Actions you can take before you order a z13 or z13s server
- Review the sysplex configuration in which the z13 or z13s server will participate. See Restrictions for a z13 or z13s server for a description of the limitations when using z13 or z13s servers with certain earlier servers in a Parallel Sysplex®.
- Implement an STP timing network. This action is needed because Sysplex Timers (9037-002) are not supported on z13 or z13s servers.
- Migrate from ISC-3 links to Infinband or Integrated Coupling Adapter (ICA) links. This action is needed because ISC-3 links are not supported on z13 or z13s servers. If desired, you can take this action after you order a z13 or z13s server, as you upgrade to the new server.
- Migrate from unsupported hardware features to newer technology. This action is needed because ESCON, FICON® Express4, Crypto Express3, and OSA-Express3 are not supported on z13 or z13s servers. See Restrictions for a z13 or z13s server, Replace unsupported devices, and Provide for new device installations.
- Determine the level of cryptographic support you require on
a z13 or z13s server. The level
of function provided for cryptographic support differs by z/OS® release and the installed
ICSF web deliverable. Also, toleration PTFs are available for some
cryptographic web deliverables.For z/OS V2R2, consider the following:
- If you are using the level of ICSF that is shipped as part of z/OS V2R2, you can use the most functions of the Crypto Express5 feature on a z13 or z13s server.
- The Cryptographic Support for z/OS V1R13 - z/OS V2R2 web deliverable (FMID HCR77B1) provides some additional function and also incorporates enhancements that are available in PTFs for the base level of ICSF included in z/OS V2R1. The web deliverable includes new operator commands with Parallel Sysplex wide scope that can be used to perform certain cryptographic administrative functions. These functions include activating, deactivating, and restarting cryptographic coprocessors. This support can also be used to display status for available cryptographic devices and information about active key data sets (KDSs).
For z/OS V2R1, consider the following:- If you are using the level of ICSF that is shipped as part of z/OS V2R1, you can tolerate Crypto
Express5 on a z13 or z13s server, which treats Crypto
Express5S cryptographic coprocessors and accelerators as Crypto Express4S
coprocessors and accelerators. However, you must install the required
PTFs identified by the SMP/E fix category:
- For the z13: IBM.Device.Server.z13-2964.RequiredService
- For the z13s: IBM.Device.Server.z13S-2965.RequiredService
- If you require support for greater than 16 domains (up to 85) on Crypto Express5S, you must install the PTFs that are identified by the appropriate fix category IBM.Device.Server.z13-2964.Exploitation or IBM.Device.Server.z13S-2965.Exploitation, or install the Enhanced Cryptographic Support for z/OS V1R13-z/OS V2R1 web deliverable (FMID HCR77B0) or a later ICSF web deliverable.
- If you require Crypto Express4S functionality for CCA 4.4 and
other EP11 cryptographic enhancement support which includes: RKX Key Export
Wrap, UDX simplification, additional EP11 algorithms, expanded EMV
support, AP Configuration simplification, CTRACE Enhancements, and
KDS Key Utilization stats, you must download and install the Cryptographic
Support for z/OS V1R13-z/OS
V2R1 web deliverable (FMID HCR77A1) or the Enhanced Cryptographic
Support for z/OS V1R13-z/OS
V2R1 web deliverable (FMID HCR77B0) or a later ICSF
web deliverable. Note: If you are using the Cryptographic Support for z/OS V1R13-z/OS V2R1 web deliverable (FMID HCR77A1) or a later ICSF web deliverable, and sharing keys with other z/OS systems that have a lower-level of ICSF, you require the coexistence PTFs listed here, which are identified by fix category: IBM.Coexistence.ICSF.z/OS_V1R13-z/OS_V2R1-HCR77A1, or the FIXCAT for the ICSF level that you are using.
- If you require Crypto Express5S exploitation support for the next
Generation Coprocessor support or VISA Format Preserving Encryption (FPE), you
must download and install the Enhanced Cryptographic Support for z/OS V1R13-z/OS V2R1 web deliverable
(FMID HCR77B0) or a later ICSF web deliverable. Note: If you are using the Enhanced Cryptographic Support for z/OS V1R13-z/OS V2R1 Web Deliverable (FMID HCR77B0) or a later ICSF web deliverable, and sharing keys with other z/OS systems that have a lower-level of ICSF, you require the coexistence PTFs listed here, which are identified by fix category: IBM.Coexistence.ICSF.z/OS_V1R13-z/OS_V2R1-HCR77B0, or a later ICSF web deliverable.
