Db2 for z/OS and its ecosystem

 View Only

Planning to install Db2 Administration Foundation or Db2 DevOps Experience for z/OS

By Eric Radzinski posted Fri August 13, 2021 08:19 PM

  

By Sueli Almeida

This document is a supplement to the official installation and configuration instructions for Db2 Administration Foundation for z/OS (Admin Foundation) and Db2 DevOps Experience for z/OS (DOE). It provides an overview of the installation and configuration process for these two products with an emphasis on critical software and security dependencies that will help you plan your installation and configuration efforts. You must still use the official instructions to install and configure these products and their prerequisite products.

Basic software requirements

  • The base of your installation must be z/OS 2.3 or later with the following services enabled:
    • z/OS Integrated Cryptographic Services (ICSF)
    • RACF or an equivalent external security manager that supports the z/OS system authorization facility (SAF) interface
    • z/OS Management Facility (z/OSMF) primarily for its jobs, data sets, and file services
  • Db2 12 for z/OS at any function level is required, and the following supplied stored procedures must be operational:
    • ADMIN_COMMAND_DSN
    • ADMIN_COMMAND_DB2
    • ADMIN_INFO_SYSPARM
    • DSNUTILV

Zowe and IBM Unified Management Server

Zowe and IBM Unified Management Server (UMS) must be installed and configured before you can install and configure Admin Foundation or DOE.

Admin Foundation and DOE run on top of UMS, which is a platform that provides all the common functions needed by the data management capabilities of these two products. UMS includes a web application interface called IBM Unified Experience for z/OS, which is built on top of the open-source Zowe Virtual Desktop. UMS functionality can also be accessed by using its available APIs. These APIs are documented in the Swagger documentation that is available at https://<host>:<port>/ws/swagger-ui.html after you install the product.

Zowe

This blog doesn't cover the Zowe installation; however, it's important to know that the minimum Zowe runtime components for UMS are:

  • Zowe Application Framework (ZLUX)
  • Z Secure Services (ZSS)
    • Zowe Cross-Memory (ZWESISTC) Server
    • Zowe Cross-Memory (ZWESASTC) Auxiliary Server

Note: The Zowe Cross-Memory Servier is an APF-authorized program server application that provides privileged services to Zowe in a secure manner.

At the time this paper was written, the Zowe API Mediation Layer is not required. However, it will be needed when UMS supports Multi-Factor Authentication (MFA). The z/OS Explorer Services is also not required, but it might be a useful feature to have because it makes it easier to look at data sets, files, and job output.

Here's our roadmap progress so far:

Unified Management Server (UMS)

UMS is an SMP/E-installed product. When the SMP/E installation is complete, follow the steps in the UMS install/configuration tasks to complete the installation and configuration.

UMS required User ID authorities

Before you begin to install UMS, identify and/or create the following IDs with the required levels of authority. You’ll likely need to coordinate this task with your System, Security, and Db2 administrators.

  • Installation and configuration System Administrator ID – SMP/E installation for UMS, DOE, and Admin Foundation
  • ID to perform UMS-related post-SMP/E installation tasks. This ID must have:
    • READ access to the Zowe installation directory (ZOWE_ROOT)
    • WRITE access to the Zowe instance directory (ZOWE_INSTANCE_DIR)
    • READ/WRITE access to the <UMS_Install_Directory>
    • Privileges to use ICSF token services
  • ID (STARTED_TASK_TSO_ID) dedicated for the UMS started task.

    Important: It’s strongly recommended that this ID be different than the ID that’s used for any Zowe-related started task.

    This ID must have:

    • READ/WRITE access to the location of the UMS files as specified by the IZP_UMS_VARDIR option in IZPUMSPM, which is a member in the UMS PARMLIB data set.
    • Privileges to use ICSF token services
  • ID (IZP_PKCS11_DBA_USERNAME) that will take the DBA role under UMS. This ID must have:
    • Z/OSMF privileges for its z/OS jobs, data sets, and file REST services
    • SYSADM or equivalent privileges for each Db2 system under UMS

      Note: A secondary authid is supported through the dbaSqlid option in IZPDB2PM, which is a member in the UMS PARMLIB data set.

    • ALTER access to temporary data sets

      Note: You should provide a directory for these temporary data sets in tempDatasetHLQ option in IZPDB2PM.

  • Security Administrator ID allowed to CREATE SAF profiles and GRANT access to the security profiles to UMS users:
    • UMS super administrators
    • UMS regular users (team members, team administrators)

UMS required software

Before you begin to install UMS, be aware that you will be required to provide the Zowe instance directory.

The script that you execute for the UMS installation will attempt to discover the following additional Zowe-related information; however, you must verify the discovered information and provide any values that were not discovered before going further:

  • Zowe install directory
  • Zowe LOAD library
  • Zowe PARMLIB and its member
  • Zowe Auxiliary Server Started Task name, host, and ports
  • Java home directory
  • Node.js home directory

UMS also uses OpenSSL for its installation/configuration process. If the directory that contains the OpenSSL executable is not discovered by the script, you must provide it as well

Note: At the time this document was written, UMS pre-reqs OpenSSL, which pre-reqs Miniconda. This behavior will change in a future release as these components will be integrated into the UMS code.

The discovered/provided information will be recorded into UMS PARMLIB member IZPUMSPM.

