z/OSMF Archives

The new mainframe is full of APIs (and has an extension for Docker Containers)

Post published:September 28, 2019
Post category:Modernization z/OS Container Extensions z/OSMF
Reading time:3 mins read

IBM has announced the new mainframe box, not unexpectedly called z15. The z15 is a huge machine and I would summarize this evolution “bigger and better” without being disrespectful.
Nevertheless, the accompanying announcement of the new release of the flagship operating system for the z15, z/OS 2.4 is massively interesting.

The most eye-catching new feature in z/OS 2.4 is z/OS Container Extensions. With this feature you can run Linux Docker containers under z/OS, next to your existing z/OS applications. Making your Containers thus part of your z/OS infrastructure has some powerful advantages.

Very easy integration of containers in the Continuous Availability solution for Disaster Recovery of your z/OS platform provided by GDPS. I think this is by far the most powerful benefit. Thus you can provide Linux on z solutions even more easily than through a native Linux for z deployment.
Exploit the capabilities of network virtualization of z/OS.
Optimized integration with z/OS workloads.

The second important item to look at is the evolution of z/OSMF. Contrary to what IBM Marketing tells us I believe the second important item in my opinion is not Container Pricing, and not Open Data Analytics on z/OS. The development of z/OSMF is more important because it is fundamentally changing the consumability of the platform, turning the platform into the most open computing platform in the market, through the availability op REST APIs on basically any resource on the platform. And fundamentally transforming the way the platform is managed.

It is exciting to see how the mainframe is changing at the moment. The movements of the last five years are really turning the mainframe from a self-oriented platform into one of the most open and accessible technologies on the market.

The only thing left in my opinion is an affordable, public and easily accessible facility to the platform in order to boost the collaborative community around the platform.

How to authenticate to the z/OSMF API with a certificate

Post published:September 7, 2019
Post category:z/OSMF
Reading time:2 mins read

This is a brief description of how to use the z/OSMF API with certificate authentication, from a PHP application.

Create a certificate.For example with openSSL:

openssl req -newkey rsa:2048 -nodes -keyout yourdomain.key
 -out yourdomain.csr

Send the certificate to a certificate authority to get it signed.

Add the signed certificate to RACF:

RACDCERT CHECKCERT(CERT)RACDCERT ADD(CERT) TRUST WITHLABEL('yourlabel-client-ssl') ID(your RACF userID) SETROPTS REFRESH RACLIST(DIGTCERT, DIGTRING)

When authentication, the userID in the ID field will be mapped to, and the z/OSMF tasks will run under this userID.

Save the signed certificate on the PHP server in a directory accessible for the PHP server.
The following PHP code will then issue a request with client certificate authentication:

curl_setopt($curl, CURLOPT_SSLCERT, '/<server>/htdocs/<somesubdir>yourdomain.csr');
curl_setopt($curl, CURLOPT_SSLCERTTYPE, 'PEM');
curl_setopt($curl, CURLOPT_VERBOSE, 1);
curl_setopt($curl, CURLOPT_HTTPHEADER, array(
// this is the basic auth commented out: 'authorization: Basic ' . base64_encode($this->userid . ":" . $this->password),
etc for the reast of the header