z/OS Communications Server Part 2 - Implementing TCP/IP under z/OS


This new, four-day course is the second part of the definitive z/OS Communications Server training programme. This course explains in detail how TCP/IP works in a z/OS environment. Installation, profile definition and implementation are all taught in depth. All versions of TCP/IP for z/OS are covered, along with all the servers. Additionally, all the essential and important configuration options are explained and examples are provided.

Extensive hands-on practical sessions, in which each student has their own system to work on, form the central part of the course. These sessions make up approximately 30% of the whole course. Each segment of the course also contains extensive review questions/exercises - thus ensuring that all students fully grasp each topic before moving on to the next.

This course is also available for one-company, on-site presentations and for live presentation over the Internet, via the Virtual Classroom Environment service.

The next step

For those network administrators and network systems programmer who also have security responsibilities the next course is TCP/IP Security in a z/OS Environment.

Virtual Classroom Environment dates - click to book!

10 August 2020 26 October 2020

What is a 'Virtual Classroom Environment'?

 

What do I need?

  • webcam
  • headphones with microphone
  • sufficient bandwidth, at least 1.5 Mb/s in each direction.

What you will learn

On successful completion of this course you will be able to:

  • describe the structure, operation and the addressing mechanisms used in a TCP/IP network
  • list the major configuration steps involved in customising TCP/IP for z/OS and explain the Security Server customisation required in z/OS
  • explain the purpose and use of Virtual IP addressing (VIPA) and explain how to code for both a static and dynamic VIPA configuration
  • explain the purpose and use of Distributed VIPAs and the need for Sysplex Distributor
  • describe and define devices to TCP/IP for z/OS and explain how to define the TCP/IP for z/OS host IP address(es)
  • describe and define the purpose and customisation of the DATA dataset and RESOLVER
  • define the host name, domain name and DNS information
  • describe and define the HOSTS file and the SERVICES dataset
  • explain the configuration of the TN3270 server and the SNA gateway and explain the VTAM configuration required to support the gateway
  • implement a VTAM USS table for TN3270 users
  • describe and define the Telenet servers, INETD and SSHD
  • describe and define the operation and customisation of the FTP server and its major security features
  • explain the differences between SFTP and FTPS
  • explain and define the operation and customisation of the SMTP server, the ROUTED and OMPROUTE servers
  • describe the purpose and use of the major TCPIP, TSO and USS commands
  • explain how to start, stop and interpret a TCP/IP packet trace and a component trace using IPCS and WireShark
  • describe in overview how SNMP is implemented on z/OS and list the steps involved in customising SNMP under z/OS
  • explain and define the purpose of the Enterprise Extender
  • explain how the security product Policy Agent is used and why it is needed
  • explain and define the structures required in a Parallel Sysplex for TCPIP High Availability.

Who Should Attend

This course is designed for network technicians, systems programmers and technical managers who need a thorough understanding of how TCP/IP for z/OS is installed and configured.

Prerequisites

Attendance on the courses TCP/IP Fundamentals and z/OS Communications Server Part 1 - Implementing APPN and VTAM or equivalent experience. A familiarity with UNIX on z/OS is also required and some z/OS systems programming experience is needed.

Duration

4 days

Fee (per attendee)

£1950 (ex VAT)

Course Code

CTMZ

Contents

TCP/IP Review

What is TCP/IP?; Why are we interested in TCP/IP?; What does TCP/IP comprise?; Internetworking principles; IPv4 addressing; IPv4 subnetting; IPv4 variable subnetting; Network Address Translation; One to One NAT; Network Address Port Translation (NAPT); TCP/IP protocol stack; IPv4 Address Resolution Protocol; IPv4 Dynamic Host Configuration Protocol; Why IPv6?; IPv6 addressing; IPv6 prefixes and address types; Global unicast address format; Anycast address; Multicast address; Required host information; Port numbers; IPv4 Transport Protocol message formats; IPv4 Internet Protocol: message format, packet format, header format; Extension Headers; IPv6 Routing Header; IPv6 fragmentation header; IPv6 options header; Internet domain names; Internet domain name hierarchy; Common user application; Common system applications.