After the parameters are successfully validated, a new sample job (IZPSECUR) will be created. Together with another sample job (IZPUSRMD), you will be guided to create the SAF profiles and grant the appropriate authority to the UMS users.

A post-installation script will complete the setup by providing the ID for the UMS started task and performing the following configuration updates:

  • Update the Zowe configuration.
  • Install UMS Zowe plugins.
  • Update the Zowe PARMLIB member with UMS information.

    Note: The post-installation script execution copies the Zowe PARMLIB (ZWEIP00) into the UMS PARMLIB data set with the required updates. It will then attempt to update the Zowe PARMLIB data set with the updated ZWEIP00 member. If this operation is prevented by your environment configuration, you must copy the updated ZWEIP00 member into the Zowe PARMLIB data set manually before starting Zowe again.

  • Copy load modules to Zowe LOAD library.


At this stage, you are ready to start installing and configuring the data management experiences. The Admin Foundation and DevOps Experience are completely independent of each other. You can install either one or both as you need.

Db2 Administration Foundation for z/OS (Admin Foundation)

The remainder of the installation and configuration process for Admin Foundation is very straightforward.

After the SMP/E installation tasks have been completed successfully, you should plan for performing the following steps in advance because they require an outage of the Zowe and UMS servers.

  1. Stop the UMS server.
  2. Stop the Zowe server.
  3. Execute the IZPEXPIN sample job by providing:
    • The directories where the Admin Foundation code and UMS code were installed via SMP/E tasks
    • Data set names for the Admin Foundation PARMLIB and USER.PROCLIB

    Note: If this is the first Db2 data management experience that you are installing, a member named IZPDB2PM with the Db2 subsystem and related tools information will be added to the UMS PARMLIB data set or it will be updated with additional parameters for the Admin Foundation if it already exists. A member named IZPDAFPM will also be added to the UMS PARMLIB data set with the specifics for Admin Foundation. However, no parameters are required to be provided at the initial GA code.

  4. Execute the AFXDAFPO sample job, which was generated by the execution of the IZPEXPIN job and is stored in the hlq.JCCLIB data set.

    Note: The following list highlights some critical steps, but you must still follow the detailed instructions in the Admin Foundation installation and configuration documentation.

    • Most of the PARMLIB parameters will be discovered automatically; however, you must review and update them as needed. See Populating IZPUMSPM PARMLIB for details.
    • It is critical that the Db2 SDSNLOAD data set be added to a STEPLIB card into the Zowe cross-memory Auxiliary Server. If SDSNLOAD is not added automatically by the script you must add it manually.
    • You must APF-authorize the load module libraries for Db2 experiences (smphlq.SIZPLINK and smphlq.SIZPLLIB), which are packaged with Db2 Administration Foundation.
    • A new Db2-supplied stored procedure (ADBGDDL) will be created, and a valid WLM environment must be provided.
  5. The UMS PARMLIB member IZPUMSPM will be updated with specific information about the Db2 data management experience you just added.

Before starting to use the Admin Foundation features you must:

  • GRANT SELECT access on all Db2 catalog tables to the UMS users.
  • Refresh the Db2 subsystem information if the Db2 system was already registered under UMS; otherwise, you must register the subsystem.

Db2 DevOps Experience (DOE)

Db2 DevOps Experience also pre-reqs Git for z/OS 2.14.4 or later. You must download and install Git before executing the following steps. After Git is installed, you must add the directory information of the Git executable to the PARMLIB member of UMS as gitDir.

Just as with Admin Foundation, when you complete the SMP/E tasks, you should plan to perform the following steps in advance because they require an outage of the Zowe and UMS servers.

  1. Stop the UMS server.
  2. Stop the Zowe server.
  3. Execute the IZPEXPIN sample job by providing information about the directories where the DOE code and UMS code were installed via SMP/E.

    Note: If this is the first Db2 data management experience that you are installing, a member named IZPDB2PM with the Db2 subsystem and related tools information will be added to the UMS PARMLIB data set or it will be updated with additional parameters for DOE if it already exists. A member named IZPD2DPM will also be added to the UMS PARMLIB data set with the specifics for DOE when applying and merging database changes.

  4. Execute the DOEDB2PO sample job, which was generated by the execution of the IZPEXPIN job and is stored in the hlq.JCLLIB data set.

    Note: The following list highlights some critical steps, but you must still follow the detailed information in provided in the Db2 DevOps Experience installation documentation.

    • Most of the PARMLIB parameters will be discovered automatically; however, you must review and update them as needed. See Populating IZPUMSPM PARMLIB for details.
    • It is critical that the Db2 SDSNLOAD data set be added to a STEPLIB card into the Zowe cross-memory Auxiliary Server. If SDSNLOAD is not added automatically by the script you must add it manually.
    • You must APF-authorize the load module libraries for Db2 experiences (smphlq.SIZPLINK and smphlq.SIZPLLIB), which are packaged with Db2 DevOps Experience.
  5. The UMS PARMLIB member IZPUMSPM will be updated with specific information about the Db2 data management experience you have just added.

Now that you have completed all the installation and configuration tasks, any UMS user can log in to the web application interface called IBM Unified Experience for z/OS, which is built on top of the open-source Zowe Virtual Desktop, and explore the benefits of Admin Foundation for z/OS and Db2 DevOps Experience.


#Db2forz/OS
0 comments
39 views

Permalink