Enhanced Networking on IBM z/VSE

Enhanced Networking on IBM z/VSE

by Joerg Schmidbauer, Jeffrey Barnard, Ingo Franzki, Karsten Graul, Don Stoever, Rene Trumpp
Released February 2014
Publisher(s): IBM Redbooks
ISBN: None

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

The importance of modern computer networks is steadily growing as increasing amounts of data are exchanged over company intranets and the Internet. Understanding current networking technologies and communication protocols that are available for the IBM® mainframe and System z® operating systems is essential for setting up your network infrastructure with z/VSE®.

This IBM Redbooks® publication helps you install, tailor, and configure new networking options for z/VSE that are available with TCP/IP for VSE/ESA, IPv6/VSE, and Fast Path to Linux on System z (Linux Fast Path). We put a strong focus on network security and describe how the new OpenSSL-based SSL runtime component can be used to enhance the security of your business.

This IBM Redbooks publication extends the information that is provided in Security on IBM z/VSE, SG24-7691.

Table of contents

  1. Front cover
  2. Notices
    1. Trademarks
  3. Preface
    1. The team who wrote this book
    2. Now you can become a published author, too!
    3. Comments welcome
    4. Stay connected to IBM Redbooks
  4. Chapter 1. Networking options overview
    1. 1.1 Overview
    2. 1.2 Hardware options
      1. 1.2.1 OSA-Express
      2. 1.2.2 OSA-Integrated Console Controller
      3. 1.2.3 OSA-Express in QDIO mode
      4. 1.2.4 OSA-Express
      5. 1.2.5 OSA for NCP support
      6. 1.2.6 Intra-Ensemble Data Network support
      7. 1.2.7 OSA-Express multi-port support
      8. 1.2.8 HiperSockets (IQD)
      9. 1.2.9 Virtual local area network
      10. 1.2.10 Shared OSA adapter versus HiperSockets
      11. 1.2.11 Using HiperSockets to communicate with Linux on System z
      12. 1.2.12 QDIO buffer configuration
      13. 1.2.13 Virtual OSA devices and VMAC
    3. 1.3 Software options
      1. 1.3.1 IPv4
      2. 1.3.2 IPv6
      3. 1.3.3 Why IPv6?
      4. 1.3.4 Dual stack support
      5. 1.3.5 Migration from IPv4 to IPv6
      6. 1.3.6 IPv6 products for z/VSE
      7. 1.3.7 Securing your connections with Secure Sockets Layer
      8. 1.3.8 Options for printing
      9. 1.3.9 Overview of APIs
      10. 1.3.10 Available applications
      11. 1.3.11 Choosing a socket API when designing your applications
      12. 1.3.12 Enabling your applications for IPv6
  5. Chapter 2. TCP/IP for VSE/ESA
    1. 2.1 Overview
    2. 2.2 Standard features
    3. 2.3 Other optional features
    4. 2.4 Applications that are provided with TCP/IP for VSE
    5. 2.5 Application programming interfaces
    6. 2.6 Setting up and running TCP/IP for VSE
    7. 2.7 FTP hints
      1. 2.7.1 Internal FTP server suggestions
      2. 2.7.2 Using external FTPBATCH servers
    8. 2.8 Partition priorities
    9. 2.9 Security
    10. 2.10 Remote running with REXX
    11. 2.11 Version checking
    12. 2.12 Datagram analysis
    13. 2.13 Known problems
      1. 2.13.1 Routing in a subnet
      2. 2.13.2 Using SSL ciphers
      3. 2.13.3 Secure SSL port
      4. 2.13.4 SSL client does not verify the server certificate
