z/OS 3.1 is here!
Recently, IBM announced z/OS 3.1(z/OS 3.1 Announcement letter), an AI-infused operating system for the next generation of computing. IBM® z/OS® 3.1 is designed to help organizations meet their critical business needs with support provided by the following features and capabilities.
As a significant part of z/OS, z/OS 3.1 Communications Server lays a robust and reliable communication foundation for business by enabling secure data transfer, seamless integration with diverse systems, and efficient network management. Here's an overview of z/OS 3.1 Communications Server functional highlights.
z/OS 3.1 Communications Server includes enhancements in the area of Security and Resiliency, Modernization and Simplification, as well as Hybrid Cloud support.
Security and Resiliency:
z/OS 3.1 Communications Server provides enhanced enhanced network security and compliance optimization for more secure data transfer and higher productivity.
- AT-TLS support is enhanced to support the new System SSL features
- TLSv1.3 sysplex-wide session resumption
- Domain-based server certificate validation during TLS handshake
- x25519 and x448 key exchange and Extended Master Secret support for TLSv1.2
- Support to restrict server-side key exchange algorithms.
System Secure Sockets Layer (SSL) is enhanced to provide support for TLS V1.3 sysplex session ticket caching. The TLS V1.3 sysplex session ticket caching support allows the ability for handshake session ticket information to be shared among like servers listening on the same port within a single system or servers across multiple systems in a sysplex. Sharing of the session information provides the ability to perform TLS V1.3 resumption (abbreviated) handshakes instead of full handshakes when a client is resuming connections.
System SSL is enhanced to provide the ability for TLS V1.0, TLS V1.1, and TLS V1.2 client and server connections to use x25519 or x448 curves for their key exchanges when utilizing ephemeral Elliptic Curve Diffie Hellman ciphers. TLS V1.0, TLS V1.1, and TLS V1.2 server configurations can limit the acceptable elliptic curves for the key exchange.
In addition, the Network Configuration Assistant is enhanced to support the new AT-TLS function.
- IBM zERT Network Analyzer enhancements
In z/OS 3.1, IBM zERT Network Analyzer supports the use of passphrases as an authentication credential for the network analyzer's Db2 user ID on the plug-in's database settings panel. Additionally, the same panel is enhanced to allow the clearing of Db2 user ID and password and passphrase values. This gives flexibility to users who want to support multiple Db2 user IDs.
With z/OS 3.1, IBM zERT Network Analyzer is further enhanced to provide a simplified upgrade of application and database settings from those configured for V2.4 or V2.5 releases. Additionally, new tooling is available to more easily upgrade an existing V2.4 or V2.5 zERT Network Analyzer database to the z/OS 3.1 schema.
-
z/OS UNIX syslogd support for secure logging over TCP
A z/OS system programmer benefits from configuring the z/OS syslog daemon to act as a securely accessible central collection point for syslog messages from other syslog daemons running on other z/OS and non-z/OS nodes in the network. With z/OS 3.1, the z/OS UNIX syslog daemon (syslogd) is enhanced to support network connectivity to other syslogd instances over TCP, with or without TLS protection.
-
FTP server JES access control
z/OS provides a System Authorization Facility (SAF) resource to control which z/OS users are permitted to use the z/OS FTP server's JES operating mode. By defining a SAF SERVAUTH class profile for the EZB.FTP.sysname.ftpdaemonname.ACCESS.JES resource, clients can control which z/OS user IDs or groups are permitted to enter the FILETYPE=JES operating mode.
-
Compliance support for z/OS
z/OS 3.1 is enhanced in terms of compliance support to meet advanced compliance requirements. Using new SMF 1154 record subtypes and modernized reporting, z/OS 3.1 Communications Server is enhanced to collect the compliance evidence data for the TCP/IP stack, the FTP server, the TN3270 server, and the CSSMTP mail client. The new SMF 1154 records can be consumed by solutions such as the IBM Z Security and Compliance Center
Modernization and Simplification:
z/OS 3.1 Communications Server provides enhanced application modernization and simplified OS management for optimized business operation.
You can use your Java programs that invoke the FTP client API for Java in 64-bit JVMs without updating them.
- Communications Server exploitation of the IBM Function Registry for z/OS
z/OS 3.1 Communications Server is enhanced to regularly store information about the maximum number of SNA applications and sessions in the IBM Function Registry for z/OS. This information provides you with insight into the amount of SNA application workloads executing on z/OS.
-
Communications Server support for RDMA over Converged Ethernet (RoCE) Express3
z/OS 3.1 Communications Server extends the Shared Memory Communications over Remote Direct Memory Access (SMC-R) function to support the next generation IBM RoCE Express3 feature. The IBM RoCE Express3 feature is designed to allow TCP/IP stacks located on separate central processor complexes (CPC) to leverage the RDMA capabilities of these state-of-the-art adapters to optimize network connectivity for mission-critical TCP workloads by using Shared Memory Communications technology.
Hybrid Cloud Support:
z/OS 3.1 Communications Server provides the networking foundation for future containerized z/OS applications, including
- Network support for z/OS containers
Network isolation for applications within a Pod or container
- API and Resolver support for z/OS containers
Enable containerized z/OS applications to co-exist with native z/OS applications
- Kubernetes Network Appliances
Configure a Kubernetes cluster entirely on z/OS by providing appliances to host control plane nodes directly on z/OS systems
IBM z/OS Containers delivers the same IBM Z qualities of service while leveraging existing management and development experience.
For more information about what's new in z/OS 3.1 Communications Server, see z/OS 3.1 Communications Server: New Function Summary.