z/OS Communications Server Part 2 - Implementing TCP/IP under z/OS


This new, four-day course is the second part of the definitive z/OS Communications Server training programme. This course explains in detail how TCP/IP works in a z/OS environment. Installation, profile definition and implementation are all taught in depth. All versions of TCP/IP for z/OS are covered, along with all the servers. Additionally, all the essential and important configuration options are explained and examples are provided.

Extensive hands-on practical sessions, in which each student has their own system to work on, form the central part of the course. These sessions make up approximately 30% of the whole course. Each segment of the course also contains extensive review questions/exercises - thus ensuring that all students fully grasp each topic before moving on to the next.

This course is also available for one-company, on-site presentations and for live presentation over the Internet, via the Virtual Classroom Environment service.

The next step

For those network administrators and network systems programmer who also have security responsibilities the next course is TCP/IP Security in a z/OS Environment.

Public dates - click to book!

27 November 2017 8 January 2018

Objectives

On successful completion of this course you will be able to:

  • describe the structure, operation and the addressing mechanisms used in a TCP/IP network
  • list the major configuration steps involved in customising TCP/IP for z/OS and explain the Security Server customisation required in z/OS
  • explain the purpose and use of Virtual IP addressing (VIPA) and explain how to code for both a static and dynamic VIPA configuration
  • explain the purpose and use of Distributed VIPAs and the need for Sysplex Distributor
  • describe and define devices to TCP/IP for z/OS and explain how to define the TCP/IP for z/OS host IP address(es)
  • describe and define the purpose and customisation of the DATA dataset and RESOLVER
  • define the host name, domain name and DNS information
  • describe and define the HOSTS file and the SERVICES dataset
  • explain the configuration of the TN3270 server and the SNA gateway and explain the VTAM configuration required to support the gateway
  • implement a VTAM USS table for TN3270 users
  • describe and define the Telenet servers, INETD and SSHD
  • describe and define the operation and customisation of the FTP server and its major security features
  • explain the differences between SFTP and FTPS
  • explain and define the operation and customisation of the SMTP server, the ROUTED and OMPROUTE servers
  • describe the purpose and use of the major TCPIP, TSO and USS commands
  • explain how to start, stop and interpret a TCP/IP packet trace and a component trace using IPCS and WireShark
  • describe in overview how SNMP is implemented on z/OS and list the steps involved in customising SNMP under z/OS
  • explain and define the purpose of the Enterprise Extender
  • explain how the security product Policy Agent is used and why it is needed
  • explain and define the structures required in a Parallel Sysplex for TCPIP High Availability.

Who Should Attend

This course is designed for network technicians, systems programmers and technical managers who need a thorough understanding of how TCP/IP for z/OS is installed and configured.

Prerequisites

Attendance on the courses TCP/IP Fundamentals and z/OS Communications Server Part 1 - SNA & VTAM or equivalent experience. A familiarity with UNIX is also required and some z/OS systems programming experience would be an advantage, but is not essential.

Duration

4 days

Fee (per attendee)

£1850 (ex VAT)

Course Code

CTMZ

Contents

Review of TCP/IP Fundamentals

What is TCP/IP?; Why are we interested in TCP/IP?; What does TCP/IP comprise?; Internetworking principles; IPv4 addressing principles; IPv4 addressing in detail;IPv4 subnetting principles; IPv4 subnetting mechanism; IPv4 subnetting in action;IPv4 variable subnetting principles; IPv4 variable subnetting mechansim;Network Address Translation; One to One NAT; Network Address Port Translation (NAPT); TCP/IP protocol stack; IPv4 Address Resolution Protocol; IPv4 Dynamic Host Configuration Protocol; Why IPv6?; IPv6 addressing; IPv6 prefixes and address types; Global unicast address format; Anycast address; Multicast address; Required host information; Port numbers; IPv4 Transport Protocol message formats; IPv4 Internet Protocol message format; IPv6 packet format; IPv6 header format; Extension Headers; IPv6 Routing Header; IPv6 fragmentation header; IPv6 options header; Internet domain names; Internet domain name hierarchy; Common user applications; Common system applications.