For z/OS V1R13, consider the following:- If you are using the level of ICSF that is shipped as part of z/OS V1.13 you can tolerate Crypto
Express5 on a z13 server which
treats Crypto Express5S cryptographic coprocessors and accelerators
as Crypto Express4S coprocessors and accelerators. However you must
install the required PTFs identified by the fix category:
- For the z13: IBM.Device.Server.z13-2964.RequiredService
- For the z13s: IBM.Device.Server.z13S-2965.RequiredService
- If you require Crypto Express4S support of expanded key support
for AES algorithm, enhanced ANSI TR-31 Secure Key Exchange, PIN block
decimalization table protection, PKA RSA OAEP with SHA-256 algorithm,
or additional Elliptic Curve Cryptography (ECC) functions, then you
must download and install the Cryptographic Support for z/OS V1R11-V1R13 (or higher) web deliverable
(FMID HCR7790) and the PTFs identified by the fix category:
- For the z13: IBM.Device.Server.z13-2964.Exploitation
- For the z13s: IBM.Device.Server.z13S-2965.Exploitation
Note: If you are using the Cryptographic Support for z/OS V1R11-V1R13 Web Deliverable (FMID HCR7790) and sharing keys with other z/OS systems that have a lower-level of ICSF, you require the coexistence PTFs that are identified by fix category IBM.Coexistence.ICSF.z/OS_V1R11-V1R13-HCR7790, or a later ICSF web deliverable. - If you require Crypto Express4S functionality including: Enterprise
Security PKCS #11-Hardware Security Module (HSM), DUKPT for MAC and
Data Encryption, Cipher Text Translate CCA Verb, PKDS/TKDS Constraint
Relief, Random Number Cache, FIPS on Demand, or Wrapping Keys with
Strong Keys, then you must download and install the Cryptographic
Support for z/OS V1R12-V1R13
(or higher) web deliverable (FMID HCR77A0). The APARs/PTFs required
to provide support for PKCS#11 are identified by the fix category:
- For the z13: IBM.Device.Server.z13-2964.Exploitation
- For the z13s: IBM.Device.Server.z13S-2965.Exploitation
Note: If you are using the Cryptographic Support for z/OS V1R12-V1R13 Web Deliverable (FMID HCR77A0) and sharing keys with other z/OS systems that have a lower-level of ICSF, you require the coexistence PTFs listed here, which are identified by fix category IBM.Coexistence.ICSF.z/OS_V1R12-V1R13-HCR77A0. - If you require Crypto Express4S functionality for CCA 4.4 and
other EP11 cryptographic enhancement support which includes: RKX Key
Export Wrap, UDX Reduction/simplification, additional EP11 algorithms,
expanded EMV support, AP Configuration simplification, CTRACE Enhancements,
and KDS Key Utilization Stats; then you must download and install
the Cryptographic Support for z/OS V1R13-z/OS
V2R1 (or higher) web deliverable (FMID HCR77A1). The APARs and PTFs
that are required to provide support for PKCS#11 are identified by
the fix category:
- For the z13: IBM.Device.Server.z13-2964.Exploitation
- For the z13s: IBM.Device.Server.z13S-2965.Exploitation
Note: If you are using the Cryptographic Support for z/OS V1R13-z/OS V2R1 Web Deliverable (FMID HCR77A1) and sharing keys with other z/OS systems that have a lower-level of ICSF, you require the coexistence PTFs that are identified by fix category IBM.Coexistence.ICSF.z/OS_V1R13-z/OS_V2R1-HCR77A1, or the FIXCAT for the ICSF level that you are using. - If you require support for greater than 16 domains (up to 85) on Crypto Express5S, you must install the PTFs that are identified by the fix category: IBM.Device.Server.z13-2964.Exploitation or IBM.Device.Server.z13S-2965.Exploitation, or install the Enhanced Cryptographic Support for z/OS V1R13-z/OS V2R1 web deliverable (FMID HCR77B0)
- If you require Crypto Express5S exploitation support for the next
Generation Coprocessor support or VISA Format Preserving Encryption (FPE), you
must download and install the Enhanced Cryptographic Support for z/OS V1R13-z/OS V2R1 web deliverable
(FMID HCR77B0). Note: If you are using the Enhanced Cryptographic Support for z/OS V1R13-z/OS V2R1 Web Deliverable (FMID HCR77B0) and sharing keys with other z/OS systems that have a lower-level of ICSF, you require the coexistence PTFs listed here, which are identified by fix category IBM.Coexistence.ICSF.z/OS_V1R13-z/OS_V2R1-HCR77B0, or the FIXCAT for the ICSF level that you are using.
- Install the necessary z/OS service,
as indicated in PSP buckets. You must obtain all of the appropriate
Preventive Service Planning (PSP) buckets. In addition to the
hardware PSP buckets, you must also obtain the software PSP buckets.
