Networking with z/OS - Boot Camp

What you will learn

On successful completion of this course you will be able to:

• list the characteristics of APPC communication
• identify the major SNA components and their role within the architecture
• identify and use the various address structures used in SNA
• describe the purpose and data flow characteristics of each session type
• explain how chaining, bracketing and pacing operate
• identify the major SNA commands and command flows
• characterise SNA requests and responses
• interpret SNA message structures at each level
• describe the operation of path control and its components
• list the characteristics of APPC communication
• define and configure the Enterprize Extender
• describe the importance and use of APPC verbs
• identify the APPN node types and explain their function
• explain the principles of APPN routing and addressing
• define startup and session establishment procedures to VTAM
• reinforce understanding of SNA architecture implementation
• define network resources (major/minor nodes) to VTAM
• avoid the most common mistakes made by new users
• identify and code routing requirements for a VTAM network
• code the definitions to support cross-domain communication
• understand uses of VTAM console commands
• describe various backup/recovery facilities
• understand the use of VTAM generics and Multi Node Persistent sessions in a Parallel Sysplex
• define these components in a Parallel Sysplex
• describe the main objectives of the TCP/IP protocols
• explain the structure and use of IP addresses
• distinguish between an application and a protocol
• identify TCP/IP message formats
• explain what port numbers are and why some are well known
• explain how IP routing operates and how messages are delivered to the right node
• understand the function, purpose, and use of subnetting, and be able to specify suitable subnet masks for given implementations
• describe how the FTP application operates and how it can be used
• explain how the Telnet and TN3270 applications operate and how they can be used
• explain how the world wide web application operates
• describe how TCP operates and how connections are established, used, and terminated
• explain retransmission, sliding windows, and out of band data
• describe how UDP operates
• explain fragmentation and reassembly
• explain the purpose of CIDR and describe how it operates
• describe the purpose and function of the ICMP protocols and give examples of their use
• describe the purpose and function of the ARP protocol and state why it is required
• describe the purpose and use of the RARP protocol and its relationship to the BootP and DHCP protocols
• explain how a TCP/IP network can be installed, configured, tested, and managed
• explain how public/private key encryption techniques work
• describe the contents and use of a Digital Certificate
• state the purpose of the Secure Sockets Layer
• describe the principles of Firewalls
• describe the structure, operation and the addressing mechanisms used in a TCP/IP network
• list the major configuration steps involved in customising TCP/IP for z/OS and explain the Security Server customisation required in z/OS
• explain the purpose and use of Virtual IP addressing (VIPA) and explain how to code for both a static and dynamic VIPA configuration
• describe how to define devices to TCP/IP for z/OS and explain how to define the TCP/IP for z/OS host IP address(es)
• describe the purpose and customisation of the DATA data set
• define the host name, domain name and DNS information
• describe the purpose and use of the HOSTS file and the SERVICES data set
• explain the configuration of the TN3270 server and the SNA gateway and explain the VTAM configuration required to support the gateway
• implement a VTAM USS table for TN3270 users
• describe the operation and customisation of the FTP server and its major security features
• explain how to implement the TLS and SSL protocol technology to protect data exchanges between client and server applications.
• explain the operation and customisation of the SMTP server and the Routed server
• describe the purpose and use of the major MVS, TSO and USS commands
• explain how to start, stop and interpret a TCP/IP packet trace and a component trace
• describe in overview how SNMP is implemented on z/OS and list the steps involved in customising SNMP under z/OS
• describe how Digital Certificates can be implemented and used within z/OS and how various clients and servers use the certificates.
• explain how Digital Certificates are used in a policy-based z/OS environment
• explain the rules and policies used in the Policy Agent ( PAGENT) to dictate how users, applications and organizations access and use their IT resources
• understand how the PAGENT can be configued as a Central Policy Server
• explain how to implement IP Security

Who Should Attend

Systems Programmers and Network Administrators working in a z/OS environment.

Prerequisites

An understanding of the z/OS environment.

Duration

10 days

Fee (per attendee)

P.O.A.

This includes free online 24/7 access to course notes.

Hard copy course notes are available on request from rsmshop@rsm.co.uk

at £50.00 plus carriage per set.

Course Code

SNBC

Contents

SNA Introduction

What is SNA?; Pre-SNA networks; SNA hardware and software; SNA elements; Sessions; SNA layers; SNA message units; Session establishment sequence; Why APPN?; APPN node types; Resource registration; Resource location; LU-LU session activation; Locating resources.

Network Accessible Units

SNA Network Addressable Units (NAUs); SSCP/CP functions; PU types; Message flow; Address awareness; Subarea network addresses; APPN network address; Local addresses; Address conversion.

