends to expand support for EAV with larger v olume sizes and to allow additional data set types to reside in the cylinder s after the first 65,520 cylinders.

� z/OS V1.10 is planned to be the last release in whi ch z/OS Communication Server will support these functions:– Network Database (NDB)

– BIND DNS 4.9.3

– DHCP server

– Boot Information Negotiation Layer (BINL)

� IBM intends to provide support within z/OS that wil l allow authorized applications to query, change, and perform basic operational proced ures against the installed System z hardware base.

� IBM intends to introduce an IBM z/OS Management Fac ility, which will be designed to provide the infrastructure, services, and user i nterfaces to support a browser based graphical user interface needed to support a management console for z/OS.

� And... preview for TotalStorage Productivity Center fo r Replication Basic Edition for System z – to enable Basic HyperSwap


Statements of Direction* (February 2008)

83832-Jun-08


� Academic Initiative - The infrastructure is complete , time to leverage it– Enabling students and faculty– Faculty seminars and workshops– No-charge access to remote mainframe hubs WW – Courses and e-Learning– Mastery Test & Student Opportunity System– Student Mainframe contests

� z/OS Basic Skills Information Center for new and ex perienced users – publib.boulder.ibm.com /infocenter/zoslnctr/v1r7/index.jsp– z/OS Basics publication as well as interactive courses

� IBM Education Assistant (IEA)– ibm.com /software/info/education/assistant/ – Click on ‘Other Systems’– Online education on z/OS performance,

tuning, and best practices tips

� Application development simplification – Rational® (WebSphere) Developer for System z

ibm.com /software/awdtools/devzseries/



Simplifying access to z/OS skills!

84842-Jun-08


z/os trends and directions - ibm€¦ · z/os trends and directions colin paice...

Documents