This post is part of a series exploring the unique aspects and capabilities of WebSphere Liberty when running on z/OS.
We'll also explore considerations when moving from WebSphere traditional on z/OS to Liberty on z/OS.
The next post in the series is here.
To start at the beginning, follow this link to the first post.
---------------
Maybe. Probably. It depends. What was the question?
A Liberty server can start quite happily without an Angel. It can process requests and generally do the stuff you’d expect it to do without one. But you probably need one anyway.
Why? That’s because you probably want access to z/OS integration features that require authorization enabled by the Angel (see last week’s post). If you’re just playing around and want to start a server to see if your “Hello, World” web application works, you don’t need one. But if you’ve got a production server, you probably do.
For example, if you want to use SAF services for authentication and authorization in RACF (or an equivalent product) then you’ll need an Angel. If you want to use WLM to classify work running in the server so WLM can manage it to WLM goals (and report on whether you’re meeting those goals) you probably need an Angel.
Why probably? Well, there are an alternative set of WLM APIs Liberty can use that don’t require running authorized. Instead those APIs make a SAF check specific to the API to see if the server is allowed to use it…every time you call the API. So, it is possible to grant access to those APIs and not have an Angel, but you’re going to pay for it by having a SAF access check done for every single enclave create and delete that happens, which would be for every single HTTP request the server processes. So you can do that, but you’re going to pay for it. Set up an Angel.
What else? Well, there’s the ability of Liberty to exploit z/OS TCP/IP async IO services that require code to run in an SRB which requires authorization and thus an Angel. That’s probably going to improve the performance of your production server and so you probably want it available.
If you’d like to use a Type-2 JDBC adapter to access DB2 cross-memory (instead of going through TCP/IP and probably SSL encryption when you aren’t going anywhere) you’ll need Liberty to use RRS services to manage transactions around that DB2 access. And guess what? Those RRS services require authorization and so you need an Angel.
There’s more stuff and I’m not going to try to give a complete list here because it can change if new functions get delivered into Liberty that can exploit z/OS authorized services.
In summary, if you’ve got a production server you probably should be exploiting z/OS services that require authorization and so you need an Angel for that server. If it isn’t production, then maybe not, but maybe you’re comparing type-2 vs. type-4 JDBC in a test environment and you’ll need an Angel for that. Depends on what you need and what you’re doing. But probably.