For more V2R2 new functions, see z/OS V2R2 Communications Server: New Function Summary.
TN3270E Telnet server Express Logon Feature support for Multi-Factor Authentication March 2018
z/OS V2R2 Communications Server, with RACF APAR and IBM MFA for z/OS APARs, extends the TN3270 Telnet server Express Logon Feature (ELF) to support IBM Multi-Factor Authentication (MFA) for z/OS. With this support, TN3270 clients can experience the same single sign-on behavior that is already offered by the PassTicket-based ELF, but now via an MFA token that is assigned by a SAF-compliant external security manager like IBM Security Server RACF.
- IBM Security Server RACF APAR OA53002
- IBM Multi-Factor Authentication for z/OS APARs PI86470 and PI93341
3270 Intrusion Detection Services May 2017
z/OS V2R2 Communications Server enables 3270 data stream intrusion detection services (IDS) that detect and act on violations of the 3270 data stream protocol. The 3270 IDS function monitors 3270 data streams for primary logical units (PLUs) that are connected to the z/OS VTAM instance. The 3270 IDS function monitors for any attempt to write past the end of input fields or to modify protected fields. It also writes GTF type F90 records and SMF type 119 (subtype 81) records for each incident.
SMF 119 TCP connection termination record (subtype 2) enhanced to provide IP filter information March 2017
A new IP filter section is added to the TCP connection termination record (type 119 subtype 2). The IP filter section is present in the record when IP Security is enabled for the TCP/IP stack and IP filtering was done for the connection. It provides the inbound and outbound filter rule names and actions in use for the connection.
IBM Health Checker for z/OS application health checks May 2016
IBM Health Checkers for z/OS application health checks are provided to identify whether MVRSHD server is active, whether RSH clients are using RHOSTS.DATA datasets for authentication, whether SMTP server is configured as a mail relay and whether SNMP agent is configured with a community name of public.
IBM Health Checker for z/OS application health check for FTP ANONYMOUS JES May 2016
IBM Health Checker for z/OS application health check is provided to help determine whether your FTP server allows anonymous users to submit jobs. When ANONYMOUS FTP is allowed on the FTP server, it is recommended that ANONYMOUSLEVEL be set to 3 and ANONYMOUSFILETYPEJES be set to FALSE. Otherwise, anonymous users can submit jobs to run on the system.
z/OS Configuration Assistant for Communications Server support for import of TCP/IP configuration January 2017
With Configuration Assistant, you can import your current TCP/IP stack profiles into the Configuration Assistant, to help you transition to using the Configuration Assistant for your TCP/IP profile management.
IBM Health Checker for z/OS migration health check for TFTP daemon August 2016
IBM Health Checker for z/OS migration health check is provided to determine whether you are using the Trivial File Transfer Protocol daemon (TFTPD). Support for the TFTPD will be removed in a future release of IBM z/OS Communications Server.
IBM Health Checker for z/OS migration health check for additional legacy devices March 2016
IBM Health Checker for z/OS migration health check is provided to determine whether you are using TCP/IP legacy devices. Support for the DEVICE and LINK profile statements for the TCP/IP legacy device types will be removed in a future release of z/OS Communications Server: FDDI and Token Ring (LCS with LINKs FDDI and IBMTR), Token Ring (MPCIPA with LINK IPAQTR), and Ethernet and FDDI (MPCOSA with LINKs OSAENET and OSAFDDI).
z/OS V2R2 Communications Server: AIMON enhancements February 2017
With the AIMON support enhancements, VTAM will monitor interfaces for overdue adapter interrupts. If an overdue adapter interrupt is detected, VTAM will drive a virtual interrupt in an effort to prevent a stall condition.
Enhance IPSEC support for clients using DRVIPA to initiate connections from local sysplex distributor to target server January 2016
The DVLOCALFLTR profile parameter is added to the IPSEC statement to enable filtering of TCP traffic between a client and an IPv4 dynamic VIPA defined on the same TCP/IP stack.
Application, middleware, and workload enablement
Code page enhancements for CSSMTP July 2018
z/OS V2R2 Communications Server, with APAR PI93278, is enhanced to support multi-byte character sets with the Communications Server SMTP (CSSMTP) application. This enhancement allows migration from SMTPD to CSSMTP for customers that use multi-byte character set code pages, and provides improved code page support for characters in the mail subject line.