APPN/HPR in Detail

Introduction to APPN; APPN protocol; Base and Towers; SNA layer model; Why APPC?; APPC LU differences; Route calculation; APPN Class Of Service; APPN COS definition in VTAM; Transmission groups; Channel to Channel Adapters; Cross domain logon processing; PU Type 2.1; The Address Space Manager; APPN and the Boundary Function; Link Stations; APPN Node Services; Topology Database; Learning of Topology; Garbage Collection; HPR overview; The High Performance pouting principle; Rapid Transport Protocol; RTP Route Recovery; APPN/HPR options; Adaptive rate based pacing; ISTRTPNM; HPR only links.

Network Installation & Definition

Network planning; Network installation; MVS installation considerations; VM installation considerations; Network related datasets; VTAM start procedure; Structure of SYS1.VTAMLST; The ATCSTR00 member of SYS1.VTAMLST; The ATCCON00 member of SYS1.VTAMLST; Network definition - major & minor nodes.

SNA Sessions

Sessions and half-sessions; half session layers; session types; setup flows; initiation sequences; logon request processing; LU-LU session types.

APPN Message Structures

Message format and flow; RU categories; BIU structures; request header format; response header format; transmission header formats; additional TH fields; FID conversion.

Session Data Flow

The NAU layers; session profiles; session level pacing; adaptive session level pacing; request chaining; bracketing; Send/Receive modes; function management headers; BIND command.

Console Commands

The START command; The DISPLAY command; The VARY command; The MODIFY command; The HALT command.

Applications and Local Terminals

Applications and local terminals; Application programs; Local terminals; VTAM and application programs; The Application Major Node; TSO session establishment; VTAM and Local SNA terminals; The Local SNA Major Node; VTAM and Local non-SNA terminals; The Local non-SNA Major Node; VTAM and TCP/IP; The Application Major Node for TCP/IP; TN3270; Transport Resource List for MPC + TCPIP resources; Dynamic Models; Switched Major Nodes.

User-Coded Tables

Assembled Tables; Unformatted System Services (USS) logon procedure; Mode Tables; USS Tables; USSCMD macro format; USSPARM macro format; SNA/SCS message 10 example; SNA character set; Non-SNA/3270 message 10 example; 3270 commands and orders.

Path Control

Path control functions; boundary node path control; intermediate node path control; transmission groups; explicit routes; virtual routes; VR activation; route selection; virtual route pacing; FID4 TH header format; segmentation and PIU blocking.

Multi-Systems Networking Facility

MSNF terminology; Path control; Transmission groups; Explicit and virtual routes; The PATH statement; The Class of Service table (COS); Channel to Channel Adapters; Cross domain logon processing; Cross Domain Resource Managers; Dynamic CDRSC definitions; Cross Domain Resources; Adjacent SSCP Table.

Advanced Program to Program Communication

SAA: APPC and SAA; LU6.2 sessions; conversations and sessions; required information; mapped and basic conversations; APPC verbs; Generalised data stream; GDS variables. APPC Application Definitions in VTAMLST.

APPN

Why APPN?; APPN node types; Resource registration; Resource location; LU-LU session activation; Locating resources; Route calculation; APPN Class Of Service; APPN COS definition in VTAM; APPN route setup; APPN routing; High Performance Routing; APPN/HPR and SNA; APPN/HPR message formats; ANR operation; RTP features; RTP path switching; APPN and Subarea SNA; APPN definitions in ATCSTR00.

Using VTAM Generics and Multi Node Persistent Sessions

What is sysplex?; Not a new concept; So what's new?; 'Before' and 'after' sysplex; XCF sysplex requirements; Components of the XCF sysplex; Server Time Protocol; Clock synchronization techniques; XCF sysplex definitions; XCF sysplex services; Signalling and Status Monitoring services; Group services; The parallel sysplex; The parallel sysplex concept; Couple Data Sets; Planning CFRM - identification and structure size; VTAM generic resources; TSO generic resources.

Introduction to TCP/IP

What is TCP/IP?; why TCP/IP?; the growth of the Internet; internetworking principles; IP addressing: example, IP address and physical address; Internet domain names; Internet domain name hierarchy; TCP/IP protocols; common user applications; common system applications; the next generation.

TCP/IP Architecture

Protocol boundaries; port numbers; message formats; transport & network protocols; 'A Tale of Two Transports'; principles of IP routing; the structure of the Internet.

TCP/IP Applications

Client/Server applications; addressing the server; Berkeley sockets; a TCP communication; a UDP communication; the File Transfer Protocol application; using FTP; the Telnet application; using Telnet; the World Wide Web application; using the Web.

Transport Level Protocols

TCP and UDP compared; Transport Level Message formats; UDP datagram format; UDP checksum pseudo-header; UDP in action; TCP segment format; TCP checksum pseudo-header; connection setup and release; sequence numbers; segment acknowledgement; TCP reliability; TCP Sliding Windows; Sliding Windows in action; TCP Control Flags; TCP Segment Format; TCP Finite State Machine; establishing a TCP connection; TCP data transfer; TCP connection release.

