This new, four-day course is the second part of the definitive z/OS Communications Server training programme. This course explains in detail how TCP/IP works in a z/OS environment. Installation, profile definition and implementation are all taught in depth. All versions of TCP/IP for z/OS are covered, along with all the servers. Additionally, all the essential and important configuration options are explained and examples are provided.
Extensive hands-on practical sessions, in which each student has their own system to work on, form the central part of the course. These sessions make up approximately 30% of the whole course. Each segment of the course also contains extensive review questions/exercises - thus ensuring that all students fully grasp each topic before moving on to the next.
This course is also available for one-company, on-site presentations and for live presentation over the Internet, via the Virtual Classroom Environment service.
Attendance on the courses TCP/IP Fundamentals and z/OS Communications Server Part 1 - SNA & VTAM or equivalent experience. A familiarity with UNIX is also required and some z/OS systems programming experience would be an advantage, but is not essential.
Delegates will learn how to
- describe the structure, operation and the addressing mechanisms used in a TCP/IP network
- list the major configuration steps involved in customising TCP/IP for z/OS and explain the Security Server customisation required in z/OS
- explain the purpose and use of Virtual IP addressing (VIPA) and explain how to code for both a static and dynamic VIPA configuration
- explain the purpose and use of Distributed VIPAs and the need for Sysplex Distributor
- describe and define devices to TCP/IP for z/OS and explain how to define the TCP/IP for z/OS host IP address(es)
- describe and define the purpose and customisation of the DATA dataset and RESOLVER
- define the host name, domain name and DNS information
- describe and define the HOSTS file and the SERVICES dataset
- explain the configuration of the TN3270 server and the SNA gateway and explain the VTAM configuration required to support the gateway
- implement a VTAM USS table for TN3270 users
- describe and define the Telenet servers, INETD and SSHD
- describe and define the operation and customisation of the FTP server and its major security features
- explain the differences between SFTP and FTPS
- explain and define the operation and customisation of the SMTP server, the ROUTED and OMPROUTE servers
- describe the purpose and use of the major TCPIP, TSO and USS commands
- explain how to start, stop and interpret a TCP/IP packet trace and a component trace using IPCS and WireShark
- describe in overview how SNMP is implemented on z/OS and list the steps involved in customising SNMP under z/OS
- explain and define the purpose of the Enterprise Extender
- explain how the security product Policy Agent is used and why it is needed
- explain and define the structures required in a Parallel Sysplex for TCPIP High Availability.
Review of TCP/IP Fundamentals
What is TCP/IP?; Why are we interested in TCP/IP?; What does TCP/IP comprise?; Internetworking principles; IPv4 addressing principles; IPv4 addressing in detail;IPv4 subnetting principles; IPv4 subnetting mechanism; IPv4 subnetting in action;IPv4 variable subnetting principles; IPv4 variable subnetting mechansim;Network Address Translation; One to One NAT; Network Address Port Translation (NAPT); TCP/IP protocol stack; IPv4 Address Resolution Protocol; IPv4 Dynamic Host Configuration Protocol; Why IPv6?; IPv6 addressing; IPv6 prefixes and address types; Global unicast address format; Anycast address; Multicast address; Required host information; Port numbers; IPv4 Transport Protocol message formats; IPv4 Internet Protocol message format; IPv6 packet format; IPv6 header format; Extension Headers; IPv6 Routing Header; IPv6 fragmentation header; IPv6 options header; Internet domain names; Internet domain name hierarchy; Common user applications; Common system applications.
Overview of TCP/IP on z/OS
TCP/IP for z/OS; TCP/IP access to SNA applications; How the gateway works; SNA access to TCP/IP applications; Communications Storage Manager; Device connectivity; Device attachments; Direct vs indirect attachment; Direct attachment problem; Virtual IP addressing - the solution; Sharing attachments across LPARs; UNIX Systems Services considerations.
TCP/IP for z/OS Installation
UNIX Systems Services prerequisites; Security Server prerequisites; Customisation procedure (Steps 1 through 8); z/OS customisation procedures; 'Must Have' reference manuals; 'Nice to Have' reference manuals.
TCP/IP for z/OS Command Overview
Available TCP/IP commands, Starting and stopping TCP/IP; commands: MODIFY,DISPLAY, VARY, OBEYFILE, NETSTAT.
Required host information; customising the PROFILE dataset; PROFILE dataset syntax; device interface properties; Statements that define an interface; DEVICE statement; LINK statement; defining LCS,defining CLAW devices; OSAs, Hipersockets and Channel Attached Routes; OSA diagnostic device; QDIO and non-QDIO; OSA Express CHPID definitions; Adding an OSA Control Unit and device; Adding OSAD device; Hipersockets ;Hipersockets definition; CHPID Type IQD;MTU sizes; Channel Attached Routers and Servers; Defining MPCPTP devices; Defining MPCIPA devices; HOME statement; INTERFACE - IPAQENET OSA-Express QDIO interfaces statement; Syntax for INTERFACE - IPAQENET OSA-Express QDIO; Syntax for INTERFACE -- IPAQIDIO HiperSockets interfaces statement; Virtual IP addressing - a reminder; defining VIPA devices using the VIRTUAL statement; Specifying the Source IP Address; Syntax for INTERFACE -- VIRTUAL interfaces statement; Examples of the INTERFACE statement for VIPA; The START statement; The routing statements; Subnetting - a reminder; Routing statements: GATEWAY, BEGINROUTES, BSDROUTINGPARMS; variable subnets and GATEWAY; variable subnets and BEGINROUTES; statements: VIPAs; Static VIPA; Dynamic VIPA; Dynamic VIPA - introduction; Dynamic VIPA takeover; Stack-managed DVIPA; Non-disruptive dynamic VIPA takeback; Application-specific DVIPA; IOCTL or Command-Activated DVIPA; Dynamic VIPA statements; MODDVIPA (EZBXFDVP) utility; TCPIP commands for Dynamic VIPAS in a Sysplex;Dynamic VIPA usage; When does the DVIPA move?; Distributed VIPA - introduction;Distributed VIPA statements; TCPIP commands for Distributed VIPAS in a Sysplex; Communication Paths in a Sysplex; DynamicXCF transport choices; IUTSAMEH; XCF Groups and their usage; Display XCF groups; Load balancing and availability; Sysplex Distributor; Sysplex Distributor and MNLB; Connection Optimizing DNS; Information flow overview; DNS/WLM registration; Single system IP perspective of the sysplex; TCPSTACKSOURCEVIPA / SYSPLEXPORTS; CFRM policy example; Enterprise Extender; z/OS services for SNA traffic; APPN parameters in startup options; Implementation considerations; TCP/IP implementation; IUTSAMEH; DYNAMICXCF; DYNAMICXCF & HiperSockets; Modifications to TCP/IP profile; Modifications to OSPF interface; Proof of initialisation of IUTSAMEH; VTAM implementation; Defining the XCA HPRIP major node; Defining model Major Nodes for EE connections and RTP pipes; Defining switched Pus for EE connections; operational statements.
