IBM United States
Software Announcement 201-044
February 27, 2001

Preview: IBM z/OS Version 1 Release 2

 ENUS201-044.PDF (32KB)


At a Glance

z/OS V1R2, combined with the IBM e(logo)server zSeries 900 (z900) (or comparable server), continues to support your business needs by offering:

  • Security enhancements that help bolster protection from outside attack and facilitate digital certificate and key-ring administration
  • Improved qualities of service in a Parallel Sysplex environment through System-Managed CF Structure Duplexing (available in fourth quarter 2001) and msys for Operations
  • Extended use of msys for Setup for z/OS configuration
  • Quicker, more seamless integration of software delivery and installation
  • Increased productivity and fewer required skills in managing resources
  • New high-speed, low-latency TCP/IP communication (HiperSockets) between logical partitions that will encourage deployment of new Linux and z/OS applications on the z900 servers (available in fourth quarter 2001)

Overview

z/OS provides the flexibility and speed-to-market that you need to build, run, and sustain an e-business infrastructure.

z/OS Version 1 Release 2 (V1R2) will:

  • Introduce new tools to manage your e-business
  • Offer greater application flexibility
  • Promote ease-of-use through our innovative technology

This new infrastructure is designed for the unavoidable diversity and speed of change that is critical in the new world of information technology.

As the focus of e-business shifts from building Web sites to building virtual enterprises, an extended business network that supports getting your product or service to market first and delivers higher customer value is vital. z/OS V1R2 will provide new tools to help your business accomplish this. Enhancements to the Kerberos infrastructure will allow users to be authenticated across multiple systems. z/OS V1R2 will also provide additional mechanisms to help protect your system from attacks.

To better enable the porting of applications to z/OS UNIX® Systems Services (USS) platforms, z/OS V1R2 will support:

  • Enhanced ASCII (available in fourth quarter 2001)
  • ANSI '98 C++ Standard Compliance (available in fourth quarter 2001)

Working with IBM and other software providers will be easier because you will be able to directly install software products and updates available for download over the Internet.

Greater ease-of-use through innovative technology capabilities in z/OS will allow basic tasks such as defining TCP/IP configuration files and a base Parallel Sysplex® environment to be created more easily and with fewer skill requirements. An even more robust failure recovery capability will be provided by using System-Managed CF Structure Duplexing (available in fourth quarter 2001).

Key Prerequisites

z/OS V1R2 will run on the following IBM servers:

  • z900 or comparable server
  • S/390® Parallel Enterprise Servers — Generation 5 (G5) and Generation 6 (G6) models
  • All models of the Multiprise® 3000 Enterprise Server

For a complete description of z/OS V1R2 software prerequisites, refer to the z/OS Planning for Installation (GA22-7504) publication, which is available upon general availability.

The z/OS V1R1 Upgrade Package for OS/390® V2R10 will remain orderable through at least March 2002. (The upgrade package can only be used for OS/390 V2R10 customers migrating to z/OS V1R1.)

Planned Availability Date

To better align z900 microcode and software deliveries, the planned availability of z/OS V1R2 is October 2001. Ordering information and terms and conditions will be provided when general availability is announced in third quarter 2001.

Previews provide insight into IBM plans and direction.

Description

New Tools for Managing e-business

Distributed Security

Techniques to perform authentication once while allowing you to access multiple systems are coming into increasing usage. z/OS V1R2 will provide a Kerberos credential server and Kerberos application services. z/OS V1R2 will enhance these functions with:

  • Ways to administer the Kerberos registry information
  • Stronger encryption
  • Automated restart across TCP/IP network outages
  • Improved performance in a Parallel Sysplex environment

Several z/OS e-business services will be enhanced in z/OS V1R2 with support for Kerberos third-party authentication:

  • Lightweight Directory Access Protocol (LDAP) directory client server
  • The z/OS USS versions of FTP, Telnet, and RSH

LDAP Directory service enhancements will be provided in usability, performance, and integration into security-aware e-business environments. An LDAP Configuration Utility will easily automate a basic setup. The LDAP Server will allow for more clients to be concurrently connected. The LDAP SDBM function will enhance the capability to manage RACF®-defined users and groups using the LDAP protocol. These improvements will simplify LDAP Client setup:

