Network security

Before downloading your order, you must understand your network security environment. For example,
  • Does a z/OS® image have access to the Internet?
  • Are there security concerns for downloading to a workstation or transferring files to the host?
If you are planning to download directly to z/OS, you must be familiar with the security and networking information required to navigate your enterprise's firewall or proxy server from z/OS:
  • For ServerPac and SystemPac dump-by-data-set, this information is used by the CustomPac Installation Dialog.
  • For CBPDO, this information must be supplied within the RFNJOBS or RFNJOBH job that is supplied on the Shopz download page.
  • For SystemPac full-volume-dump, this information must be supplied within the GETORDRS or GETORDRH job that is supplied on the Shopz download page.
Server information defines the IBM® server where your order resides. The server information specifies:
  • The IP address or host name of the IBM server.
  • User ID and password information to access the IBM server.

    If you are downloading your order to a workstation and you plan to use SMP/E RECEIVE FROMNETWORK to transfer the order to z/OS, you must update the server information to reflect the workstation's FTP server information.

    Some firewall programs require an explicit IP address. The address depends on your domain. To determine the IP address, you can use the FTP ping command to the server identified on the customized download pages for ServerPac orders. For example, issue ping deliverycb-bld.dhe.ibm.com. This returns the IP address.

  • Package information: package attribute file, hash value, and the package ID (which is used as the package directory in the SMPNTS).
Client information describes:
  • The IP address or host name of the firewall or proxy server
  • IP port
  • User ID and password
  • Account information
  • Firewall-specific or proxy server commands
Both ServerPac and SystemPac (by way of the SMP/E GIMGTPKG service routine) use the One-Way Hash Generate callable service to verify the SHA-1 hash value associated with your package. To ensure the One-Way Hash Generate callable service is available, one of the following actions must be taken, depending on how you intend to receive your order:
  • Start of changeTo receive your order using FTPS, you must have ICSF configured and active, or the SMP/E Java™ application class availableEnd of change
  • To receive your order using HTTPS, you must have the SMP/E Java application class available
Parent topic: Choosing the Internet download method: direct or intermediate