z/OS - Group home

z/OS V2.5 3Q 2022 Enhancements

  


As 3Q 2022 closes out, the IBM z/OS continuous delivery (CD) model has once again delivered new features and enhanced capabilities quarterly, without requiring the effort of a full release upgrade and with no impact to stability, complexity or costs. 

 

The z/OS V2.5 3Q 2022 CD announcement contains new key features and functional enhancements to help extend the capabilities of z/OS V2.5. Learn more below and read the full announce for more details.

--------- What's New ----------

The efficient management and maintenance of z/OS V2.5 continues to be enhanced this quarter through the delivery of simplification features such as the following:

IBM z/OS Management Facility (z/OSMF) enhancements:

IBM z/OSMF provides a framework for managing various aspects of a z/OS system through a task- oriented, web browser interface. z/OSMF continues to deliver new and enhanced functions to enable higher efficiency and easier management and configuration of z/OS. This quarter, the following z/OSMF enhancements have been delivered:

  • The z/OSMF Sysplex CFRM Policy Editor is enhanced to support comparing CFRM policies and changes after editing a policy, as well as exporting CFRM policies in CSV format for other offline usage. With the PTF for APAR PH44343, this function is available on z/OS V2.4 and later.
  • The z/OSMF Security Configuration Assistant (SCA) is enhanced to support provisioning security configuration or fixing incorrect security configuration. Combined with existing security validation function, SCA now provides more complete end-to-end support to simplify the security configuration process. With the PTF for APAR PH39327, this function is available on z/OS V2.4 and later.

Learn more about z/OSMF by visiting the z/OSMF One Stop Hub.

 

DFSMSrmm z/OSMF plug-in enhancements

The DFSMSrmm z/OSMF plug-in has been enhanced to provide additional features to support the RMM defaults table, including multiple ways to filter and view RMM defaults table entries. With the PTF for APAR OA62705, this function is available on z/OS V2.5.

 

Building on past deliverables, z/OS V2.5 continues to enable simplified data storage and management, as well as I/O optimization with the following enhancements:

 

DFSMShsm TCT full-volume dump

z/OS HSM provides full-volume dump support for transparent cloud tiering. This new capability enables all I/O for full-volume dumps to be performed by an IBM DS8000 directly to an IBM TS7700 enabled as an object store, or directly to cloud object storage. Steps are taken to minimize the time that a volume is locked while performing this offload, and clients can create these backup copies as needed without impacting other workloads due to minimal CPU consumption. This capability has also been integrated to allow for a complete Db2 system-level backup to be created without any of the data required to pass through the z/OS host. With the PTF for APAR OA60278, this function is available on z/OS V2.4 and later.

 

Cloud storage access for z/OS

Modernizing z/OS applications and access to data while connecting with new applications through a hybrid cloud environment is essential to keep pace with ever- changing business needs.

A new utility, GDKUTIL, can download or upload between cloud storage objects and z/OS UNIX files, sequential data sets, PDS or PDSE members, or Generation Data Group (GDG) versions using Amazon Simple Storage Service (S3) APIs. This utility can be invoked through JCL to integrate with existing processes and allow data to be shared between distributed and mainframe applications, providing opportunities to incorporate the results of cloud computing into existing business logic. With the PTF for APAR OA62318, support for GDKUTIL is available on z/OS V2.4 and later.

 

OAM cloud tier enhancements  

OAM has extended its cloud tier support to enable an alternate set of cloud credentials to be used, allowing within a single cloud provider file two sets of credentials to be established; the primary set and an alternate set. Depending on the cloud provider and its read-only capabilities for a disaster recovery (DR) test, an alternate (read-only) set of credentials can be used to access the production container or containers. DFSMS Cloud Data Access (CDA) continues to be used to set up the primary and alternate (optional) credentials. With the PTFs for APAR OA63025, this support is available on z/OS V2.3 and later.

 

DFSMShsm UNIX file backup and recovery

HSM UNIX file backup and recovery provide the capability to specify file exclude criteria within a file specified on the command. With the PTF for APAR OA60586, this function is available on z/ OS V2.3 and later.

 

Additionally, z/OS V2.5 enables a continuous digital transformation by providing application modernization functions that allow for more secure and transparent data access and easier file system configurations:

NFS Server enhancements

  • NFS Server AT-TLS enhancement

The z/OS NFS Server is now an AT-TLS aware application with APAR OA62357 on z/OS V2.4 and later when using the NFSv4 protocol. Customers gain the benefit of end- to-end encryption with this support, and can avoid the complexity of matching UID values across NFS clients and the z/OS NFS Server since authentication will be established during the TLS handshake.