  • An ability to bind to LDAP Servers (on and off z/OS) using Kerberos credentials for improved security
  • Client-side caching of search results for improved performance of some searches
  • The ability to find an LDAP server via information in a Domain Name System (DNS) server without knowing the LDAP server's host name or IP address in advance

Intrusion Detection for Securing Networks

Firewalls can provide a level of protection against outside attacks. They cannot provide protection when the attack is from within, or when end-to-end encryption is employed. The host-based Intrusion Detection Services (IDS) provided in z/OS V1R2 will complement network-based IDS sensors and scanners. It can discard attacking packets before they cause damage, discard packets exceeding established thresholds, and limit the number of connections from greedy users. IDS will also provide event recording and reporting, including stand-alone reporting of IDS events (attacks) to console and Syslog, a new specialized IDS packet trace for off-line analysis, and statistics-gathering baseline and exception reporting.

Securing Transaction Data

Businesses have requested more options for ensuring the confidentially of information flowing through TCP/IP networks to z/OS servers. FTP is used extensively for movement of bulk data. z/OS V1R2 FTP Client and FTP Server will support SSL for ensuring confidentiality of data being transferred. In addition, clients will be able to use digital certificates for authentication of the requestor.

Cryptography

New banking standards and unique customer applications are requiring continuous additions of new cryptographic functions. z/OS will be adding support for VISA, Europay, and the functions needed for ZKA certification. z/OS will also be adding cryptographic functions needed by applications that personalize smartcards for use in Point of Sale (POS), Debit, and Stored Value applications. For unique customer applications, the PCI Cryptographic Coprocessor supports the loading of customized cryptographic functions on zSeries 900, and S/390 G5/G6 processors. With z/OS V1R2, zSeries PCI cryptographic coprocessors, and under a special contract with IBM, you will gain the flexibility to define and build custom cryptographic functions themselves.

Securing Your System with Digital Certificates

Digital certificate-based authentication provides strong identification and authentication of end users. This technology, known as Public Key Infrastructure (PKI), is growing in use. The Secure Sockets Layer (SSL) function of z/OS is the starting point for digital certificate support for server functions on z/OS:

  • Increased interoperation with software that issues and manages digital certificates (Certificate Authority), through incorporation of PKIX architecture standards. Life-cycle management of certificates requires that servers check for revoked certificates as part of authenticating the user. System SSL will check Certificate Revocation Lists (CRLs) from PKIX-compliant Certificate Authority software.
  • Support for Transaction Layer Security (TLS) standards.
  • Support for dynamic modification to System SSL configuration parameters without disrupting SSL sessions already in progress.

The TN3270 function of z/OS V1R2, in conjunction with client access software such as Host On Demand (HOD), will support the use of digital certificates in place of user IDs and passwords to sign the user on to SNA applications such as CICS®, TSO, and IMS™. HOD users will be able to sign on to multiple SNA applications with a single digital certificate. User passwords need not be known or defined on the target host systems.

z/OS is progressing toward providing generalized certificate authority functions on z/OS. In z/OS V1R2, existing RACF-defined users can be given authorization to request a client digital certificate through a Web-based application.

Networking Your e-Business

Parallel Sysplex qualities of service and workload distribution functions, TCP/IP restart, and storage management enhancements combine to increase z/OS Communications Server availability, scalability, performance, and usability. Proven compatibility with leading networking infrastructure providers, improved migration to dynamic routing protocols, consistent name resolution, updated DNS support (BIND9), and multiple FTP enhancements will serve to encourage convergence to IP networks. Applications will be enabled to request qualities of service based on specific workload traffic. For example, z/OS V1R2 will provide a Universal Resource Record (URR) that will allow the system administrator to prioritize outbound traffic by assigning different service levels.

In addition, HiperSockets, a new high-speed, low-latency TCP/IP communication between logical partitions, will encourage deployment of new Linux and z/OS applications on the z900 servers (available in fourth quarter 2001).