Overview of TCP/IP on z/OS

TCP/IP for z/OS; TCP/IP access to SNA applications; How the gateway works; SNA access to TCP/IP applications; Communications Storage Manager; Device connectivity; Device attachments; Direct vs indirect attachment; Direct attachment problem; Virtual IP addressing - the solution; Sharing attachments across LPARs; UNIX Systems Services considerations.

TCP/IP for z/OS Installation

UNIX Systems Services prerequisites; Security Server prerequisites; Customisation procedure (Steps 1 through 8); z/OS customisation procedures; 'Must Have' reference manuals; 'Nice to Have' reference manuals.

TCP/IP for z/OS Command Overview

Available TCP/IP commands, Starting and stopping TCP/IP; commands: MODIFY,DISPLAY, VARY, OBEYFILE, NETSTAT.

Profile Definitions

Required host information; customising the PROFILE dataset; PROFILE dataset syntax; device interface properties; Statements that define an interface; DEVICE statement; LINK statement; defining LCS,defining CLAW devices; OSAs, Hipersockets and Channel Attached Routes; OSA diagnostic device; QDIO and non-QDIO; OSA Express CHPID definitions; Adding an OSA Control Unit and device; Adding OSAD device; Hipersockets ;Hipersockets definition; CHPID Type IQD;MTU sizes; Channel Attached Routers and Servers; Defining MPCPTP devices; Defining MPCIPA devices; HOME statement; INTERFACE - IPAQENET OSA-Express QDIO interfaces statement; Syntax for INTERFACE - IPAQENET OSA-Express QDIO; Syntax for INTERFACE -- IPAQIDIO HiperSockets interfaces statement; Virtual IP addressing - a reminder; defining VIPA devices using the VIRTUAL statement; Specifying the Source IP Address; Syntax for INTERFACE -- VIRTUAL interfaces statement; Examples of the INTERFACE statement for VIPA; The START statement; The routing statements; Subnetting - a reminder; Routing statements: GATEWAY, BEGINROUTES, BSDROUTINGPARMS; variable subnets and GATEWAY; variable subnets and BEGINROUTES; statements: VIPAs; Static VIPA; Dynamic VIPA; Dynamic VIPA - introduction; Dynamic VIPA takeover; Stack-managed DVIPA; Non-disruptive dynamic VIPA takeback; Application-specific DVIPA; IOCTL or Command-Activated DVIPA; Dynamic VIPA statements; MODDVIPA (EZBXFDVP) utility; TCPIP commands for Dynamic VIPAS in a Sysplex;Dynamic VIPA usage; When does the DVIPA move?; Distributed VIPA - introduction;Distributed VIPA statements; TCPIP commands for Distributed VIPAS in a Sysplex; Communication Paths in a Sysplex; DynamicXCF transport choices; IUTSAMEH; XCF Groups and their usage; Display XCF groups; Load balancing and availability; Sysplex Distributor; Sysplex Distributor and MNLB; Connection Optimizing DNS; Information flow overview; DNS/WLM registration; Single system IP perspective of the sysplex; TCPSTACKSOURCEVIPA / SYSPLEXPORTS; CFRM policy example; Enterprise Extender; z/OS services for SNA traffic; APPN parameters in startup options; Implementation considerations; TCP/IP implementation; IUTSAMEH; DYNAMICXCF; DYNAMICXCF & HiperSockets; Modifications to TCP/IP profile; Modifications to OSPF interface; Proof of initialisation of IUTSAMEH; VTAM implementation; Defining the XCA HPRIP major node; Defining model Major Nodes for EE connections and RTP pipes; Defining switched Pus for EE connections; operational statements.

Other Datasets Needed

Customising the DATA dataset; association with the TCP/IP stack; specifying the host name and domain name; specifying the name server parameters; A typical DATA dataset ;RESOLVER;RESOLVER procedure;RESOLVER files; Resolver other statements ; CINET GLOBALTCPIPDATA; TCPIP.DATA Search Order; The SITE dataset; The SERVICES file.

