z/OS Communications Server - Group home

What’s new in z/OS V2R4 Communications Server?

By Erin ZHANG posted Fri September 06, 2019 12:00 AM

  

As you digitally transform, can your data and services always be protected, available, and ready for innovation? The answer is IBM Z – the secure, resilient, and agile platform for hybrid multicloud.

 

The IBM z/OS V2R4 operating system intends to unleash innovation through an agile, optimized, and resilient platform that helps you to build applications and services based on a highly scalable and secure infrastructure that delivers the performance and availability for on-premises or provisioned as-a-service workloads that enable businesses to digitally transform.

 

This is an overview of selected enhancements that are provided by z/OS V2R4 Communications Server that helps build the next-generation infrastructure with high-speed connectivity, availability, and security.

 24whatsnew.png

 

 

Hardware support

  • Communications Server support for OSA-Express7S 25 GbE features

z/OS V2R4 Communications Server is enhanced to support the OSA-Express7S feature with 25 GbE bandwidth.

This support is also available for the following releases via APARs:

  • Communications Server support for 25 GbE RoCE Express2 features

z/OS Communications Server V2R4 is enhanced to support IBM 25 GbE RoCE Express2 features.

This support is also available for z/OS V2R1, V2R2, and V2R3.

 

Usability and skills

  • HiperSockets Converged Interface support

The HiperSockets Converged Interface (HSCI) solution is provided to support the z/VM bridge environment. With this solution, a Linux guest can connect to z/OS via Layer 2 HiperSockets and to the external network by using a single IP interface.

This support significantly improves HiperSockets usability, greatly reduces the network administration costs, and eliminates the need to reconfigure z/OS HiperSockets interfaces when moving a z/OS instance from one CPC to another.

This support is also available for z/OS V2R3 with APARs PI83372 and OA53198.

 

Scalability and performance

  • Sysplex notification of TCP/IP stack join or leave

z/OS V2R4 enhanced Event Notification Facility code 80 to send a signal when a stack joins or leaves a sysplex group. With this new signal, applications and middleware will be able to make more appropriate decisions by knowing when a stack leaves or joins the group.

  • Network support for z/OS Container Extensions

Starting from z/OS V2R4, with an exciting new feature named IBM z/OS Container Extensions (zCX), you have a new way to run Linux on IBM Z Docker containers in direct support of z/OS workloads on the same z/OS system. It builds much more flexibility into operations on IBM Z by modernizing and extending z/OS applications.

z/OS V2R4 Communications Server has added network support for z/OS Container Extensions.

  • IWQ support for IPSec

z/OS V2R4 Communications Server is enhanced to support inbound workload queueing for IPSec workloads for OSA-Express in QDIO mode. With the use of multiple input queues for each QDIO data device, TCP/IP stack scalability and general network optimization can be greatly improved.

This support is also available for the following releases via APARs:

Dependencies:

    • This function is limited to OSA-Express6S Ethernet features or later in QDIO mode running on IBM z14.
    • This function is supported only for interfaces that are configured to use a virtual MAC (VMAC) address.

 

Enhancing security

  • AT-TLS support for TLS v1.3

z/OS Communications Server adds support for TLS Version 1.3 for Application Transparent Transport Layer Security (AT-TLS).

z/OS V2R4 Communications Server also enhances the z/OS Encryption Readiness Technology (zERT) function to detect and report TLSv1.3 security session information using SMF Type 119 subtype 11 and 12 records. The IBM zERT Network Analyzer z/OSMF plug-in is also enhanced to accept and display TLSv1.3 information and to allow IBM zERT Network Analyzer users to query database content using the new TLSv1.3 security session characteristics.

  • z/OS Encryption Readiness Technology (zERT) aggregation

z/OS V2R3 Communications Server introduced zERT which monitors and records details about your z/OS cryptographic network protection. The collected connection level data can be written to SMF or the SYSTCPER network management interface in SMF 119 subtype 11 records.

In many environments, the volume of SMF 119 subtype 11 records can be large. z/OS V2R4 Communications Server provides the zERT aggregation function to provide an alternative SMF view of the collected security session data. This alternate view is written in the form of new SMF 119 subtype 12 records that summarize the use of security sessions by many application connections over time and which are written at the end of each SMF interval. This function significantly reduces the volume of SMF records while still providing the critical security information.

The zERT aggregation function is also available for z/OS V2R3 with APAR PI83362.

  • IBM zERT Network Analyzer

A new plug-in named IBM zERT Network Analyzer is available with z/OSMF V2R4. It is a web-based graphical user interface that z/OS network security administrators can use to analyze and report on data collected in zERT summary records.

IBM zERT Network Analyzer is also available for z/OSMF V2R3 with APAR PH03137.

  Dependencies:

    • IBM zERT Network Analyzer requires either Db2 11 for z/OS or Db2 12 for z/OS.
    • z/OS V2R3 only: You must install z/OSMF V2R3 APARs PH04391 and PH00712 to use IBM zERT Network Analyzer.
  • TN3270E Telnet server Express Logon Feature support for Multi-Factor Authentication

z/OS V2R4 Communications Server, with RACF and IBM MFA for z/OS, extends the TN3270 Telnet server Express Logon Feature (ELF) to support IBM Multi-Factor Authentication (MFA) for z/OS. With this support, TN3270 clients can experience the same single sign-on behavior that is already offered by the PassTicket-based ELF, but now via an MFA token that is assigned by a SAF-compliant external security manager like IBM Security Server RACF.

This function is also available for z/OS V2R1, V2R2, and V2R3 Communications Server with APAR PI85185, RACF APAR OA53002, and IBM MFA for z/OS APARs PI86470 and PI93341.

 

Application development

  • Code page enhancements for CSSMTP

z/OS V2R4 Communications Server is enhanced to support multi-byte character sets with the Communications Server SMTP (CSSMTP) application. This enhancement allows migration from SMTPD to CSSMTP for customers that use multi-byte character set code pages, and also provides improved code page support for single-byte character set characters in the mail subject line.

This function is available for z/OS V2R1, V2R2, and V2R3 with APAR PI93278.

 

For more information about what's new in z/OS V2R4 Communications Server, see z/OS V2R4 Communications Server: New Function Summary.

 

All statements regarding IBM's plan, directions, and intent are subject to change or withdrawal without notice.

----------------------------------------------------------------------------------------------------------------------------------
This blog was originally published on Sep.6, 2019 on IBM z/OS Communications Server developerWorks.