Application Flexibility

z/OS supports the application framework for e-business (such as WebSphere™, Java™, XML, HTML, and TCP/IP). It will give you the ability to build, integrate, and deploy e-business solutions based on business needs, rather than platform restrictions. We offer:

  • Enhanced ASCII support enables the porting of applications from ASCII platforms (available in fourth quarter 2001) to a UNIX System Services environment in z/OS.
  • ANSI '98 C++ Standard Compliance, including the Standard Template Library (STL), enables you to more easily port C++ applications from ASCII platforms (available in fourth quarter 2001) to a USS environment in z/OS.
  • Functions for code set conversion between Unicode and a large set of EBCDIC and ASCII code pages. Also, functions for performing case conversion on Unicode text are available. For downloads and related information:
  • Workload usage patterns of data vary and therefore, the requirements for the underlying data store can vary greatly as well. To meet the changing needs of new workloads, an additional file system to be used with z/OS USS will be provided. This enhanced file system is complementary to the existing Hierarchical File System (HFS). More information about the performance and management considerations will be provided at general availability.

Ease of Use through Innovative Technology

msys for Setup value is extended in z/OS V1R2 (major productivity improvements and reduced skill requirements) to other components as well. With msys for Setup, you will be able to:

  • Create the basic TCP/IP configuration files, such as tcp.data, profile.tcp, and omproute
  • Create the ISPF configuration table keyword file and load module
  • Cover additional tasks for Parallel Sysplex configuration, such as the setup of the system logger, including the logger requirements for IBM License Manager
  • Cover the setup of a base sysplex

msys for Operations will simplify the day-to-day operation of z/OS Parallel Sysplex clusters. By automating typical operator tasks and events in a Parallel Sysplex, it will reduce operations complexity and improve system recoverability, enhancing the availability of Parallel Sysplex clusters. Distinct displays of relevant information will allow greater operational awareness allowing you to be able to easily manage all the systems in a Parallel Sysplex, coupling facilities and their structures, as well as coupling data sets.

New and updated Web-based wizards simplify your planning and configuration needs by exploiting recommended values and by providing customized checklists and outputs for you to use. To try out the z/OS wizards, go to:

Tell the System What You Want, Not How to Do It

z/OS can handle unpredictable workloads and allows high CPU and I/O utilization while still meeting response goals with minimal human intervention for setup and operation. Enhancements include:

  • Intelligent Resource Director will allow dynamic assignment of CPU resources to non-z/OS partitions such as Linux (available in fourth quarter 2001).
  • WLM report classes will show response time distributions, which can improve sysplex-wide performance evaluation independent from how business applications are managed.

Improved Availability with Parallel Sysplex

A fundamental objective of the Parallel Sysplex is near-continuous availability. For subsystems that place modified data in the coupling facility, supporting this objective in the event of a coupling facility failure is necessary. Some subsystems have no recovery for coupling facility failures at all, or require manual procedures and sysplex-wide log merge processes in order to recover their coupling facility structure data. System-Managed CF Structure Duplexing will improve availability by:

  • Providing a robust failure recovery capability via the redundancy of duplexing
  • Significantly reducing the subsystem's cost to provide this capability
  • Enhancing the ease of use of Parallel Sysplex by providing a consistent recovery mechanism for subsystems to exploit

The robust failure recovery capability of duplexing will be achieved by creating a duplexed copy of the Coupling Facility (CF) structure in advance of any failure, and then maintaining the two structure instances in a synchronized duplexed state during normal operation.

The System-Managed CF Structure Duplexing capability is a combination of z/OS support and Coupling Facility Control Code (CFCC) LEVEL 10 LIC support on zSeries servers to be provided in the fourth quarter 2001. Rollback of the processor CFCC Level 10 LIC functions to G5/G6 servers and R06 coupling facilities will also be provided in the z/OS V1R2 timeframe. This function will provide significant support in the area of Parallel Sysplex near-continuous availability and ease of management of your systems during failure recovery.

