We are pleased to release version pyaitoolkit_1.13.0.post9 of the Python AI Toolkit for IBM z/OS, which includes the release of JupyterHub version 4.1.6 on z/OS. This enables data science teams working on IBM Z to use modern notebook workflows directly on z/OS, while preserving enterprise-grade security and isolation.
What is JupyterHub?
JupyterHub is an open-source application that enables multiple users to run and manage separate Jupyter Notebook or JupyterLab instances on shared infrastructure. This multi-user version of the notebook is designed for companies, classrooms and research labs. JupyterHub’s modular architecture and support for multiple deployment models make it a very popular choice amongst data scientists. Organizations can provide secure and flexible access to computational resources while maintaining centralized control. JupyterHub enables teams to collaborate efficiently and standardize their data science workflows.
JupyterHub on z/OS
With this release of JupyterHub in Python AI toolkit on z/OS, we bring the power of interactive notebooks on z/OS to teams and organizations. Our version of JupyterHub on z/OS extends Jupyter functionality by adding support for
- Local Process Spawners
- RACF Keyrings for TLS
What is Local Process Spawner support?
Local Process Spawners allow each user’s notebook server to run under their individual RACF identity, ensuring proper auditability and isolation aligned with z/OS security requirements.
Multiple users on JupyterHub can access their own isolated computational environments on shared infrastructure. Each RACF user gets a personal workspace to develop, experiment, and analyze, while administrators maintain centralized control over resource allocation, security, and system management. With Local Process Spawner support, each user gets:
- A Separate PID
- A Separate memory space
- A Separate working directory
However, each JupyterHub user must:
- Exist as a real RACF user
- Have a home directory
- Have valid permissions
What is RACF keyring support?
On z/OS, enterprise environments usually require certificates to be stored in RACF, as TLS typically relies on certificates stored in RACF instead of PEM files on the USS filesystem. JupyterHub uses RACF keyrings for TLS only, ensuring that certificate material remains protected within RACF and never resides in the USS filesystem.
A RACF keyring contains:
- Server certificate
- Private key
- CA chain
Authentication Model in this release:
- User login is performed via JupyterHub’s Native Authenticator.
- User credentials are validated within the JupyterHub system.
- TLS encryption is provided by RACF keyring-backed certificates.
- TLS termination uses RACF-managed certificates for secure connections.
JupyterHub does not manage password lifecycle. If a user’s RACF password expires, the user must update it using TSO, z/OSMF, or the enterprise password portal.
Architecture Flow for JupyterHub on z/OS would be as follows:
- User logs in through the browser using JupyterHub Native Authenticator.
- TLS encryption for the connection is provided through RACF keyring-backed certificates.
- The Local Process Spawner starts a dedicated notebook server under the user’s RACF identity.
- The proxy routes traffic to the user’s notebook instance.
By integrating JupyterHub with support for Local Process Spawner and RACF keyring-backed TLS, the Python AI Toolkit on z/OS brings secure, modern data science capabilities to the mainframe ecosystem. This release helps organizations standardize workflows, improve collaboration, and leverage the full power of IBM Z for analytics and AI.
Please see https://github.com/ibm-z-oss-oda/python_ai_toolkit_zos/tree/main/requirements for the latest requirements files to upgrade your package collection, and take advantage of these new capabilities. Usage notes are also available on our product page at https://ibm-z-oss-oda.github.io/python_ai_toolkit_zos/ which contains details about installations and pre-requisites for working with JupyterHub 4.1.6 on z/OS.
For further reading on JupyterHub, please refer to the official documentation at https://jupyter.org/hub.