IBM United States
Software Announcement 201-044
February 27, 2001
Preview: IBM z/OS Version 1 Release 2
At a Glance
z/OS V1R2, combined with the IBM zSeries 900 (z900) (or comparable server), continues to support your business needs by offering:
z/OS provides the flexibility and speed-to-market that you need to build, run, and sustain an e-business infrastructure.
z/OS Version 1 Release 2 (V1R2) will:
This new infrastructure is designed for the unavoidable diversity and speed of change that is critical in the new world of information technology.
As the focus of e-business shifts from building Web sites to building virtual enterprises, an extended business network that supports getting your product or service to market first and delivers higher customer value is vital. z/OS V1R2 will provide new tools to help your business accomplish this. Enhancements to the Kerberos infrastructure will allow users to be authenticated across multiple systems. z/OS V1R2 will also provide additional mechanisms to help protect your system from attacks.
To better enable the porting of applications to z/OS UNIX® Systems Services (USS) platforms, z/OS V1R2 will support:
Working with IBM and other software providers will be easier because you will be able to directly install software products and updates available for download over the Internet.
Greater ease-of-use through innovative technology capabilities in z/OS will allow basic tasks such as defining TCP/IP configuration files and a base Parallel Sysplex® environment to be created more easily and with fewer skill requirements. An even more robust failure recovery capability will be provided by using System-Managed CF Structure Duplexing (available in fourth quarter 2001).
z/OS V1R2 will run on the following IBM servers:
For a complete description of z/OS V1R2 software prerequisites, refer to the z/OS Planning for Installation (GA22-7504) publication, which is available upon general availability.
The z/OS V1R1 Upgrade Package for OS/390® V2R10 will remain orderable through at least March 2002. (The upgrade package can only be used for OS/390 V2R10 customers migrating to z/OS V1R1.)
Planned Availability Date
To better align z900 microcode and software deliveries, the planned availability of z/OS V1R2 is October 2001. Ordering information and terms and conditions will be provided when general availability is announced in third quarter 2001.
Previews provide insight into IBM plans and direction.
New Tools for Managing e-business
Techniques to perform authentication once while allowing you to access multiple systems are coming into increasing usage. z/OS V1R2 will provide a Kerberos credential server and Kerberos application services. z/OS V1R2 will enhance these functions with:
Several z/OS e-business services will be enhanced in z/OS V1R2 with support for Kerberos third-party authentication:
LDAP Directory service enhancements will be provided in usability, performance, and integration into security-aware e-business environments. An LDAP Configuration Utility will easily automate a basic setup. The LDAP Server will allow for more clients to be concurrently connected. The LDAP SDBM function will enhance the capability to manage RACF®-defined users and groups using the LDAP protocol. These improvements will simplify LDAP Client setup:
Intrusion Detection for Securing Networks
Firewalls can provide a level of protection against outside attacks. They cannot provide protection when the attack is from within, or when end-to-end encryption is employed. The host-based Intrusion Detection Services (IDS) provided in z/OS V1R2 will complement network-based IDS sensors and scanners. It can discard attacking packets before they cause damage, discard packets exceeding established thresholds, and limit the number of connections from greedy users. IDS will also provide event recording and reporting, including stand-alone reporting of IDS events (attacks) to console and Syslog, a new specialized IDS packet trace for off-line analysis, and statistics-gathering baseline and exception reporting.
Securing Transaction Data
Businesses have requested more options for ensuring the confidentially of information flowing through TCP/IP networks to z/OS servers. FTP is used extensively for movement of bulk data. z/OS V1R2 FTP Client and FTP Server will support SSL for ensuring confidentiality of data being transferred. In addition, clients will be able to use digital certificates for authentication of the requestor.
New banking standards and unique customer applications are requiring continuous additions of new cryptographic functions. z/OS will be adding support for VISA, Europay, and the functions needed for ZKA certification. z/OS will also be adding cryptographic functions needed by applications that personalize smartcards for use in Point of Sale (POS), Debit, and Stored Value applications. For unique customer applications, the PCI Cryptographic Coprocessor supports the loading of customized cryptographic functions on zSeries 900, and S/390 G5/G6 processors. With z/OS V1R2, zSeries PCI cryptographic coprocessors, and under a special contract with IBM, you will gain the flexibility to define and build custom cryptographic functions themselves.
Securing Your System with Digital Certificates
Digital certificate-based authentication provides strong identification and authentication of end users. This technology, known as Public Key Infrastructure (PKI), is growing in use. The Secure Sockets Layer (SSL) function of z/OS is the starting point for digital certificate support for server functions on z/OS:
The TN3270 function of z/OS V1R2, in conjunction with client access software such as Host On Demand (HOD), will support the use of digital certificates in place of user IDs and passwords to sign the user on to SNA applications such as CICS®, TSO, and IMS. HOD users will be able to sign on to multiple SNA applications with a single digital certificate. User passwords need not be known or defined on the target host systems.
z/OS is progressing toward providing generalized certificate authority functions on z/OS. In z/OS V1R2, existing RACF-defined users can be given authorization to request a client digital certificate through a Web-based application.
