A fix is available
APAR status
Closed as new function.
Error description
NEW FUNCTION - IBM z/OS Encryption Readiness Technology (zERT) Network Analyzer plug-in for z/OS Management Facility
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: * * All users of V2R3 IBM z/OS Management * * Facility for HSMA23A: IBM * * zERT Network Analyzer. * **************************************************************** * PROBLEM DESCRIPTION: * * NEW FUNCTION - IBM z/OS Encryption * * Readiness Technology (zERT) Network * * Analyzer plug-in for z/OS Management Facility * **************************************************************** * RECOMMENDATION: * * Apply PTF. * **************************************************************** To complete the installation of IBM zERT Network Analyzer, complete the following steps: - Enable the IBM zERT Network Analyzer plug-in in z/OSMF by adding ZERT_ANALYZER to the PLUGINS statement. Procedure: 1. Edit the IZUPRMxx parmlib member and add the ZERT_ANALYZER plug-in identifier to the PLUGINS statement. For more information, consult section 'IZUPRMxx reference information' in z/OSMF Configuration Guide - Authorize the user IDs that will be using IBM zERT Network Analyzer. Users of the IBM zERT Network Analyzer task require access to resources that are protected by the profile <SAF-prefix>. ZOSMF.ZERT_NETWORK_ANALYZER in class ZMFAPLA. You must perform additional steps to create the necessary authorizations. Procedure: 1. Edit the IZUNASEC job before you run it. 2. Add the names of the users that will have authorization to access the IBM zERT Network Analyzer task. ** Connect the users of the zERT Network ** ** Analyzer to the zERT Network Analyzer ** ** group ** CONNECT USER1 GROUP(IZUZNA) CONNECT USER2 GROUP(IZUZNA) ** End connect the users to zERT Network ** ** Analyzer group ** 3. Save your changes and run the updated IZUNASEC job. For more information, consult section 'Updating z/OS for the IBM z/OS Encryption Readiness Technology (zERT) Network Analyzer plug-in' in z/OSMF Configuration Guide Once the above steps are complete, the IBM zERT Network Analyzer plug-in will be visible to the permitted user IDs. Note, however, that further setup is required to define the Db2 for z/OS database and to connect that database to the plug-in. For information on the database setup, other useful information about this function and updates to publications, consult the following URL (all one link): https://www.ibm.com/support/ knowledgecenter/SSLTBW_2.3.0/ com.ibm.zos.v2r3.halg001/nfsrhvhzrtv23.htm Here are some important guidelines to consider as you deploy the zERT Network Analyzer: - You can initially deploy the IBM zERT Network Analyzer plug-in and database on a test system. Use a system where you can familiarize yourself with the plug-in operation as well as the Db2 for z/OS and system resource requirements. Depending on the number of imported SMF records and the complexity of your queries, you might also consider initially limiting query execution to specific times of day or specific systems to minimize system impacts. - zERT Network Analyzer import and query processing for large amounts of data may take a long time and consume significant CPU cycles. Because the zERT Network Analyzer is a Java application, and Db2 for z/OS is used as its data store, much of the zERT Network Analyzer processing is eligible to run on IBM z Integrated Information Processor (zIIP) specialty engines. Consider running zERT Network Analyzer on a system that has sufficient zIIP capacity available in order to minimize the general purpose processor CPU costs associated with import and query operations. Also consider using WLM policies to properly prioritize the DDF workload initiated by the zERT Network Analyzer so it does not impact more important workloads on the system. - If you plan to import SMF dump data sets with large numbers of SMF records (hundreds of thousands or millions), you can reduce the import time and processing costs by filtering out any of the SMF records that are not SMF type 119 subtype 12 before you execute the import operation. These non-zERT records can be stripped out of your SMF dump data sets using the IFASMFDP program. To do this, specify the SMF dump data set containing the SMF type 119 subtype 12 and other SMF records as the input data set (INDD) and specify OUTDD(<outDDname>,TYPE(119(12))) Refer to the z/OS MVS System Management Facilities (SMF) book for complete details on using the IFASMFDP SMF data set dump program. - If possible, consider using a Db2 for z/OS subsystem that is co-located with the zERT Network Analyzer to reduce latency and elapsed times when running operations like SMF imports and queries.
Problem conclusion
With this support, you will be able to easily identify the cryptographic protection attributes of TCP and Enterprise Extender (EE) traffic with local endpoints on your z/OS system
Temporary fix
Comments
APAR Information
APAR number
PH03137
Reported component name
Z/MF CONFIG ASS
Reported component ID
5655S28CA
Reported release
23A
Status
CLOSED UR1
PE
NoPE
HIPER
NoHIPER
Special Attention
YesSpecatt / New Function / Xsystem
Submitted date
2018-09-21
Closed date
2018-12-19
Last modified date
2019-03-01
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
UI60375
Modules/Macros
IZUNASEC IZUZNADG IZUZNADI IZUZNADT IZUZNAHP IZUZNAHS IZUZNAPS IZUZNAPX
Fix information
Fixed component name
ZOSMF ZERT NW A
Fixed component ID
5655S28ZE
Applicable component levels
R23A PSY UI60375
UP18/12/21 P F812
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"23A","Edition":"","Line of Business":{"code":"","label":""}}]
Document Information
Modified date:
01 March 2019