DBAOTM Archives

System management

Post published:September 3, 2024
Post category:DBAOTM - Operating Systems
Reading time:7 mins read

The z/OS operating system is designed to host many applications on a single platform. From the beginning, efficient management of the applications and their underlying infrastructure has been an essential part of the z/OS ecosystem. This chapter will discuss the regular system operations, monitoring processes, and tools you find on z/OS. I will also look at monitoring tools that ensure all our automated business, application, and technical processes are running as expected. System operations The z/OS operating system has an extensive operator interface that gives the system operator the tools to control the z/OS platform and its applications and intervene when issues occur. You can compare these operations facilities very well with the operations of physical processes like in factories or power plants. The operator is equipped with many knobs, buttons, switches, and meters to keep the z/OS factory running. Operator interfaces and some history By design, the mainframe performs operations on so-called consoles. Consoles originally were physical terminal devices directly connected to the mainframe server with special equipment. Everything happening on the z/OS system was displayed on the console screens. A continuous newsfeed of messages generated by the numerous components running on the mainframe streamed over the console display. Warnings and failure messages were highlighted so an operator could quickly identify issues and take necessary actions. Nowadays, physical consoles have been replaced by software equivalents. In the chapter on z/OS, I have already mentioned the tool SDSF from IBM or similar tools from other vendors available on z/OS for this purpose. SDSF is the primary tool system operators and administrators use to view and manage the processes running on z/OS. Additionally, z/OS has a central facility where information, warnings, and error messages from the hardware, operating system, middleware, and applications are gathered. This facility is called the system log. The system log can be viewed from the SDSF tool. SDSF options Executing an operator command through SDSF The system log viewed through SDSF An operator can intervene with the running z/OS system and applications with operator commands. z/OS itself provides many of these operator commands for a wide variety of functions. The middleware tools installed on top of z/OS often also bring their own set of operator messages and commands. Operator commands are similar to Unix commands for Unix operating systems and functions provided by the Windows Task Manager and other Windows system administration functions. Operator commands can also be issued through application programming interfaces, which opens possibilities for building software for automated operations for the z/OS platform. Automated operations In the past, a crew of operators managed the daily operations of the business processes running on a central computer like the mainframe. The operators were gathered in the control room, also called a bridge, from where they monitored and operated the processes running on the mainframe. Nowadays, daily operations have been automated. All everyday issues are handled through automated processes; special software oversees these operations. When the automation tools find issues they cannot resolve, an incident process is…

Security on z/OS

Post published:August 17, 2022
Post category:DBAOTM
Reading time:6 mins read

Security has always been one of the strong propositions and differentiators of the mainframe and the z/OS operating system. In this post I will highlight a few of the differentiating factors of the mainframe hardware and the z/OS operating system. The mainframe provides a number of distinguishing security features in its hardware. In z/OS a centralized security facility is a mandatory and built-in part of the operating system. Also, z/OS exploits the security features that the mainframe hardware provides. This chapter will highlight what the central security facility in z/OS is, and how z/OS exploit unique hardware features of the mainframes. Centralized security management The central security management built into z/OS provides a standardized interface for security operations. A few software vendors have implemented this interface in commercial products, thus providing a security management solution for z/OS. The SAF interface The main security component of z/OS is the centralized security function called System Authorization Facility or SAF. This component provides authentication and authorisation functions. The z/OS operating system itself and the middleware installed on z/OS make use of this central facility. With the SAF functions, z/OS and middleware tools can validate access to the resources that the middleware products need to protect. A protected resource can be a dataset, a message queue, a database table, but also a special function or command that is part of the middleware software. By building in API calls to the SAF interface, the middleware product controls access to sensitive functions and resources. Security products The SAF interface of z/OS operating system is just that: a standardized interface. The implementation of the interface is left to software vendors. The SAF interface does not prescribe how security definitions should be stored or administrated. There are three commercial solutions in the market that have implemented the SAF interface: IBM with its security product RACF, and CA/Broadcom with two different tools: ACF2 and Top Secret. All three software products provide additional services related to security management such as administration, auditing and reporting services. All three products define a special role in the organisation that is appointed to have the restricted ability to define and change the security rules. The security administrator has these special authorizations. The security administrator defines which users and/or groups of users are allowed to access certain resources. The SAF interface and security products IBM Enterprise Key Management Foundation The z/OS operating system in equipped with a tool that IBM calls the IBM Enterprise Key Management Foundation (EKMF). This is a tool that manages cryptographic keys. EKMF is a full-fledged solution for centralized management of cryptographic keys that can be used on the mainframe, but also on other platforms. Many organizations have dedicated key management infrastructure for different platforms. The EKMF solution allows organization to instead build a key management solution that can be used for all platforms. Cryptographic facilities on the mainframe EKMF and other cryptographic features in z/OS make use of the extensive cryptographic functions built into the mainframe hardware. Traditional encryption facilities…