Other Datasets Needed
Customising the DATA dataset; association with the TCP/IP stack; specifying the host name and domain name; specifying the name server parameters; A typical DATA dataset ;RESOLVER;RESOLVER procedure;RESOLVER files; Resolver other statements ; CINET GLOBALTCPIPDATA; TCPIP.DATA Search Order; The SITE dataset; The SERVICES file.
Configurable servers;TN3270 customisation steps; updating the TN3270 started task JCL; TelnetGlobals statement;Reducing demand for ECSA storage; TELNETPARMS statement; updating the PORT statement; BEGINVTAM statement; VTAM application major node; defining a USS table; Identifying the USS table in the PROFILE dataset; other TN3270 profile statements; UNIX Telnet server operation; customising the INETD server; starting Inetd and Telnet; SSHD UNIX files; SSHD - Using ICSF and /dev/random);SSHD - Creating configuration files; SSHD - Creating SSHD server keys; SSHD - Set up SSHD server userids; SSHD - Create SSHD server started task; SSHD - TCP configuration; SSHD - Verify z/OS DNS / Resolver operation; FTP server in operation; FTPS and SFTP; Pros and cons of FTPS and SFTP; customising the FTP.DATA dataset; customising the PROFILE and SERVICES datasets for FTP; Starting FTP; SYSLOGD ;SYSLOGD -/dev/console and /dev/log ; SYSLOGD Create the syslog daemon configuration file; SYSLOGD Create empty syslog output file; SYSLOGD - Port and Services assignments ; SYSLOGD Started Task JCL; OMVS startup ;SYSLOGD RACF Definitions; operation and customisation of the ROUTED server; OMPROUTE; OMPROUTE - Configuration file; OMPROUTE Reserve the ports; OMPROUTE - Update the Resolver Configuration File; OMPROUTE - Started Task JCL; OMPROUTE Services Port Numbers; OMPROUTE - RACF defintions; OMPROUTE - SYSLOGD; OMPROUTE - Static Routes; OMPROUTE - Configure OSPF authentication; operation and customisation of the SMTP server; customising other servers.
Why secure the TCP/IP Network; Tasks that need protection with SERVAUTH Class; Policy Based Networking; SERVAUTH Resource Class responsibilities; SERVAUTH Resource Class; Protecting the TCPIP Stack; Protecting your Network Access; Application considerations when using NETACCESS; Using the NETSTAT and PING commands to check protection; Protecting your network ports; RACF definitions for protecting Network Ports; Using the NETSTAT command to check PORT access; Protecting the use of Socket Options; What are network commands; Protecting Network commands: z/OS TCPIP commands, Netstat and Onetstat commands, EZACMD REXX program; Protecting FTP access; Other FTP Profiles; Protecting TN3270 Secure Telnet Port; Protecting the MODDVIPA command; Introduction to Policy Based Networking; The Policy Agent; RACF and PAGENT; Other address spaces that will need RACF Profiles; Central Policy Server; SERVAUTH authorisation for Policy Client; Quality of Service; IP Filtering; IP Security; IKE protocols; CSFSERV resource class; Network Address Translation; Intrusion Detection Services; Application Transparent Transport Layer Security; TN3270 security; Secure FTP.
Problem Determination Considerations
Problem determination tools; The PING and OPING commands; The TRACERTE and the OTRACERT commands; TCP/IP SYSLOG output ; TCP/IP packet trace overview; Starting a packet trace; The external writer procedure; Stopping a packet trace; Analysing a packet trace with IPCS; Analysing a packet trace; Non-z/OS packet traces; TCP/IP component trace overview; Starting and stopping a component trace; Analysing a component trace via IPCS; Analysing a component trace; Other available traces; Packet trace.
Network Management Considerations
SNMP overview; SNMP in operation; The ASN 1 protocol; SNMP on z/OS; Basic SNMP Components; SNMP on z/OS; SNMP support on z/OS; Configuring SNMP on z/OS; Configuring the SNMP v1 & v2 agent; Configuring the SNMP v3 agent; The OSNMPD.DATA dataset; Configuring the SNMP query engine; Configuring the SNMP manager.
Sample TCPIP.PROFILE dataset; Sample TCPIP.DATA dataset; Sample TCPIP.SERVICES dataset; Sample Inted Configuration file; Sample FTP Configuration file; Sample ROUTED Configuration file; Sample SMPT Configuration file.