Network Level Protocols

Resolving Internet domain names; the Network Level Protocols; IP services; IP address classes; subnetting principles; subnetting mechanism; subnetting in action; IP datagram format; fragmentation and reassembly; type of service; Time To Live; IP datagram format review; IP address space exhaustion; Classless Inter-Domain Routing: CIDR in action; Internet Control Message Protocol: ICMP message format, example ICMP messages; Address Resolution Protocol: ARP message format, ARP in action; Reverse Address Resolution Protocol: RARP in action, RARP message format; the Bootstrap Protocol: BootP message format, BootP in action, the problem with BootP; Dynamic Host Configuration Protocol: DHCP message format.

Networking Considerations

Setting up a TCP/IP host; network infrastructure; interconnection devices; TCP/IP addressing and naming; choosing names and addresses; security and privacy; firewalls and encryption; public key encryption: principles, capabilities; Digital Certificates; Secure Sockets Layer; Firewalls

Overview of TCP/IP on z/OS

TCP/IP for z/OS; TCP/IP access to SNA applications; How the gateway works; SNA access to TCP/IP applications; Communications Storage Manager; Device connectivity; Device attachments; Direct vs indirect attachment; Direct attachment problem; Virtual IP addressing - the solution; Sharing attachments across LPARs; UNIX Systems Services considerations.

TCP/IP for z/OS Installation

UNIX Systems Services prerequisites; Security Server prerequisites; Customisation procedure (Steps 1 through 8); z/OS customisation procedures; 'Must Have' reference manuals; 'Nice to Have' reference manuals.

TCP/IP for z/OS - Command Overview

Starting and stopping TCP/IP; commands: MODIFY, VARY, OBEYFILE, NETSTAT.

Profile Definitions

Required host information; customising the PROFILE dataset; PROFILE data set syntax; device interface properties; Statements that define an interface; DEVICE statement; LINK statement; defining LCS,defining CLAW devices; OSAs, Hipersockets and Channel Attached Routes; OSA diagnostic device; QDIO and non-QDIO; OSA Express CHPID definitions; Adding an OSA Control Unit and device; Adding OSAD device; Hipersockets ;Hipersockets definition; CHPID Type IQD;MTU sizes; Channel Attached Routers and Servers; Defining MPCPTP devices; Defining MPCIPA devices; HOME statement; INTERFACE - IPAQENET OSA-Express QDIO interfaces statement; Syntax for INTERFACE - IPAQENET OSA-Express QDIO; Syntax for INTERFACE -- IPAQIDIO HiperSockets interfaces statement; Virtual IP addressing - a reminder; defining VIPA devices using the VIRTUAL statement; Specifying the Source IP Address; Syntax for INTERFACE -- VIRTUAL interfaces statement; Examples of the INTERFACE statement for VIPA; The START statement; The routing statements; Subnetting - a reminder; Routing statements: GATEWAY, BEGINROUTES, BSDROUTINGPARMS; variable subnets and GATEWAY; variable subnets and BEGINROUTES; statements: VIPAs; Static VIPA; Dynamic VIPA; Dynamic VIPA - introduction; Dynamic VIPA takeover; Stack-managed DVIPA; Non-disruptive dynamic VIPA takeback; Application-specific DVIPA; IOCTL or Command-Activated DVIPA; Dynamic VIPA statements; MODDVIPA (EZBXFDVP) utility; TCPIP commands for Dynamic VIPAS in a Sysplex;Dynamic VIPA usage; When does the DVIPA move?; Distributed VIPA - introduction;Distributed VIPA statements; TCPIP commands for Distributed VIPAS in a Sysplex; Communication Paths in a Sysplex; DynamicXCF transport choices; IUTSAMEH; XCF Groups and their usage; Display XCF groups; Load balancing and availability; Sysplex Distributor; Sysplex Distributor and MNLB; Connection Optimizing DNS; Information flow overview; DNS/WLM registration; Single system IP perspective of the sysplex; TCPSTACKSOURCEVIPA / SYSPLEXPORTS; CFRM policy example; Enterprise Extender; z/OS services for SNA traffic; APPN parameters in startup options; Implementation considerations; TCP/IP implementation; IUTSAMEH; DYNAMICXCF; DYNAMICXCF & HiperSockets; Modifications to TCP/IP profile; Modifications to OSPF interface; Proof of initialisation of IUTSAMEH; VTAM implementation; Defining the XCA HPRIP major node; Defining model Major Nodes for EE connections and RTP pipes; Defining switched Pus for EE connections; operational statements.

