BMC Mainframe: z/OS Communications Server Part 2 - Implementing TCP/IP under z/OS
The course is developed and delivered by © RSM Technology.
This new, four-day course is the second part of the definitive z/OS Communications Server training programme. This course explains in detail how TCP/IP works in a z/OS environment. Installation, profile definition and implementation are all taught in depth. All versions of TCP/IP for z/OS are covered, along with all the servers. Additionally, all the essential and important configuration options are explained and examples are provided.
Extensive hands-on practical sessions, in which each student has their own system to work on, form the central part of the course. These sessions make up approximately 30% of the whole course. Each segment of the course also contains extensive review questions/exercises - thus ensuring that all students fully grasp each topic before moving on to the next.
Major release:
BMC Mainframe Infrastructure Platform Training
Recommended Prerequisites:
Good for:
System Programmers, Users
Course Delivery:
Instructor-Led Training (ILT) | 32 heures
Course Modules
-
TCP/IP Review
- What is TCP/IP?
- Why are we interested in TCP/IP?
- What does TCP/IP comprise?
- Internetworking principles
- IPv4 addressing
- IPv4 subnetting
- IPv4 variable subnetting
- Network Address Translation
- One to One NAT
- Network Address Port Translation (NAPT)
- TCP/IP protocol stack
- IPv4 Address Resolution Protocol
- IPv4 Dynamic Host Configuration Protocol
- Why IPv6?
- IPv6 addressing
- IPv6 prefixes and address types
- Global unicast address format
- Anycast address
- Multicast address
- Required host information
- Port numbers
- IPv4 Transport Protocol message formats
- IPv4 Internet Protocol: message format, packet format, header format
- Extension Headers
- IPv6 Routing Header
- IPv6 fragmentation header
- IPv6 options header
- Internet domain names
- Internet domain name hierarchy
- Common user application
- Common system applications
-
An Overview of TCP/IP on z/OS
- TCP/IP for z/OS
- TCP/IP access to SNA applications
- How the gateway works
- SNA access to TCP/IP applications
- Communications Storage Manager
- Device connectivity and attachments
- Direct vs indirect attachment
- Direct attachment problem
- Virtual IP addressing - the solution
- Sharing attachments across LPARs
- UNIX Systems Services considerations.
-
TCP/IP for z/OS Installation
- UNIX Systems Services prerequisites
- Security Server prerequisites
- Communications storage manager
- Datasets required
- TCP/IP and TN3270 procedures
- Required host information
- Customising the DATA dataset
- DATA dataset syntax
- Association with the TCP/IP stack
- Specifying the Host Name and Domain Name
- Specifying the name server parameters
- A typical DATA dataset
- RESOLVER: procedure, files, other statements
- CINET GLOBALTCPIPDATA
- TCPIP.DATA search order
- VTAM TRL Major Node
- Servers and devices
- HCD definitions
- Sysplex distributor
- z/OS libraries required
- 'Must Have' reference manuals
- Nice to Have' reference manuals
-
TCP/IP for z/OS - Command Overview
- Available TCP/IP commands
- The START and STOP commands
- The MODIFY command
- The DISPLAY command
- The VARY command;
- The OBEYFILE command
- The NETSTAT and onetstat commands
- NETSTAT command options
-
Basic Profile Definitions
- Customising the PROFILE dataset
- PROFILE dataset syntax
- Device interface properties
- Statements that define an interface
- The basic DEVICE statement
- The basic LINK statement
- Defining LCS devices
- Defining CLAW devices
- OSAs, Hipersockets and Channel Attached Routers
- OSA diagnostic device
- QDIO and non-QDIO
- OSA Express CHPID definitions
- Adding an OSA Control Unit and device
- Adding OSAD device
- Hipersockets
- Hipersockets definition
- CHPID Type IQD
- MTU sizes
- Channel Attached Routers and Servers
- Defining MPCPTP devices
- Defining MPCIPA devices
- The HOME statement
- The START statement
- INTERFACE - IPAQENET OSA-Express QDIO interfaces statement
- Syntax for INTERFACE - IPAQENET OSAExpress QDIO
- Syntax for INTERFACE -- IPAQIDIO HiperSockets interfaces statement
- The routing statements
- Subnetting - a reminder
- The GATEWAY statement
- The BEGINROUTES statement
- The BSDROUTINGPARMS statement
- Variable subnets and GATEWAY
- Variable subnets and BEGINROUTES
- Operational statements
-
VIPAs and Sysplex
- VIPAs
- Static VIPA
- Dynamic VIPA
- Virtual IP addressing - a reminder
- Defining VIPA devices
- Specifying the source IP address
- Syntax for INTERFACE -- VIRTUAL interfaces statement
- Examples of the INTERFACE statement for VIPA
- IP solutions in a sysplex
- Communication paths in a Sysplex
- DynamicXCF transport choices
- IUTSAMEH
- XCF Groups and their usage
- Display XCF groups
- DYNAMICXCF
- DYNAMICXCF & HiperSockets
- Dynamic VIPA - introduction
- Dynamic VIPA takeover
- Stack-managed DVIPA
- Non- disruptive dynamic VIPA takeback
- Application-specific DVIPA
- IOCTL or Command-Activated DVIPA
- Dynamic VIPA statements
- MODDVIPA (EZBXFDVP) utility
- Dynamic VIPA usage
- When does the DVIPA move?
