8115  Reviews star_rate star_rate star_rate star_rate star_half

BMC Mainframe: z/OS Communications Server Part 2 - Implementing TCP/IP under z/OS

This new, four-day course is the second part of the definitive z/OS Communications Server training programme. This course explains in detail how TCP/IP works in a z/OS environment. Installation,...

Read More
$2 USD
Course Code MGRS-ZCS2-2021
Duration 4 days
Available Formats Classroom

This new, four-day course is the second part of the definitive z/OS Communications Server training programme. This course explains in detail how TCP/IP works in a z/OS environment. Installation, profile definition and implementation are all taught in depth. All versions of TCP/IP for z/OS are covered, along with all the servers. Additionally, all the essential and important configuration options are explained and examples are provided.

  • Extensive hands-on practical sessions, in which each student has their own system to work on, form the central part of the course. These sessions make up approximately 30% of the whole course. Each segment of the course also contains extensive review questions/exercises - thus ensuring that all students fully grasp each topic before moving on to the next.

Who Can Benefit

System Programmers, Users

Course Details

TCP/IP Review

  • What is TCP/IP?
  • Why are we interested in TCP/IP?
  • What does TCP/IP comprise?
  • Internetworking principles
  • IPv4 addressing
  • IPv4 subnetting
  • IPv4 variable subnetting
  • Network Address Translation
  • One to One NAT
  • Network Address Port Translation (NAPT)
  • TCP/IP protocol stack
  • IPv4 Address Resolution Protocol
  • IPv4 Dynamic Host Configuration Protocol
  • Why IPv6?
  • IPv6 addressing
  • IPv6 prefixes and address types
  • Global unicast address format
  • Anycast address
  • Multicast address
  • Required host information
  • Port numbers
  • IPv4 Transport Protocol message formats
  • IPv4 Internet Protocol: message format, packet format, header format
  • Extension Headers
  • IPv6 Routing Header
  • IPv6 fragmentation header
  • IPv6 options header
  • Internet domain names
  • Internet domain name hierarchy
  • Common user application
  • Common system applications

An Overview of TCP/IP on z/OS

  • TCP/IP for z/OS
  • TCP/IP access to SNA applications
  • How the gateway works
  • SNA access to TCP/IP applications
  • Communications Storage Manager
  • Device connectivity and attachments
  • Direct vs indirect attachment
  • Direct attachment problem
  • Virtual IP addressing - the solution
  • Sharing attachments across LPARs
  • UNIX Systems Services considerations.

TCP/IP for z/OS Installation

  • UNIX Systems Services prerequisites
  • Security Server prerequisites
  • Communications storage manager
  • Datasets required
  • TCP/IP and TN3270 procedures
  • Required host information
  • Customising the DATA dataset
  • DATA dataset syntax
  • Association with the TCP/IP stack
  • Specifying the Host Name and Domain Name
  • Specifying the name server parameters
  • A typical DATA dataset
  • RESOLVER: procedure, files, other statements
  • CINET GLOBALTCPIPDATA
  • TCPIP.DATA search order
  • VTAM TRL Major Node
  • Servers and devices
  • HCD definitions
  • Sysplex distributor
  • z/OS libraries required
  • 'Must Have' reference manuals
  • Nice to Have' reference manuals

TCP/IP for z/OS - Command Overview

  • Available TCP/IP commands
  • The START and STOP commands
  • The MODIFY command
  • The DISPLAY command
  • The VARY command;
  • The OBEYFILE command
  • The NETSTAT and onetstat commands
  • NETSTAT command options

Basic Profile Definitions

  • Customising the PROFILE dataset
  • PROFILE dataset syntax
  • Device interface properties
  • Statements that define an interface
  • The basic DEVICE statement
  • The basic LINK statement
  • Defining LCS devices
  • Defining CLAW devices
  • OSAs, Hipersockets and Channel Attached Routers
  • OSA diagnostic device
  • QDIO and non-QDIO
  • OSA Express CHPID definitions
  • Adding an OSA Control Unit and device
  • Adding OSAD device
  • Hipersockets
  • Hipersockets definition
  • CHPID Type IQD
  • MTU sizes
  • Channel Attached Routers and Servers
  • Defining MPCPTP devices
  • Defining MPCIPA devices
  • The HOME statement
  • The START statement
  • INTERFACE - IPAQENET OSA-Express QDIO interfaces statement
  • Syntax for INTERFACE - IPAQENET OSAExpress QDIO
  • Syntax for INTERFACE -- IPAQIDIO HiperSockets interfaces statement
  • The routing statements
  • Subnetting - a reminder
  • The GATEWAY statement
  • The BEGINROUTES statement
  • The BSDROUTINGPARMS statement
  • Variable subnets and GATEWAY
  • Variable subnets and BEGINROUTES
  • Operational statements