Modern mainframe application development

Post published:April 23, 2022
Post category:DBAOTM
Reading time:6 mins read

In the previous DBAOTM article on DevOps I have introduced the traditional development process, which is often still used in a mainframe environment. In this post I will present a modern approach to development on the mainframe. Modern development processes for the mainframe Requirements for the development process have changed. Applications must be built faster and it must be possible to change applications more often and quicker without impacting the quality of the application. In other words, agile development is needed. The only way to address today business needs into modern agile development processes is to automate all build and deploy processes. A set of principles can then be derived for modern mainframe develops processes. All application artefacts are managed in the (or a) Source Code Management tool.The build processes for all artefact are automated, and can be coherently executed.A build can be deployed in any environment. A build has no environment or organization-specific dependencies.The deployment process for a build is fully automated. Including the fallback procedure. The deployment process is a coherent process for all application artefacts. These principles need to be supported by tools and processes that are (re)designed for these purposes. Of course this is not something specific to z/OS applications, but is true for any modern IT solution. But with the background I have sketched in the previous section, there is a legacy of development processes and tools to take into account and in many organizations this implies significant technical and organizational changes. The modern SCM for z/OS The modern SCM tool for z/OS needs to support all kinds of application artefacts. For the mainframe this means for one thing that not only traditional MVS-type artefacts must be supported, like COBOL programs, COPYBOOKS and JCL, but also Unix type artefacts like Unix scripts and configuration files in z/OS Unix directories. The tools and processes should allow for EBCDIC type artefacts to be created or the z/OS runtime environment, as well as ASCI, Unicode and binary artefacts. Modern SCM tools that can manage z/OS artefacts, are ISPW from Compuware, RTC form IBM, and a new option nowadays is Git, or GitHub. Build automation The modern DevOps process automates the creation of a build. The build process takes the required versions of the application artefacts from the source code management repository and creates a coherent package of these artefacts. This package, also called the build, is deployed in a (test) environment. The build could be deployed in any runtime environment, even outside your organizations. This principle not only enforces standardization of processes and infrastructure in your IT organization, it also allows any future deployments in yet unknown environments – for example in the Cloud. The automated build process itself should be callable through some generic API, so it can be integrated into other automated processes when needed. Build automation on z/OS can be accomplished with a number of tools. Some of these tools are able to handle the z/OS specific needs. IBM has two solutions: Rational build engine…

DevOps processes and tools for z/OS

Post published:January 18, 2022
Post category:DBAOTM
Reading time:4 mins read

In this post I will discuss a traditional view of the DevOps processes and tools for z/OS, and in the follow-on post I will discuss a somewhat futuristic view. The ideal situation for development for z/OS is work for all of us. However, significant progress has been made of the past few years to change the traditional waterfall-oriented processes and tools for development of applications on z/OS into a modern-day agile way of working. Traditional DevOps process for development Before we look at modern development tools for z/OS, let’s first have a look at how application development was traditionally done. The traditional waterfall is a staged approach that is reflected in the processes and tools The development process of applications on z/OS traditionally goes through a number of stages, typically called Development – Test – Acceptance and Production. An application is developed in the development stage. It is unit-tested in the Development environment. When that is done the application moves to the Test stage, from which it is integration-tested in the Test environment. When all is well, the application moved to the Acceptance stage, from which it is Acceptance-tested in the Acceptance environment. Finally, for Go-Live in Production the application is moved to the Production stage, reflecting the situation in the Production environment. What you read from the above simplified process description is that every stage in the process, also has an environment associated with it. The infrastructure setup for the development process, is very much aligned with this waterfall-oriented development process. An application version that has its source code in the Test stage, is using the Test environment to validate correct functioning. Not only does this create obvious source code management problems with parallel development, it also creates a rigid relation between the development process and the physical infrastructure. Deployments are incremental - the concept of a build does not exist What is also different is the traditional development process compared to modern ideas, is that the concept of a build did not exist. A build today, is a collection of all the application artefacts that are needed to run an application in a runtime environment. To run an application you need an executable, and typically also configuration files, scripts and definitions. On the mainframe we get an executable program through a compilation process. For a z/OS application to work, there are typically also some runtime definitions required. These are things like JCL scripts, properties files, database definitions, interface definitions, etcetera. All these artefacts together we nowadays call a build. Most of the processes to create all the z/OS application artefacts that are needed for an application, were disparate, unique processes. Some technologies allowed for standardization of build processes for certain components, mostly for the compilation processes. But most processes were either manual, or automated with in-house created tools, using whatever technology the organization thought best at the time when the need was identified. In summary, creating an application build as we know it today was impossible, and automation…