 

  • NFS Server restart recovery for NFSv4

The z/OS NFS Server has been enhanced to prevent file handles from expiring after restarting the server. This should help Linux or macOS clients that cannot recover from stale file handle errors. With the PTF for APAR OA62860, this support is available for the NFS V4 protocol with z/OS V2.4 and later.

 

zCX and zCX for OpenShift enhancements

The following support has been added to allow for more transparent access to z/OS data and more secure downloads of Red Hat CoreOS installer binaries:

  • NFS support

Containerized applications deployed in z/OS Container Extensions can leverage z/OS NFS Server as one of the persistent storage options to store and share the stateful application data. With this support, existing z/OS data can also be exported and shared with containerized applications deployed in zCX without duplicating the data. With the PTF for APAR OA62357, this function is available on z/OS V2.4 and later. For more details, see the Using the z/OS NFS server as persistent storage for zCX web page.

  • HTTPS support

zCX for OpenShift z/OSMF workflows now support Private CA certificates to more securely download Red Hat CoreOS installer binaries from private HTTPS endpoint. With the PTF for APAR OA63068, this function is available on z/OS V2.4 and later.

 

z/OS JSON parser comment toleration

The z/OS JSON parser portion of the z/OS client web enablement toolkit has been enhanced to successfully parse content containing single-line and multi-line comments as defined by he JSON5 Data Interchange Format extension to JSON. This comment support is toleration only; the application will not be able to retrieve or modify any comments that may have been encountered in the JSON text provided. This feature will allow users to comment their various JSON configuration files, enhancing the readability and maintainability of those files. This new feature is enabled by default and any output generated by the parser will exclude any comments that were present in the provided JSON text. The user can optionally disable the comment toleration by taking advantage of the new HWTJOPTS API. With the PTF for APAR OA61974, this support is available on z/OS V2.5.

 

z/OS JSON parser performance improvement

The z/OS JSON parser portion of the z/OS client web enablement toolkit reduces the CPU and elapsed time associated with the parsing of JSON content by up to 50%1. With the PTF for APAR OA61974, this support is available on z/OS V2.5.

1Disclaimer: This reduction is based on internal measurements done on an IBM z15 using a z/ OS V2.5 LPAR with 8 CPs. The z/OS JSON Parser was used to parse a 568 MB JSON input file containing public property tax records and geospatial data. The input file included 7,875,189 numbers, 3,038,859 arrays, 2,217,825 strings, 54,336 nulls, no booleans, and no comments. The maximum nesting depth of any member or element was 7 levels. Reported results were derived from measurements that tested 100 parses of the input file back to back. Results may vary.

 

EzNoSQL APIs

Previous enhancements to VSAM RLS enabled applications to store Not Only SQL (NoSQL) document databases directly on z/OS, which could then be accessed in real-time, at scale, and with transactional consistency. Additional enhancements will provide a set of modern APIs, with a C-based, key-value interface, designed to simplify the application effort needed to access NoSQL VSAMDB data sets on z/OS and take advantage of the scalability, security, resiliency, and performance provided by z/OS. With the PTF for APAR OA62553, this function is available on z/OS V2.4 and later.

**For more information, visit the new EzNoSQL for z/OS content solution page.**

 

System SSL and AT-TLS support for x25519 and x448 key exchange

z/OS Cryptographic Services System SSL has been enhanced to provide the ability for TLS V1.0, TLS V1.1, and TLS V1.2 client and server connections to use x25519 or x448 curves for their key exchanges when utilizing ephemeral Elliptic Curve Diffie Hellman ciphers. TLS V1.0, TLS V1.1, and TLS V1.2 server configurations can limit the acceptable elliptic curves for the key exchange. With the PTFs for APAR OA61783, this function is available on z/OS V2.4 and later.

z/OS Communications Server AT-TLS provides the ability to use the new System SSL function with the PTF for APAR PH45902 on z/OS V2.5. In addition, the Network Configuration Assistant is enhanced to support the new AT-TLS function with the PTF for APAR PH47400 on z/OS V2.5.

 

Removal of RACF for z/OS support for RACF database sharing between z/VM and z/OS

With the PTF for APAR OA62875, z/OS RACF now checks for and issues warning messages when a RACF database is shared with z/VM 7.3 or later. This is consistent with the behavior of RACF for z/VM 7.3, which also intends to prevent RACF database sharing with z/OS. Sharing a non-VSAM database with a z/VM release lower than 7.3 continues to be supported on all z/OS releases.

 

 

Additional resources:
z/OS homepage
Full 3Q 2022 Enhancements Announcement
Past z/OS announcements
z/OS Documentation