z/OS Communications Server - Group home

What's new in zOS V2R5 Communications Server

By Flora Gui posted Thu September 09, 2021 03:07 AM

Adaptive business and operating models, driven by accelerated disruptions, are shaping the future of enterprises today. As enterprises are embracing the next normal with an accelerated and strategic focus on application modernization, cloud-native processes, and artificial intelligence (AI), IBM recently announced z/OS V2.5.

As the latest version of IBM Z operation system, IBM z/OS V2.5 is designed to enable and drive innovative development to support hybrid cloud and Al business applications.  z/OS V2.5 is endorsed with innovative energy and continuously ensures resilient and secured business, as well as optimized user experience.

As a significant part of z/OS, z/OS V2R5 Communications Server continue to helps build the next-generation infrastructure with high-speed connectivity, availablity, and security. Here's an overview of z/OS V2R5 Communications Server functional highlights. 

zERT policy-based enforcement

z/OS V2.5 continues to strengthen the security, integrity, and privacy of data.
In z/OS V2.5, Communications Server extends zERT to provide enforcement of your network encryption standards through policy-based rules that describe different levels of cryptographic protection along with actions to take when TCP connections match those rules. zERT rules and actions are processed by the Communications Server Policy Agent and are enforced by the TCP/IP stack. 
This feature enables immediate notification through messages, auditing through SMF records, and even automatic termination of connections when questionable or unacceptable cryptographic protection is used. 
With APAR PH35304, z/OS network security administrators can create and manage zERT rules and actions through a new zERT perspective in the z/OSMF Network Configuration Assistant. This support, including the PTF for APAR PH35304, satisfies the statement of direction made in Software Announcement 221-057, dated March 2, 2021.

Shared Memory Communications Version 2 (SMCv2)

z/OS V2.5 supports the scale and simultaneous deployment of agile business use cases for hybrid cloud and AI capabilities and delivers the following values, features, and capabilities to help organizations succeed in their modernization efforts. Shared-memory Communications Version 2 is a related enhancement in z/OS V2.5 Communications Server.
Last year, IBM introduced Shared Memory Communications Version 2, providing multiple IP subnet support for SMC, initially for SMC-D for z/OS  V2.4 and the IBM z15. 
In z/OS V2.5, IBM introduces the next phase of SMCv2 support with SMC-R along with support for RoCEv2 ("Routable RoCE"). The SMC-Rv2 multiple IP subnet support is an enterprise data center solution that expands the benefits of SMC-R capability to additional z/OS application workloads and to new use cases by extending the reach of SMC-R beyond a single IP subnet. RoCEv2 uses your existing IP routing topology to provide support for updated RoCE industry standards, enabling SMC-Rv2 to cross IP subnets. RoCEv2 support is provided by the IBM RoCE Express2 (10 and 25 GbE) features on  z15. 

TCP/IP usability enhancements

z/OS V2.5 Communications Server also provides a bucket of TCP/IP usability enhancements for simplified operation system management. 
  • Notification of availability of TCP/IP extended services
When the TCP/IP stack completes initialization, a stack initialization complete message is issued before the TCP/IP extended services are available. For many operational tasks and applications that depend on z/OS  TCP/IP communication services, that message is insufficient. TCP/IP also relies on optional extended services, including sysplex dynamic VIPA (DVIPA) initialization, IP security infrastructure initialization, and completion of network policy installation. This enhancement enables automated operations and applications to be notified when required TCP/IP extended services have completed initialization. A new message and event notification facility (ENF) event indicate that extended services have completed initialization. The new ENF event is augmented with a name/token pair. This solution improves  z/OS  startup for network operations and applications with dependencies on TCP/IP extended services availability. 
  • AT-TLS and IPsec certificate diagnostics
 z/OS Communications Server Application Transparent Transport Layer Security (AT-TLS) and IPsec services are enhanced to use the new certificate data for diagnosing failed negotiations. The enhancements are designed to simplify certificate-related problem determination in many common error scenarios by making critical diagnostic information easier to access and understand. New syslogd messages are provided to identify certificate validation errors detected when processing a peer’s certificate.
  • IPsec certificate reporting enhancements
The ipsec -k display command, the IPsec network management interface (NMI), and SMF type 119 subtype 73 and 74 records are enhanced to simplify the process of validating IPsec-related X.509 certificate configurations. The enhancements provide information about the X.509 certificates used during Internet Key Exchange (IKE) negotiations by the local and remote IKE peers, including certificate expiration information, certificate serial number, and subject and issuer distinguished names. 
For more information about what's new in z/OS V2.5 Communications Server, see z/OS V2.5 Communications Server: New Function Summary.
All statements regarding IBM's plan, directions, and intent are subject to change or withdrawal without notice.