Integrating z/OS applications with the rest of the world

Post published:September 21, 2021
Post category:DBAOTM IBM Integration Bus
Reading time:9 mins read

Many mainframe applications were built in an era where little integration with other applications was needed. Where integrations were needed, this was mostly done through the exchange of files. For example, for the exchange of information between organizations. In the 1990s the dominance of the mainframe applications ended and client-server applications emerged. These new applications required more extensive and real-time integrations with existing mainframe applications. In this period many special integration tools and facilities were built to make it possible to integrate z/OS applications and new client-server applications. In this chapter I will highlight categories of these integration tools that are available on z/OS, from screen-scraping tools to modern integrations supporting the latest REST API interfaces. File interfaces The mainframe was designed for batch processing. Therefore integration via files is traditionally well catered for and straightforward. You can use multiple options to exchange files between applications on z/OS and other platforms. Network File System Network File System (NFS) is a common protocol that you can use to create a shared space where you can share files between applications. Although it was originally mostly used with Unix operating systems, it is now built into most other operating systems, including z/OS. NFS solutions however are usually not a preferred option due to security and availability challenges. FTP The File Transfer Protocol (FTP) is a common protocol to send files over a TCP/IP network to a receiving party, and it is also supported on z/OS. With FTP a script or program can be written to automatically transfer a file as part of an automated process. FTP can be made very secure with cryptographic facilities. FTP is built into most operating systems, including z/OS. Managed File Transfer Managed file transfer is also a facility to send files over a network, but the “Managed” in the category means a number of additional features are added. Managed file transfer solutions make file transfers more reliable and manageable. A number of additional operational tasks and security functions related to file exchange are automated. Managed file transfer tools provide enhanced encryption facilities, some form of strong authentications, integration with existing security repositories, handling of failed transfers with resend functionality, reporting of file transfer operations, and more extensive API’s. On z/OS a number of managed file transfer tools are available as separate products: IBM has Connect:Direct and MQ-FTE, CA/Broadcom has Netmaster file transfer and XCOM, BMC provides Control-M and there are other less commonly known tools. Message queueing Message queuing is a generic manner for applications to communicate with each other in a point-to-point manner. With message queuing applications remain de-coupled, so they are less dependent on each other’s availability and response times. Applications can be running at different times and communicate over networks and systems that may be temporarily down. As we will see in the next section, when using alternative point-to-point protocols like web services, both applications and intermediate infrastructures must be available for successful application communications. The basic notion of message queuing is that an application…

Programming languages for z/OS

Post published:July 27, 2021
Post category:DBAOTM Programming
Reading time:6 mins read

In this post I will discuss the programming languages you find on z/OS, and what they are generally used for. COBOL The COBOL programming language was invented 60 years ago to make programs portable across different computers. The language is best usable for business programs (as opposed to scientific programs). COBOL is a language that must be compiled into executables, load modules. IDENTIFICATION DIVISION. PROGRAM-ID. COBPROG. ENVIRONMENT DIVISION. DATA DIVISION. PROCEDURE DIVISION. DISPLAY "HELLO WORLD". STOP RUN. PL/I PL/I was developed in the mid-1960s with the aim to create a programming language that could be used for business as well as scientific applications. Like COBOL, PL/I programs must be compiled into load modules. World: Procedure options(main); Put List( 'Hello world' ); End World; Assembler Assembler is still around. In the past business applications were developed using Assembler. Nowadays you should not do that anymore. But there are still a lot of legacy assembler programs around on the mainframe. In the old days, assembler was often used to implement tricks to achieve things that were not possible with the standard operating system, or other programming languages. This practice has created a problematic legacy of very technical programs in many mainframe application portfolios. The modern stance is that Assembler program should be regarded as severe legacy, because it is no longer maintainable and Assembler program are a risk for operating system and middleware updates. Furthermore, we find Assembler programs in modifications to the z/OS operating system and middleware. z/OS offers a number of points where you can customize the behavior of the operating system. These so-called exit-points oftentimes only have interfaces in Assembler. Like application programs in Assembler, z/OS exits in Assembler are a continuity risk. Not only because nobody knows how to program Assembler anymore, but even more so because these exit points make use of interfaces that IBM may (and wishes to) change at any point in the future. IBM is actively removing Assembler-based exit points and replacing these where needed with configuration parameters. The bottom line is that you should remove all home-grown Assembler programs from your z/OS installation. TEST0001 CSECT STM 14,12,12(13) BALR 12,0 USING *,12 ST 13,SAVE+4 LA 13,SAVE WTO 'HELLO WORLD!' L 13,SAVE+4 LM 14,12,12(13) BR 14 SAVE DS 18F END Java The language invented by a team from Sun in the 1990s with the goal to develop a language that could run on any device. Support for Java on the mainframe was introduced somewhere in the beginning of the 21st century. Java programs do not need to be compiled. They are interpreted by a special layer that must be installed in the runtime environment, called the Java Virtual Machine. The execution is (therefore) far more inefficient than COBOL and PL/I. So inefficient that running it on the mainframe would be very expensive (see section Understanding the cost of software on z/OS, MLC and OTC). To address this IBM invented the concept of zIIP specialty engines (see section Specialty engines), which makes running Java on the…