- Load balancing and availability
- Sysplex Distributor
- How the Sysplex Distributor works
- Backup capability
- Recovery
- The role of dynamic routing with Sysplex Distributor
- Sysplex Distributor and policy
- Sysplex Distributor and MNLB
- Connection Optimizing DNS
- nformation flow overview
- DNS weights
- DNS/WLM registration
- Starting the DNS server
- Distributed VIPA - introduction
- Distributed VIPA statements
- Single system IP perspective of the sysplex
- TCPSTACKSOURCEVIPA / SYSPLEXPORTS
- CFRM policy example
-
Other Datasets Needed
- The SITE dataset
- The SERVICES file
-
Server Customisation
- Configurable servers
- TN3270 server customisation steps
- Updating the TN3270 started task JCL
- TelnetGlobals statement
- Reducing demand for ECSA storage
- The TELNETPARMS statement
- The PORT statement
- The BEGINVTAM statement
- The VTAM application major node
- Defining a USS table
- Identifying the USS table in the PROFILE dataset
- The UNIX Telnet server
- Customising the INETD Server
- Starting INETD and Telnet
- SSHD UNIX file
- SSHD - Using ICSF and
- /dev/random)
- SSHD - Creating configuration files
- SHD - Creating SSHD server keys
- SSHD - Set up SSHD server userids
- SSHD - Create SSHD server started task
- SSHD - TCP configuration
- SSHD - Verify z/OS DNS / Resolver operation
- The FTP server
- FTPS and SFTP
- Pros and cons of FTPS and SFTP
- Customising the FTP.DATA dataset
- Customising the PROFILE & SERVICES datasets
- Starting FTP
- SYSLOGD
- SYSLOGD -/dev/console and /dev/log
- SYSLOGD - create the syslog daemon configuration file
- SYSLOGD - create empty syslog output file
- SYSLOGD - port and services assignments
- SYSLOGD started task JCL
- OMVS startup
- SYSLOGD RACF definitions
- OMPROUTE
- OMPROUTE - configuration file
- OMPROUTE reserve the ports
- OMPROUTE - update the RESOLVER configuration file
- OMPROUTE - started task JCL
- OMPROUTE services port numbers
- OMPROUTE - RACF definitions
- OMPROUTE - SYSLOGD;
- OMPROUTE - static routes
- OMPROUTE - Configure OSPF authentication
- Customising other servers
- Enterprise Extender
- z/OS services for SNA traffic
- PPN parameters in startup options
- Implementation considerations
- TCP/IP implementation
- DYNAMICXCF
- IUTSAMEH
- DYNAMICXCF & HiperSockets;
- Modifications to TCP/IP profile
- Modifications to OSPF interface
- Proof of initialisation of IUTSAMEH
- VTAM implementation
- Defining the XCA HPRIP major node
- Defining model major nodes for EE connections and RTP pipes
- Defining switched PUs for EE connections
-
TCP/IP Security
- Why secure the TCP/IP network
- Tasks that need protection with SERVAUTH Class
- Policy based networking
- SERVAUTH Resource Class responsibilities
- SERVAUTH Resource Class
- Protecting the TCPIP stack
- Example of protecting the stack
- Protecting your network access
- Application considerations when using NETACCESS
- Using the NETSTAT and PING commands to check protection
- Protecting your network ports
- RACF definitions for protecting network ports
- Using the NETSTAT command to check PORT access
- Protecting the use of socket options
- What are network commands
- Protecting network commands - z/OS TCPIP commands
- Protecting network commands - NETSTAT and ONESTAT commands
- Protecting network commands - EZACMD REXX program
- Protecting FTP access
- Other FTP profiles
- Protecting TN3270 Secure Telnet Port
- Protecting the MODDVIPA command
- Introduction to policy based networking
- The Policy Agent
- RACF and PAGENT
- Other address spaces that will need RACF profiles
- Central policy server
- SERVAUTH authorisation for Policy Client
- Quality of Service
- SNMP overview
- SNMP in operation
- IP filtering
- IP Security
- IKE protocols
- CSFSERV resource class
- Network Address Translation
- Intrusion Detection Services
- Application Transparent Transport Layer Security
- TN3270 security
- Secure FTP
- Note to Auditors
- Next step?
-
Problem Determination Considerations
- Problem determination tools
- The PING and OPING commands
- The TRACERTE and the OTRACERT commands
- TCP/IP SYSLOG output
- TCP/IP packet trace overview
- Starting a packet trace
- The external writer procedure
- Stopping a packet trace
- Analysing a packet trace with IPCS
- Non-z/OS packet traces
- TCP/IP component trace overview
- Starting and stopping a component trace
- Analysing a component trace via IPCS
- Analysing a component trace
- Other available traces
- Packet trace
-
Sample Definitions
- Sample TCPIP.PROFILE dataset
- Sample TCPIP.DATA dataset
- Sample TCPIP.SERVICES dataset
- Sample Inted Configuration file
- Sample FTP Configuration file
- Sample ROUTED Configuration file
- Sample SMPT Configuration file