      5. 2.13.5 TLS issue with IBM Personal Communications 6.0.7
  6. Chapter 3. IPv6/VSE
    1. 3.1 Overview
    2. 3.2 Obtaining and activating a license key
    3. 3.3 Stack setup
      1. 3.3.1 IPv4 stack setup
      2. 3.3.2 IPv6 stack setup
      3. 3.3.3 Mixed IPv4 and IPv6 network setup
      4. 3.3.4 Setting up a dual-stacked system
      5. 3.3.5 UDPv4 in a coupled stack environment
      6. 3.3.6 Connectivity considerations
    4. 3.4 Setting up FTP
      1. 3.4.1 Security
      2. 3.4.2 VSE as a server
      3. 3.4.3 VSE as a client
    5. 3.5 Setting up TN3270
      1. 3.5.1 Setting up VTAM
      2. 3.5.2 Starting a TN3270 server
      3. 3.5.3 Controlling the terminal type
      4. 3.5.4 Connecting with IBM Personal Communications
      5. 3.5.5 Connecting with Open Text Exceed
      6. 3.5.6 Connecting with wc3270
    6. 3.6 Setting up TN3270E printing
      1. 3.6.1 TN3270E setup
      2. 3.6.2 BSTTVNET JCL
      3. 3.6.3 Node error program
    7. 3.7 Setting up SSL
      1. 3.7.1 Installing the prerequisite programs
      2. 3.7.2 Creating the keystore
      3. 3.7.3 Removing the private CA key from the client keyring file
      4. 3.7.4 Deciding whether to use the SSL proxy server or AT-TLS
      5. 3.7.5 Specifying parameters
      6. 3.7.6 Configuring the SSL proxy server
      7. 3.7.7 Configuring the AT-TLS server
      8. 3.7.8 Considerations on blocking clear ports
      9. 3.7.9 Configuring wc3270 for SSL
      10. 3.7.10 Configuring IBM Personal Communications for SSL
      11. 3.7.11 Configuring secure FTP
      12. 3.7.12 Configuring VSE Connector Server
      13. 3.7.13 SSL client authentication
      14. 3.7.14 Using TLSv1.2
    8. 3.8 Setting up CICS Web Support
      1. 3.8.1 Modifying the CICS startup job
      2. 3.8.2 Defining the TCP/IP host name
      3. 3.8.3 Considerations for SSL
    9. 3.9 Known problems
      1. 3.9.1 VSE cannot be reached
      2. 3.9.2 BSTT075E LUNAME NOT AVAIL
      3. 3.9.3 SSL connect error with wc3270
      4. 3.9.4 Other SSL connect errors
      5. 3.9.5 Hang situation with BSTTATLS/BSTTPRXY
      6. 3.9.6 Return codes 3100 / 1700 from IJBCRLIB
      7. 3.9.7 BSTTFTPC fails to connect to Windows Server 2008
      8. 3.9.8 Batch email cannot relay mail
      9. 3.9.9 LDAP sign on by using SSL does not work
      10. 3.9.10 GnuTLS error -53: Error in the push function
  7. Chapter 4. Fast Path to Linux on System z
    1. 4.1 Overview
    2. 4.2 Concept of LFP instances and LFP daemons
    3. 4.3 LFP in a z/VM environment
      1. 4.3.1 Linux guest setup
      2. 4.3.2 VSE guest setup
    4. 4.4 z/VM IP Assist
      1. 4.4.1 Configuration user setup
      2. 4.4.2 Setting up the VIA guest
      3. 4.4.3 Setting up VSE guest
      4. 4.4.4 Using the LFP trace with VIA
    5. 4.5 LFP in an LPAR environment
      1. 4.5.1 Prerequisites
      2. 4.5.2 Hardware setup
      3. 4.5.3 VSE setup
      4. 4.5.4 Linux setup
    6. 4.6 IBM applications that support LFP
      1. 4.6.1 VSE Connector Server
      2. 4.6.2 Using the Virtual z/VSE FTP Daemon
    7. 4.7 Using secure connections with SSL
      1. 4.7.1 Using a VIA guest
      2. 4.7.2 Using a Linux on System z guest
      3. 4.7.3 Configuring the z/VSE virtual FTP daemon for SSL
    8. 4.8 Known problems