Server Customisation

Configurable servers;TN3270 customisation steps; updating the TN3270 started task JCL; TelnetGlobals statement;Reducing demand for ECSA storage; TELNETPARMS statement; updating the PORT statement; BEGINVTAM statement; VTAM application major node; defining a USS table; Identifying the USS table in the PROFILE dataset; other TN3270 profile statements; UNIX Telnet server operation; customising the INETD server; starting Inetd and Telnet; SSHD UNIX files; SSHD - Using ICSF and /dev/random);SSHD - Creating configuration files; SSHD - Creating SSHD server keys; SSHD - Set up SSHD server userids; SSHD - Create SSHD server started task; SSHD - TCP configuration; SSHD - Verify z/OS DNS / Resolver operation; FTP server in operation; FTPS and SFTP; Pros and cons of FTPS and SFTP; customising the FTP.DATA dataset; customising the PROFILE and SERVICES datasets for FTP; Starting FTP; SYSLOGD ;SYSLOGD -/dev/console and /dev/log ; SYSLOGD Create the syslog daemon configuration file; SYSLOGD Create empty syslog output file; SYSLOGD - Port and Services assignments ; SYSLOGD Started Task JCL; OMVS startup ;SYSLOGD RACF Definitions; operation and customisation of the ROUTED server; OMPROUTE; OMPROUTE - Configuration file; OMPROUTE Reserve the ports; OMPROUTE - Update the Resolver Configuration File; OMPROUTE - Started Task JCL; OMPROUTE Services Port Numbers; OMPROUTE - RACF defintions; OMPROUTE - SYSLOGD; OMPROUTE - Static Routes; OMPROUTE - Configure OSPF authentication; operation and customisation of the SMTP server; customising other servers.

TCP/IP Security

Why secure the TCP/IP Network; Tasks that need protection with SERVAUTH Class; Policy Based Networking; SERVAUTH Resource Class responsibilities; SERVAUTH Resource Class; Protecting the TCPIP Stack; Protecting your Network Access; Application considerations when using NETACCESS; Using the NETSTAT and PING commands to check protection; Protecting your network ports; RACF definitions for protecting Network Ports; Using the NETSTAT command to check PORT access; Protecting the use of Socket Options; What are network commands; Protecting Network commands: z/OS TCPIP commands, Netstat and Onetstat commands, EZACMD REXX program; Protecting FTP access; Other FTP Profiles; Protecting TN3270 Secure Telnet Port; Protecting the MODDVIPA command; Introduction to Policy Based Networking; The Policy Agent; RACF and PAGENT; Other address spaces that will need RACF Profiles; Central Policy Server; SERVAUTH authorisation for Policy Client; Quality of Service; IP Filtering; IP Security; IKE protocols; CSFSERV resource class; Network Address Translation; Intrusion Detection Services; Application Transparent Transport Layer Security; TN3270 security; Secure FTP.

Problem Determination Considerations

Problem determination tools; The PING and OPING commands; The TRACERTE and the OTRACERT commands; TCP/IP SYSLOG output ; TCP/IP packet trace overview; Starting a packet trace; The external writer procedure; Stopping a packet trace; Analysing a packet trace with IPCS; Analysing a packet trace; Non-z/OS packet traces; TCP/IP component trace overview; Starting and stopping a component trace; Analysing a component trace via IPCS; Analysing a component trace; Other available traces; Packet trace.

Network Management Considerations

SNMP overview; SNMP in operation; The ASN 1 protocol; SNMP on z/OS; Basic SNMP Components; SNMP on z/OS; SNMP support on z/OS; Configuring SNMP on z/OS; Configuring the SNMP v1 & v2 agent; Configuring the SNMP v3 agent; The OSNMPD.DATA dataset; Configuring the SNMP query engine; Configuring the SNMP manager.

Sample Definitions

Sample TCPIP.PROFILE dataset; Sample TCPIP.DATA dataset; Sample TCPIP.SERVICES dataset; Sample Inted Configuration file; Sample FTP Configuration file; Sample ROUTED Configuration file; Sample SMPT Configuration file.


© RSM Technology 2017