Other Datasets Needed

Customising the DATA dataset; a ssociation with the TCP/IP stack; specifying the host name and domain name; specifying the name server parameters; A typical DATA dataset ; RESOLVER;RESOLVER procedure; RESOLVER files ;Resolver other statements; CINET GLOBALTCPIPDATA; TCPIP.DATA Search Order; The SITE dataset; The SERVICES file.

Server Customisation

Configurable servers;TN3270 customisation steps; updating the TN3270 started task JCL; TelnetGlobals statement;Reducing demand for ECSA storage; TELNETPARMS statement; updating the PORT statement; BEGINVTAM statement; VTAM application major node; defining a USS table; Identifying the USS table in the PROFILE dataset; other TN3270 profile statements; UNIX Telnet server operation; customising the INETD server; starting Inetd and Telnet; SSHD UNIX files; SSHD - Using ICSF and /dev/random);SSHD - Creating configuration files; SSHD - Creating SSHD server keys; SSHD - Set up SSHD server userids; SSHD - Create SSHD server started task; SSHD - TCP configuration; SSHD - Verify z/OS DNS / Resolver operation; FTP server in operation; FTPS and SFTP; Pros and cons of FTPS and SFTP; customising the FTP.DATA dataset; customising the PROFILE and SERVICES datasets for FTP; Starting FTP; SYSLOGD ;SYSLOGD -/dev/console and /dev/log ; SYSLOGD Create the syslog daemon configuration file; SYSLOGD Create empty syslog output file; SYSLOGD - Port and Services assignments ; SYSLOGD Started Task JCL; OMVS startup ;SYSLOGD RACF Definitions; operation and customisation of the ROUTED server; OMPROUTE; OMPROUTE - Configuration file; OMPROUTE Reserve the ports; OMPROUTE - Update the Resolver Configuration File; OMPROUTE - Started Task JCL; OMPROUTE Services Port Numbers; OMPROUTE - RACF defintions; OMPROUTE - SYSLOGD; OMPROUTE - Static Routes; OMPROUTE - Configure OSPF authentication; operation and customisation of the SMTP server; customising other servers.

RACF & Digital Certificates

Cryptography in Internet applications; Public key cryptography overview; What is a digital certificate?; Public key & certificate; Uses for certificates in applications; Secure Sockets Layer (SSL); Digital certificates and RACF; How RACF uses digital certificates; RACF classes & commands; RACF certification generation; RACDCERT command; Creating a certificate; Gencert examples; Key rings; Certification installation; RACDCERT ADD examples; Certification installation; Certificate management.

TCP/IP Security

Why secure the TCP/IP Network; Tasks that need protection with SERVAUTH Class; Policy Based Networking; SERVAUTH Resource Class responsibilities; SERVAUTH Resource Class; Protecting the TCPIP Stack; Protecting your Network Access; Application considerations when using NETACCESS; Using the NETSTAT and PING commands to check protection; Protecting your network ports; RACF definitions for protecting Network Ports; Using the NETSTAT command to check PORT access; Protecting the use of Socket Options; What are network commands; Protecting Network commands: z/OS TCPIP commands, Netstat and Onetstat commands, EZACMD REXX program; Protecting FTP access; Other FTP Profiles; Protecting TN3270 Secure Telnet Port; Protecting the MODDVIPA command; Introduction to Policy Based Networking; The Policy Agent; RACF and PAGENT; Other address spaces that will need RACF Profiles; Central Policy Server; SERVAUTH authorisation for Policy Client; Quality of Service; IP Filtering; IP Security; IKE protocols; CSFSERV resource class; Network Address Translation; Intrusion Detection Services; Application Transparent Transport Layer Security; TN3270 security; Secure FTP.

Problem Determination Considerations

Problem determination tools; The PING and OPING commands; The TRACERTE and the OTRACERT commands; TCP/IP SYSLOG output ; TCP/IP packet trace overview; Starting a packet trace; The external writer procedure; Stopping a packet trace; Analysing a packet trace with IPCS; Analysing a packet trace; Non-z/OS packet traces; TCP/IP component trace overview; Starting and stopping a component trace; Analysing a component trace via IPCS; Analysing a component trace; Other available traces; Packet trace.

Network Management Considerations

SNMP overview; SNMP in operation; The ASN 1 protocol; SNMP on z/OS; Basic SNMP Components; SNMP on z/OS; SNMP support on z/OS; Configuring SNMP on z/OS; Configuring the SNMP v1 & v2 agent; Configuring the SNMP v3 agent; The OSNMPD.DATA data set; Configuring the SNMP query engine; Configuring the SNMP manager.

Sample Definitions

Sample TCPIP.PROFILE data set; Sample TCPIP.DATA data set; Sample TCPIP.SERVICES data set; Sample Inted Configuration file; Sample FTP Configuration file; Sample ROUTED Configuration file; Sample SMPT Configuration file.