Middleware for z/OS – Database management systems

Post published:June 25, 2021
Post category:Db2 DBAOTM
Reading time:2 mins read

In the previous post I started the first part of describing the middleware tools available on z/OS, kicking off with the available application servers of transaction managers. In this part I will discuss the database management systems that can run on z/OS. Db2 Db2 for z/OS is the z/OS version of IBM’s well-known relational database management system. It is a regular high-end RDBMS, except that it exploits the sysplex capabilities of z/OS. IDMS/DB IDMS/DB is the network database management system com CA/Broadcom. A network database uses special concept to organize data, namely in the form of a network of relationships. Besides some modelling advantages this way of data access can be extremely fast, but as for hierarchical data models like in IMS, it is more difficult to program for it. IMS/DB IBM’s IMS/DB is a hierarchical database management system. Data in such a database management system is not structured in this database in tables like in Db2, but in tree-like hierarchies. In Db2 and other relational databases there is the well-known SQL language to access data, in IMS you have a language called DL/I to manipulate data. The hierarchical data model has some modelling advantages and also data access is extremely fast and efficient. The drawback of it is that it is more complex to program. Datacom/DB Datacom /DB is a relational database management system from CA/Broadcom. ADABAS ADABAS is Software AG's database management system. ADABAS organizes and accesses data according to relationships among data fields. The relationships among data fields are expressed by ADABAS files, which consist of data fields and logical records. This data model is called an inverted-list model.

Middleware for z/OS – Application Servers

Post published:June 24, 2021
Post category:DBAOTM
Reading time:4 mins read

There is a large variety of middleware tools available on z/OS. Some are very similar to the software also available on other platforms, like WebSphere Application Server and Db2, and some are only available on the mainframe, like IMS and IDMS. I will highlight a number of the main middleware tools for z/OS in this chapter. Application Servers Application Servers are tools that make it easier to run interactive applications. Today we call these tools Application Servers. On the mainframe these tools were traditionally called Transaction Managers. A small intermezzo to explain the similarities and get acquainted with the terminology. Applications Servers and Transaction Managers intermezzo Despite their different name, Application Servers and Transaction Managers achieve the same goal: make it easy to build and run interactive applications. Application Servers gather a set of common functions for these types of applications. These functions include network communications, transaction functionality, features to allow scaling of applications, recovery functions, database connectivity features, logging functionality and much more. For Java a standard for these functions is created in the Java Enterprise Edition (JEE) standard. The z/OS Transaction Managers all provide a similar set of functions, for multiple programming language like COBOL, PL/I, C/C++ and Java. With a modern web application server, the user enters a url consisting of the name of a server and an identification of the piece of code on that server. For example, a user types in his browser http://acme.com/fireworks/index.html . In this, acme.com is the server name and fireworks/index.html is the piece of code to execute on that server – called the uri. The application server takes the uri, executes the code and returns a response html page. The traditional transaction managers work in a similar way. First you must make a connection from your terminal to the transaction manager. Traditionally you did this by typing something like “LOGON APPLID(CICSABC)”. Then you were connected to the application server and you were presented some screen. Then you type in a transaction code. The transaction code is similar to the uri: it identifies which piece of code to run. The transaction manager executes the code and returns a response screen to the user. The transaction managers on z/OS nowadays can work in both ways. They still have the traditional interface, which is hardly used for business applications anymore, and they also have a modern web application interface like web application servers. CICS traditional versus a web application server Now let’s have a look at what sort of application servers we have on the mainframe. WebSphere Application Server IBM’s WebSphere Application Server (WAS) is an application server for Java programs, complying to the JEE Java application standard. WebSphere was one of the first implementations of a Java application server. It was made also available on z/OS. Initial implementations of WAS on z/OS were very inefficient and had stability issues. After a redesign and the introduction of speciality engines for Java processing (see section Specialty engines), z/OS has become of very cheap platform for…