Dependency: To use CSSMTP MBCS function, you also need Unicode Support APAR OA55727.
Sendmail to CSSMTP bridge May 2017
The z/OS UNIX sendmail application is removed in IBM Communications Server for z/OS Version 2 Release 3. The z/OS sendmail to CSSMTP bridge (sendmail bridge) is a new application. It is a limited function sendmail client that sends mail to the JES spool where it can be processed by CSSMTP. It provides a compatible subset of sendmail functions so that z/OS UNIX users can continue to use the sendmail command to send mail messages. It can be used in this release to prepare for the removal of the z/OS UNIX sendmail application in z/OS Version 2 Release 3.
Improved CSSMTP code page compatibility with target servers March 2017
The Communications Server SMTP (CSSMTP) application is enhanced to send mail messages with special characters, such as the Euro sign (€), embedded in the body of the mail message in the code page expected by the mail server.
A failed ioctl() request for SIOCSVIPA/6 September 2016
The return information on a failed ioctl() request for SIOCSVIPA/6 to create a Dynamic VIPA with affinity is enhanced to distinguish between a retryable and a non-retryable condition. The -a option of the moddvipa utility can be used to create a Dynamic VIPA with affinity as an alternative to programming the ioctl().
Improved CSSMTP TLS compatibility with mail servers September 2016
The Communications Server SMTP (CSSMTP) application is enhanced to send an EHLO command after a successful TLS negotiation with an SMTP server. SMTP servers may require an EHLO SMTP command after a successful TLS negotiation.
CSSMTP customizable ATSIGN character for mail addresses March 2016
The Communications Server SMTP (CSSMTP) application is enhanced to recognize a different character as the industry standard at sign (@) symbol in a mail address. The specified character is recognized as the at sign symbol only in the SMTP commands and headers in mail messages.
Economics and platform efficiency
Communications Server support for RoCE Express2 features September 2017
This new function extends the Shared Memory Communications over Remote Direct Memory Access (SMC-R) function to support the next generation IBM 10 GbE RoCE Express2 feature. The IBM 10 GbE RoCE Express2 feature allows TCP/IP stacks on different LPARs within the same central processor complex (CPC) to leverage the power of these state-of-the-art adapters to optimize network connectivity for mission critical workloads by using Shared Memory Communications technology.
Allow the underscore character in symbol names in the PROFILE.TCPIP data set May 2017
In z/OS Communications Server V2R2, TCP/IP code to process the profile data set has been updated to treat the underscore as a valid character in a MVS system symbol.
Shared Memory Communications - Direct Memory Access October 2016
This new function allows you to enable Shared Memory Communications - Direct Memory Access to provide high performance communications between TCP/IP stacks within the same central processor complex (CPC).
VTAM internal trace default changed to disable SMS option June 2016
The VTAM Internal Trace (VIT) default is changed to remove the SMS option. You can explicitly enable the SMS option when required for problem diagnosis. You can use D NET,TRACES to verify which of the (user controlled) VIT options you are currently running.
Scalability and performance
IWQ support for IPSec June 2018
z/OS V2R2 Communications Server, with TCP/IP APAR PI77649 and SNAR APAR OA52275 is enhanced to support inbound workload queueing for IPSec workloads for OSA-Express in QDIO mode.
Incompatibilities: This function does not support IPAQENET interfaces that are defined by using the DEVICE, LINK, and HOME statements. Convert your IPAQENET definitions to use the INTERFACE statement to enable this support.
- This function is limited to OSA-Express6S Ethernet features or later in QDIO mode running on IBM z14.
- This function is supported only for interfaces that are configured to use a virtual MAC (VMAC) address.
Improved control over default VTAM VIT options December 2016
VTAM provides two levels of operator control including "Full VIT control" and "Base VIT control" for managing the VIT in internal mode. The two levels of VIT control apply to internal mode recording only. External mode recording of VIT records is unchanged regardless of the level of VIT control used for internal mode recording.
If you have any comments or questions about New Function APAR Summary, send an email to firstname.lastname@example.org.