      1. 4.8.1 Error accessing the config disk
      2. 4.8.2 SE file transfer had a problem
      3. 4.8.3 User ID not authorized for SMSG
      4. 4.8.4 Invalid command response from VIA user
      5. 4.8.5 No response from VIA user
      6. 4.8.6 Profile cannot be loaded
  8. Chapter 5. OpenSSL
    1. 5.1 Overview
      1. 5.1.1 What is available on z/VSE
      2. 5.1.2 What is unique in z/VSE
      3. 5.1.3 Runtime variables
      4. 5.1.4 What is not available in z/VSE
    2. 5.2 Access to the OpenSSL API
    3. 5.3 Creating random numbers
      1. 5.3.1 Characteristics of random number generators
      2. 5.3.2 Random number generation in OpenSSL
      3. 5.3.3 Alternatives
      4. 5.3.4 Considerations for the z/VSE crypto device driver
      5. 5.3.5 Performance
    4. 5.4 Keystore considerations
      1. 5.4.1 Creating a PEM keystore
      2. 5.4.2 Exporting PEM to PFX
      3. 5.4.3 Importing PFX to PEM
      4. 5.4.4 Password-protected keystores
    5. 5.5 Programming
      1. 5.5.1 Include files
      2. 5.5.2 Passed socket number
      3. 5.5.3 Socket calls
      4. 5.5.4 Switching between GSK and OpenSSL socket calls
      5. 5.5.5 Specifying the key ring
      6. 5.5.6 Using a password-protected keyring
      7. 5.5.7 Supported cipher suites
      8. 5.5.8 Specifying cipher suites
      9. 5.5.9 Supported RSA key lengths
      10. 5.5.10 Debugging
      11. 5.5.11 Hardware crypto support
      12. 5.5.12 Programming example
    6. 5.6 Performing the OpenSSL speed test
      1. 5.6.1 Test parameters
      2. 5.6.2 Test results
    7. 5.7 How OpenSSL is used on z/VSE
    8. 5.8 OpenSSL vulnerabilities
    9. 5.9 Considerations on TLSv1.2
    10. 5.10 Restrictions
      1. 5.10.1 No SHA-512 support
  9. Chapter 6. Comparison of stacks and protocols
    1. 6.1 Stacks comparison
      1. 6.1.1 Installation libraries
      2. 6.1.2 Virtual storage organization
      3. 6.1.3 Commands
      4. 6.1.4 Comparison of protocols
    2. 6.2 Applications comparison
      1. 6.2.1 FTP server
      2. 6.2.2 FTP clients
      3. 6.2.3 AutoFTP
      4. 6.2.4 TN3270
      5. 6.2.5 Printing
      6. 6.2.6 AutoLPR
      7. 6.2.7 Inserts coding
      8. 6.2.8 Email
      9. 6.2.9 Creating PDF documents
      10. 6.2.10 Remote EXEC client
    3. 6.3 Performance
    4. 6.4 SSL
    5. 6.5 Comparison of APIs
      1. 6.5.1 Socket APIs
      2. 6.5.2 SSL APIs
      3. 6.5.3 Crypto APIs
    6. 6.6 Considerations for DB2 Server for VSE interfaces
    7. 6.7 Considerations for IBM applications
      1. 6.7.1 VSE Connector Server
      2. 6.7.2 Virtual tape
      3. 6.7.3 CICS Web Support
      4. 6.7.4 Encryption Facility for z/VSE
      5. 6.7.5 Basic Security Manager
    8. 6.8 Known problem: ftp.exe hangs on Windows 7
      1. 6.8.1 Symptom
      2. 6.8.2 Solution
  10. Appendix A. API reference
    1. Socket APIs
    2. SSL APIs
  11. Related publications
    1. IBM Redbooks
    2. Other publications
    3. Online resources
    4. Help from IBM
  12. Back cover

Product information

  • Title: Enhanced Networking on IBM z/VSE
  • Author(s): Joerg Schmidbauer, Jeffrey Barnard, Ingo Franzki, Karsten Graul, Don Stoever, Rene Trumpp
  • Release date: February 2014
  • Publisher(s): IBM Redbooks
  • ISBN: None