Use the Fix Categories that are specified in the associated FIXCAT
HOLDDATA to identify PTFs required for the z13 server, PTFs needed to exploit z13 capabilities, and PTFs recommended to fix
known problems. Specifically, fixes in the following categories:
- For the z13:
- IBM.Device.Server.z13-2964.RequiredService
- IBM.Device.Server.z13-2964.Exploitation
- IBM.Device.Server.z13-2964.RecommendedService
- For the z13s:
- IBM.Device.Server.z13S-2965.RequiredService
- IBM.Device.Server.z13S-2965.Exploitation
- IBM.Device.Server.z13S-2965.RecommendedService
- For the z13:
- IBM.Device.Server.z13-2964.ParallelSysplexInfiniBandCoupling
- IBM.Device.Server.z13-2964.ServerTimeProtocol
- IBM.Device.Server.z13-2964.UnifiedResourceManager
- IBM.Device.Server.z13-2964.zHighPerformanceFICON
- IBM.Function.zEDC
- For the z13s:
- IBM.Device.Server.z13S-2965.ParallelSysplexInfiniBandCoupling
- IBM.Device.Server.z13S-2965.ServerTimeProtocol
- IBM.Device.Server.z13S-2965.UnifiedResourceManager
- IBM.Device.Server.z13S-2965.zHighPerformanceFICON
- IBM.Function.zEDC
- IBM.Device.Server.*.ParallelSysplexInfiniBandCoupling
- IBM.Device.Server.*.ServerTimeProtocol
- IBM.Device.Server.*.UnifiedResourceManager
- IBM.Device.Server.*.zHighPerformanceFICON
- IBM.Device.Server.zBX-2458
- IBM.DB2.AnalyticsAccelerator.*
If you are exploiting z13 capabilities by installing a web deliverable, you must install the PTFs listed in the software PSP buckets for each of the web deliverables that you are installing. See the Program Directory associated with the web deliverable to identify the required software PSP buckets.
The REPORT MISSINGFIX command checks your GLOBAL zone for FIXCAT HOLDDATA matching the FIXCAT values specified on the command. The command then compares the APARs identified in that FIXCAT HOLDDATA with the PTFs installed in the specified zones, and produces a report to identify any APARs not resolved. In other words, it reports which PTFs (fixes) are missing for the specified fix categories. Furthermore, the command produces a customized job used to obtain any PTFs not already RECEIVEd via the RECEIVE ORDER command, and install any missing service via the APPLY CHECK command.
Note the FIXCAT operand on the REPORT MISSINGFIX command can list multiple fix categories, as well as using the same wildcarding techniques described in this topic for the SOURCEID operand. Because both of these techniques are simple and integrated into basic SMP/E commands, use them periodically to ensure the latest PTFs specified in the hardware and software PSP buckets are installed (since PSP buckets can be updated daily). SMP/E also provides an Explorer function which helps in identifying new fix categories which may be of interest. See the IBM fix category Values and Descriptions page for a description of all the fix categories: http://www.ibm.com/systems/z/os/zos/features/smpe/fix-category.html. For complete information about the REPORT MISSINGFIX command, see SMP/E for z/OS Commands.
- For the z13:
- Run the CFSIZER tool. If you are moving your coupling
facilities and the coupling facility structures will be on higher
CFCC levels than they were previously, run the Coupling Facility Structure
Sizer (CFSIZER) tool to find out if you have to increase coupling
facility structure sizes. Prepare to make the necessary changes to
the CFCC level as indicated by the tool.
You can download the CFSIZER tool at Coupling Facility sizer. Also see Update your CFRM policy with coupling facility structure size changes.
Note: After you make a coupling facility available on the new hardware, you can run the Sizer utility, an authorized z/OS program, to evaluate structure size changes. The Sizer utility is distinct from CFSizer, and should be run after the new hardware (CFLEVEL) is installed, but before any CF LPAR on the new hardware is populated with structures. You can download the Sizer utility at http://www.ibm.com/systems/support/z/cfsizer/altsize.html. - Prepare for the new machine instruction mnemonics. In support
of the z13 server, there are
new machine instructions. The new machine instructions (mnemonics)
may collide with (be identical to) the names of Assembler macro instructions
you use. In the event of such collisions, the Assembler’s default
opcode table (UNI) will treat specification of these names as instructions
when the z13 required service
is installed, probably causing Assembler error messages and possibly
causing generation of incorrect object code. If you write programs
in Assembler Language, compare the names of Assembler macro instructions
used to the new machine instructions (documented in the latest z/Architecture® Principles
of Operation, SA22-7832) to identify any such conflicts or
collisions that would occur. Identical names will cause Assembler
errors or the generation of incorrect object code when you assemble
your programs. For a tool to help in identifying
mnemonic conflicts, see Techdoc PRS5289 at the IBM Techdocs website.If a conflict is identified, take one of these actions:
- Change the name of your macro instruction.
- Specify PARM=’…OPTABLE(YOP)…’ (or some other earlier opcode table).
- Specify a separate ASMAOPT file containing assembler options such as in the previous method (this method requires no changes to source code or JCL).
- Add as the first statement of your source program: *PROCESS OPTABLE(YOP) (or some other earlier opcode table).
- Specify the PROFILE option either in JCL or the ASMAOPT file, and the specified or default member of the SYSLIB data set is copied into the front of the source program.
- If you must use both a new instruction and a macro with the same name in an assembly you can use a coding technique that permits both use of a new instruction and a macro with the same name in an assembly such as HLASM mnemonic tags (:MAC :ASM).
- Decide on the steps to take for your migration to a z13 server. Besides the steps listed here, see the following topic for guidance Migration and exploitation considerations for z13 and z13s server functions.