Production-Ready IBM License Manager (ILM)

ILM is available with z/OS V1R1, which becomes generally available on March 30, 2001. This starts the ILM Preproduction Period. During this time, customers can prepare their systems for ILM and begin using it for testing and migration purposes. Customers will continue to be charged for products at full machine capacity and place all orders through today's channels. This period will continue until the service required to make ILM production-ready is available on September 30, 2001. At that time, customers will install the service, perform their first production-level reconciliation, and, assuming the other eligibility criteria are met, can start using Workload License Charges (WLC) at less than full machine capacity. z/OS V1R2 will also require the installation of production-level ILM service. For more information on WLC, ILM, the ILM Preproduction Period, and the ways in which various IBM products will interact with ILM, refer to the following Web sites:

New Hardware and Software Support by Resource Measurement Facility (RMF™)

In order to better monitor your system, RMF will offer the following:

  • RMF Monitor III is being extended to support workload-based pricing, by providing online, real-time utilization information about logical partitions (LPARs).
  • The Postprocessor CF Activity report will show new CF-to-CF connectivity and will allow you to evaluate and monitor new structure instances resulting from System-Managed CF Structure Duplexing.
  • The RMF Workload Activity Reporting support will help you to understand which workloads in the IT shop make use of the cryptographic facilities. The data provided will allow you to identify hardware bottlenecks and the work that is most impacted by them.
  • z/OS performance data will be available via LDAP, thus providing a platform-independent interface for systems management applications.

Withdrawn Products

As stated in the z/OS V1R1 announcement, the following will be withdrawn with z/OS V1R2:

  • V4 Kerberos support from the Communications Server
  • Pre-Compiled Header files (PCH) support in the C/C++ compiler
  • RMF Monitor II local 3270 display sessions
  • SOMobjects™

The Tivoli® Management Framework Version 3 (5697-D10) will no longer be included as an element of z/OS. It will only be available as a standalone product for which we do not currently intend to charge a separate license fee.

The ISPF Data Compression function will remain in z/OS V1R2 and foreseeable future z/OS releases. However, the "terse" function used to compress FTP dumps is a more capable compression product. ISPF Data Compression will not be enhanced.

z/OS V1R2 is the last release in which LANRES will be included. For information on migration alternatives, visit:

Also, effective immediately, OS/390 and z/OS customers are no longer entitled to free downloads of HOD Entry. Customers interested in HOD Entry should contact their IBM representative.

Important Web Sites

Release Migrations and Coexistence

As previously described in Software Announcement 200-352 , dated October 3, 2000, OS/390 V2R8, V2R9, V2R10, and z/OS V1R1 are coexistence-supported with z/OS V1R2. Contact your IBM representative for details.

Customer Financing

IBM Global Financing is provided by the IBM Credit Corporation in the United States. Offerings, rates, terms, and availability may vary by country. Contact your local IBM Global Financing organization. Country organizations are listed on the Web at:

Statement of General Direction

IBM plans to take the following actions in the future:

  • Internet Protocol Version 6 (IPv6): IBM intends to provide an integrated IPv6 implementation that will enable application access via the new TCP/IP standard. Enterprise servers and networks must be IPv6-capable in order to deploy new technologies such as voice over IP and wireless Internet access.
  • Multi-Level Security Support: IBM intends to provide additional multi-level security in z/OS. This support will build on the existing multi-level security features that enabled MVS/SP™ V3R1.3 and RACF 1.9 to previously obtain an evaluation under the Trusted Computer Systems Evaluation Criteria.

These statements represent the current intentions of IBM. IBM development plans are subject to change or withdrawal without further notice. Any reliance on this Statement of Direction is at the relying party's sole risk and will not create any liability or obligation for IBM.

Reference Information

  • Software Announcement 200-352 , dated October 3, 2000.
  • Software Announcement 200-354 , dated October 3, 2000.

Trademarks

 
z/OS, IMS, WebSphere, RMF, SOMobjects, MVS/SP, zSeries 900, and the IBM e-business logo are trademarks of International Business Machines Corporation in the United States or other countries or both.
 
Parallel Sysplex, Multiprise, OS/390, RACF, S/390, and CICS are registered trademarks of International Business Machines Corporation in the United States or other countries or both.
 
Java is a trademark of Sun Microsystems, Inc.
 
UNIX is a registered trademark is a registered trademark of the Open Company in the United States and other countries.
 
Tivoli is a registered trademark of International Business Machines Corporation or Tivoli Systems Inc. in the United States or other countries or both.
 
Other company, product, and service names may be trademarks or service marks of others.