Modern tools for development and operations

Post published:June 23, 2021
Post category:DBAOTM
Reading time:2 mins read

In the previous section I explained that green screen interfaces still exist for administrative tasks. But even for these kinds of work there are modern tools with contemporary interfaces. z/OS itself and almost all middleware running on z/OS can be managed with web-based tools, Eclipse-based tools for z/OS, or nowadays more and more Visual Studio Code based tools for z/OS. Furthermore almost all administration tasks on z/OS can be invoked from external tools through REST APIs. More and more development and operations functionality will be made available only in this modern kind of tool sets. The standard Eclipse-based tool for z/OS that you can download for free is called z/OS Explorer. This tool is a desktop client interfacing with z/OS. Many mainframe tools and middleware solutions provide plug-ins for this tool. Figure - z/OS Explorer Considering development tools, there are a number of modern options for the mainframe. IBM has developed an Eclipse-based development tool called IBM Developer for z/OS (IDz). The software company Compuware sells a set of tools for mainframe development called Topaz. There are also open source tools and plugins, like the IBM Z Open Editor for Visual Studio. These modern tools provide a development experience for z/OS applications that is very similar to the experience you have when you develop applications for other platforms, like Java, PHP or Python. Support for developing and debugging mainframe languages such as COBOL and PL/I is supported in the tools, but also Java is supported. As importantly it provides plugins for interacting with middleware such as Db2, MQ, CICS and IMS. IBM, CA, BMC and other vendors provide many modern tools for the administration of specific middleware in your organization. Finally, a recent development is the open source project called Zowe. This project is a collaboration of a number of mainframe software vendors and aims to provide an open source software framework for development and operations teams to securely, manage, control, script and develop for z/OS like any other cloud platform. In separate chapters I will discuss a little bit more on the modern application development and operations architecture tools for z/OS, and on modern monitoring architecture and tools.

The interface to z/OS and the green screen myth

Post published:May 23, 2021
Post category:DBAOTM
Reading time:4 mins read

In the previous posts I have shown you many modern technologies available on z/OS. But still when you think of the mainframe, you think of black screen with green characters, which looks cool in the Matrix, but not so much in real life. Where does this green screen imago come from? In this section I will talk a little bit about the origins of the green screens in mainframe technology. I will also show you that these green screens have become as uncommon to use as a terminal in Unix or command prompt in Windows. Green screens are for administrators and programmers, not end-users The green screens on the mainframe are user-interfaces. In the early days programmers created their programs on paper, behind their desks. They then entered the programs on punch cards or paper tape. That were the media that were then fed into the computers, using a special reader device. Later, in the 1960s, computers with terminal interfaces were build. With the terminals, users could enter programs and data online. This is the period that the green screens originate from. Each computer type had its own terminal technology. Mainframes had technology indicated with a number: the 3270 terminal. These terminals originally worked with green letters on a black background, and could hold as much as 32 lines of 80 characters (or so). We still refer to these 3270 terminals as green screen. Modern mainframe applications do not use these terminal interfaces anymore. Applications on the mainframe most often do not even have a user-interface anymore. They only expose services, or APIs, exposed to mid-tier or front-end applications. (See modern mainframe application architecture section.) Today therefore, the need for these green screens is limited. Only special system administration tools and application programming tools still have a low level interface. And even these are being replaced by tools with more modern interface. System administrators on Windows use the "DOS" command prompt and Unix techies use the Terminal sessions. Similarly, for mainframe techies there is the “green-screen” 3270 terminal. Actually, the Unix Terminal and Windows Command Prompt are quite rudimentary, compared to the 3270 interface to z/OS. Green screen application? Technical debt The days where you had green screen applications are long gone. If you still have them, you should get rid of them. Most well-architected green-screen applications can be turned into service-oriented applications. The front-end can then be replaced by a modern front-end application. You may find yourself in the situation where you need to integrate with green-screen applications that have not been so well-designed. I will talk a little bit about that in a separate section Integration with the rest of the world. In section Application architecture for modern mainframe applications, I describe a reference architecture for modern mainframe applications. Now, I will describe what tools typically still needs 3270 screens. TSO What is the functionality of the command prompt for Windows and the Shell function is for Unix, is the TSO tool for z/OS: a command line interface…