Networking Your e-Business
Parallel Sysplex qualities of service and workload distribution functions, TCP/IP restart, and storage management enhancements combine to increase z/OS Communications Server availability, scalability, performance, and usability. Proven compatibility with leading networking infrastructure providers, improved migration to dynamic routing protocols, consistent name resolution, updated DNS support (BIND9), and multiple FTP enhancements will serve to encourage convergence to IP networks. Applications will be enabled to request qualities of service based on specific workload traffic. For example, z/OS V1R2 will provide a Universal Resource Record (URR) that will allow the system administrator to prioritize outbound traffic by assigning different service levels.
In addition, HiperSockets, a new high-speed, low-latency TCP/IP
communication between logical partitions, will encourage deployment of
new Linux and z/OS applications on the z900 servers (available in fourth
z/OS supports the application framework for e-business (such as WebSphere, Java, XML, HTML, and TCP/IP). It will give you the ability to build, integrate, and deploy e-business solutions based on business needs, rather than platform restrictions. We offer:
Ease of Use through Innovative Technology
msys for Setup value is extended in z/OS V1R2 (major productivity improvements and reduced skill requirements) to other components as well. With msys for Setup, you will be able to:
msys for Operations will simplify the day-to-day operation of z/OS Parallel Sysplex clusters. By automating typical operator tasks and events in a Parallel Sysplex, it will reduce operations complexity and improve system recoverability, enhancing the availability of Parallel Sysplex clusters. Distinct displays of relevant information will allow greater operational awareness allowing you to be able to easily manage all the systems in a Parallel Sysplex, coupling facilities and their structures, as well as coupling data sets.
New and updated Web-based wizards simplify your planning and configuration needs by exploiting recommended values and by providing customized checklists and outputs for you to use. To try out the z/OS wizards, go to:
Tell the System What You Want, Not How to Do It
z/OS can handle unpredictable workloads and allows high CPU and I/O utilization while still meeting response goals with minimal human intervention for setup and operation. Enhancements include:
Improved Availability with Parallel Sysplex
A fundamental objective of the Parallel Sysplex is near-continuous availability. For subsystems that place modified data in the coupling facility, supporting this objective in the event of a coupling facility failure is necessary. Some subsystems have no recovery for coupling facility failures at all, or require manual procedures and sysplex-wide log merge processes in order to recover their coupling facility structure data. System-Managed CF Structure Duplexing will improve availability by:
The robust failure recovery capability of duplexing will be achieved by creating a duplexed copy of the Coupling Facility (CF) structure in advance of any failure, and then maintaining the two structure instances in a synchronized duplexed state during normal operation.
The System-Managed CF Structure Duplexing capability is a combination of z/OS support and Coupling Facility Control Code (CFCC) LEVEL 10 LIC support on zSeries servers to be provided in the fourth quarter 2001. Rollback of the processor CFCC Level 10 LIC functions to G5/G6 servers and R06 coupling facilities will also be provided in the z/OS V1R2 timeframe. This function will provide significant support in the area of Parallel Sysplex near-continuous availability and ease of management of your systems during failure recovery.
Production-Ready IBM License Manager (ILM)
ILM is available with z/OS V1R1, which becomes generally available on March 30, 2001. This starts the ILM Preproduction Period. During this time, customers can prepare their systems for ILM and begin using it for testing and migration purposes. Customers will continue to be charged for products at full machine capacity and place all orders through today's channels. This period will continue until the service required to make ILM production-ready is available on September 30, 2001. At that time, customers will install the service, perform their first production-level reconciliation, and, assuming the other eligibility criteria are met, can start using Workload License Charges (WLC) at less than full machine capacity. z/OS V1R2 will also require the installation of production-level ILM service. For more information on WLC, ILM, the ILM Preproduction Period, and the ways in which various IBM products will interact with ILM, refer to the following Web sites:
New Hardware and Software Support by Resource Measurement Facility (RMF)
In order to better monitor your system, RMF will offer the following:
As stated in the z/OS V1R1 announcement, the following will be withdrawn with z/OS V1R2:
The Tivoli® Management Framework Version 3 (5697-D10) will no longer be included as an element of z/OS. It will only be available as a standalone product for which we do not currently intend to charge a separate license fee.
The ISPF Data Compression function will remain in z/OS V1R2 and foreseeable future z/OS releases. However, the "terse" function used to compress FTP dumps is a more capable compression product. ISPF Data Compression will not be enhanced.
z/OS V1R2 is the last release in which LANRES will be included. For information on migration alternatives, visit:
Important Web Sites
Release Migrations and Coexistence
As previously described in Software Announcement 200-352 , dated October 3, 2000, OS/390 V2R8, V2R9, V2R10, and z/OS V1R1 are coexistence-supported with z/OS V1R2. Contact your IBM representative for details.
IBM Global Financing is provided by the IBM Credit Corporation in the United States. Offerings, rates, terms, and availability may vary by country. Contact your local IBM Global Financing organization. Country organizations are listed on the Web at:
Statement of General Direction
IBM plans to take the following actions in the future:
These statements represent the current intentions of IBM. IBM development plans are subject to change or withdrawal without further notice. Any reliance on this Statement of Direction is at the relying party's sole risk and will not create any liability or obligation for IBM.