z/OS V2R3 Communication Server New Function APAR Summary
New function APAR summary for z/OS V2R3 Communications Server
For more V2R3 new functions, see z/OS V2R3 Communications Server: New Function Summary.
IBM zERT Network Analyzer December 2018
z/OS V2R3 Communications Server introduced a new feature called z/OS Encryption Readiness Technology (zERT). z/OS Management Facility (z/OSMF) V2R3 with APAR PH03137, provides a new plug-in named IBM zERT Network Analyzer. IBM zERT Network Analyzer is a web-based graphical user interface that z/OS network security administrators can use to analyze and report on data reported in zERT Summary records.
- You must have installed z/OSMF V2R3 APARs PH04391 and PH00712 to use IBM zERT Network Analyzer.
- The IBM zERT Network Analyzer task requires Db2 11 for z/OS and above.
- The IBM zERT Network Analyzer task operates on SMF type 119 subtype 12 (zERT Summary) records, which are generated by the zERT Aggregation feature introduced by z/OS Communications Server V2R3 APAR PI83362. Ensure that the the zERT Aggregation feature is installed and enabled (including SMF recording of the zERT Summary records) on the systems you wish to analyze through the zERT Network Analyzer.
z/OS Encryption Readiness Technology (zERT) aggregation function March 2018
z/OS V2R3 Communications Server, with APAR PI83362, provides the new z/OS Encryption Readiness Technology (zERT) aggregation function, which enhances the zERT discovery function introduced with z/OS V2R3. zERT aggregation provides an alternative SMF view of the collected security session data in the form of SMF 119 zERT Summary (subtype 12) records that summarize the repeated use of security sessions by many application connections over time. zERT Summary records are written at the end of each SMF interval. Compared to zERT discovery alone, zERT aggregation can significantly reduce the volume of SMF records while still providing all the critical security information.
In order to properly monitor IBM® Sterling Connect:Direct® traffic when it is protected through SecurePlus TLS/SSL support, you must apply Connect:Direct APAR PI77316 .
TN3270E Telnet server Express Logon Feature support for Multi-Factor Authentication March 2018
z/OS V2R3 Communications Server, with RACF APAR and IBM MFA for z/OS APARs, extends the TN3270 Telnet server Express Logon Feature (ELF) to support IBM Multi-Factor Authentication (MFA) for z/OS. With this support, TN3270 clients can experience the same single sign-on behavior that is already offered by the PassTicket-based ELF, but now via an MFA token that is assigned by a SAF-compliant external security manager like IBM Security Server RACF.
- IBM Security Server RACF APAR OA53002
- IBM Multi-Factor Authentication for z/OS APARs PI86470 and PI93341
Communications support for 25 GbE RoCE Express2 features December 2018
z/OS V2R3 Communications Server is enhanced to support IBM 25 GbE RoCE Express2 features.
Usability and skills
HiperSockets Converged Interface support March 2018
z/OS V2R3 Communications Server, with APARs PI83372 and OA53198, provides the Hipersockets Converged Interface (HSCI) solution to support the z/VM bridge environment. With this solution, a Linux guest can connect to z/OS via Layer 2 HiperSockets and to the external network by using a single IP interface. This support also significantly improves HiperSockets usability, greatly reduces the network administration costs, and eliminates the need to reconfigure z/OS HiperSockets interfaces when moving a z/OS instance from one CPC to another.
Scalability and performance enhancement
IWQ support for IPSec June 2018
z/OS V2R3 Communications Server, with TCP/IP APAR PI77649, is enhanced to support inbound workload queueing for IPSec workloads for OSA-Express in QDIO mode.
Incompatibilities:This function does not support IPAQENET interfaces that are defined by using the DEVICE, LINK, and HOME statements. Convert your IPAQENET definitions to use the INTERFACE statement to enable this support.
- This function is limited to OSA-Express6S Ethernet features or later in QDIO mode running on IBM z14.
- This function is supported only for interfaces that are configured to use a virtual MAC (VMAC) address.
Application development improvement
Code page enhancements for CSSMTP July 2018
z/OS V2R3 Communications Server, with APAR PI93278, is enhanced to support multi-byte character sets with the Communications Server SMTP (CSSMTP) application. This enhancement allows migration from SMTPD to CSSMTP for customers that use multi-byte character set code pages, and provides improved code page support for characters in the mail subject line.
Dependency: To use CSSMTP MBCS function, you also need Unicode Support APAR OA55727.
If you have any comments or questions about New Function APAR Summary, send an email to firstname.lastname@example.org.