VIPAs and Sysplex

  • VIPAs
  • Static VIPA
  • Dynamic VIPA
  • Virtual IP addressing - a reminder
  • Defining VIPA devices
  • Specifying the source IP address
  • Syntax for INTERFACE -- VIRTUAL interfaces statement
  • Examples of the INTERFACE statement for VIPA
  • IP solutions in a sysplex
  • Communication paths in a Sysplex
  • DynamicXCF transport choices
  • IUTSAMEH
  • XCF Groups and their usage
  • Display XCF groups
  • DYNAMICXCF
  • DYNAMICXCF & HiperSockets
  • Dynamic VIPA - introduction
  • Dynamic VIPA takeover
  • Stack-managed DVIPA
  • Non- disruptive dynamic VIPA takeback
  • Application-specific DVIPA
  • IOCTL or Command-Activated DVIPA
  • Dynamic VIPA statements
  • MODDVIPA (EZBXFDVP) utility
  • Dynamic VIPA usage
  • When does the DVIPA move?
  • Load balancing and availability
  • Sysplex Distributor
  • How the Sysplex Distributor works
  • Backup capability
  • Recovery
  • The role of dynamic routing with Sysplex Distributor
  • Sysplex Distributor and policy
  • Sysplex Distributor and MNLB
  • Connection Optimizing DNS
  • nformation flow overview
  • DNS weights
  • DNS/WLM registration
  • Starting the DNS server
  • Distributed VIPA - introduction
  • Distributed VIPA statements
  • Single system IP perspective of the sysplex
  • TCPSTACKSOURCEVIPA / SYSPLEXPORTS
  • CFRM policy example

Other Datasets Needed

  • The SITE dataset
  • The SERVICES file

Server Customisation

  • Configurable servers
  • TN3270 server customisation steps
  • Updating the TN3270 started task JCL
  • TelnetGlobals statement
  • Reducing demand for ECSA storage
  • The TELNETPARMS statement
  • The PORT statement
  • The BEGINVTAM statement
  • The VTAM application major node
  • Defining a USS table
  • Identifying the USS table in the PROFILE dataset
  • The UNIX Telnet server
  • Customising the INETD Server
  • Starting INETD and Telnet
  • SSHD UNIX file
  • SSHD - Using ICSF and
  • /dev/random)
  • SSHD - Creating configuration files
  • SHD - Creating SSHD server keys
  • SSHD - Set up SSHD server userids
  • SSHD - Create SSHD server started task
  • SSHD - TCP configuration
  • SSHD - Verify z/OS DNS / Resolver operation
  • The FTP server
  • FTPS and SFTP
  • Pros and cons of FTPS and SFTP
  • Customising the FTP.DATA dataset
  • Customising the PROFILE & SERVICES datasets
  • Starting FTP
  • SYSLOGD
  • SYSLOGD -/dev/console and /dev/log
  • SYSLOGD - create the syslog daemon configuration file
  • SYSLOGD - create empty syslog output file
  • SYSLOGD - port and services assignments
  • SYSLOGD started task JCL
  • OMVS startup
  • SYSLOGD RACF definitions
  • OMPROUTE
  • OMPROUTE - configuration file
  • OMPROUTE reserve the ports
  • OMPROUTE - update the RESOLVER configuration file
  • OMPROUTE - started task JCL
  • OMPROUTE services port numbers
  • OMPROUTE - RACF definitions
  • OMPROUTE - SYSLOGD;
  • OMPROUTE - static routes
  • OMPROUTE - Configure OSPF authentication
  • Customising other servers
  • Enterprise Extender
  • z/OS services for SNA traffic
  • PPN parameters in startup options
  • Implementation considerations
  • TCP/IP implementation
  • DYNAMICXCF
  • IUTSAMEH
  • DYNAMICXCF & HiperSockets;
  • Modifications to TCP/IP profile
  • Modifications to OSPF interface
  • Proof of initialisation of IUTSAMEH
  • VTAM implementation
  • Defining the XCA HPRIP major node
  • Defining model major nodes for EE connections and RTP pipes
  • Defining switched PUs for EE connections

TCP/IP Security

  • Why secure the TCP/IP network
  • Tasks that need protection with SERVAUTH Class
  • Policy based networking
  • SERVAUTH Resource Class responsibilities
  • SERVAUTH Resource Class
  • Protecting the TCPIP stack
  • Example of protecting the stack
  • Protecting your network access
  • Application considerations when using NETACCESS
  • Using the NETSTAT and PING commands to check protection
  • Protecting your network ports
  • RACF definitions for protecting network ports
  • Using the NETSTAT command to check PORT access
  • Protecting the use of socket options
  • What are network commands
  • Protecting network commands - z/OS TCPIP commands
  • Protecting network commands - NETSTAT and ONESTAT commands
  • Protecting network commands - EZACMD REXX program
  • Protecting FTP access
  • Other FTP profiles
  • Protecting TN3270 Secure Telnet Port
  • Protecting the MODDVIPA command
  • Introduction to policy based networking
  • The Policy Agent
  • RACF and PAGENT
  • Other address spaces that will need RACF profiles
  • Central policy server
  • SERVAUTH authorisation for Policy Client
  • Quality of Service
  • SNMP overview
  • SNMP in operation
  • IP filtering
  • IP Security
  • IKE protocols
  • CSFSERV resource class
  • Network Address Translation
  • Intrusion Detection Services
  • Application Transparent Transport Layer Security
  • TN3270 security
  • Secure FTP
  • Note to Auditors
  • Next step?

Problem Determination Considerations

  • Problem determination tools
  • The PING and OPING commands
  • The TRACERTE and the OTRACERT commands
  • TCP/IP SYSLOG output
  • TCP/IP packet trace overview
  • Starting a packet trace
  • The external writer procedure
  • Stopping a packet trace
  • Analysing a packet trace with IPCS
  • Non-z/OS packet traces
  • TCP/IP component trace overview
  • Starting and stopping a component trace
  • Analysing a component trace via IPCS
  • Analysing a component trace
  • Other available traces
  • Packet trace

Sample Definitions

  • Sample TCPIP.PROFILE dataset
  • Sample TCPIP.DATA dataset
  • Sample TCPIP.SERVICES dataset
  • Sample Inted Configuration file
  • Sample FTP Configuration file
  • Sample ROUTED Configuration file
  • Sample SMPT Configuration file