An Overview of TCP/IP on z/OS

TCP/IP for z/OS; TCP/IP access to SNA applications; How the gateway works; SNA access to TCP/IP applications; Communications Storage Manager ; Device connectivity and attachments; Direct vs indirect attachment; Direct attachment problem; Virtual IP addressing - the solution; Sharing attachments across LPARs; UNIX Systems Services considerations.

TCP/IP for z/OS Installation

UNIX Systems Services prerequisites; Security Server prerequisites; Communications storage manager; Datasets required; TCP/IP and TN3270 procedures; Required host information; Customising the DATA dataset; DATA dataset syntax; Association with the TCP/IP stack; Specifying the Host Name and Domain Name; Specifying the name server parameters; A typical DATA dataset; RESOLVER: procedure, files, other statements; CINET GLOBALTCPIPDATA; TCPIP.DATA search order; VTAM TRL Major Node; Servers and devices; HCD definitions; Sysplex distributor; z/OS libraries required; 'Must Have' reference manuals; Nice to Have' reference manuals.

TCP/IP for z/OS - Command Overview

Available TCP/IP commands; The START and STOP commands; The MODIFY command; The DISPLAY command; The VARY command; The OBEYFILE command; The NETSTAT and onetstat commands; NETSTAT command options.

Basic Profile Definitions

Customising the PROFILE dataset; PROFILE dataset syntax; Device interface properties; Statements that define an interface; The basic DEVICE statement; The basic LINK statement; Defining LCS devices; Defining CLAW devices; OSAs, Hipersockets and Channel Attached Routers; OSA diagnostic device; QDIO and non-QDIO; OSA Express CHPID definitions; Adding an OSA Control Unit and device; Adding OSAD device; Hipersockets; Hipersockets definition; CHPID Type IQD; MTU sizes; Channel Attached Routers and Servers; Defining MPCPTP devices; Defining MPCIPA devices; The HOME statement; The START statement; INTERFACE - IPAQENET OSA-Express QDIO interfaces statement; Syntax for INTERFACE - IPAQENET OSA-Express QDIO; Syntax for INTERFACE -- IPAQIDIO HiperSockets interfaces statement; The routing statements; Subnetting - a reminder; The GATEWAY statement; The BEGINROUTES statement; The BSDROUTINGPARMS statement; Variable subnets and GATEWAY; Variable subnets and BEGINROUTES; Operational statements.

VIPAs and Sysplex

VIPAs; Static VIPA; Dynamic VIPA; Virtual IP addressing - a reminder; Defining VIPA devices; Specifying the source IP address; Syntax for INTERFACE -- VIRTUAL interfaces statement; Examples of the INTERFACE statement for VIPA; IP solutions in a sysplex; Communication paths in a Sysplex; DynamicXCF transport choices; IUTSAMEH; XCF Groups and their usage; Display XCF groups; DYNAMICXCF; DYNAMICXCF & HiperSockets; Dynamic VIPA - introduction; Dynamic VIPA takeover; Stack-managed DVIPA; Non-disruptive dynamic VIPA takeback; Application-specific DVIPA; IOCTL or Command-Activated DVIPA; Dynamic VIPA statements; MODDVIPA (EZBXFDVP) utility; Dynamic VIPA usage; When does the DVIPA move?; Load balancing and availability; Sysplex Distributor; How the Sysplex Distributor works; Backup capability; Recovery; The role of dynamic routing with Sysplex Distributor; Sysplex Distributor and policy; Sysplex Distributor and MNLB; Connection Optimizing DNS; nformation flow overview; DNS weights; DNS/WLM registration; Starting the DNS server; Distributed VIPA - introduction; Distributed VIPA statements; Single system IP perspective of the sysplex; TCPSTACKSOURCEVIPA / SYSPLEXPORTS; CFRM policy example.

Other Datasets Needed

The SITE dataset; The SERVICES file.

Server Customisation

Configurable servers; TN3270 server customisation steps; Updating the TN3270 started task JCL; TelnetGlobals statement; Reducing demand for ECSA storage; The TELNETPARMS statement; The PORT statement; The BEGINVTAM statement; The VTAM application major node; Defining a USS table; Identifying the USS table in the PROFILE dataset; The UNIX Telnet server; Customising the INETD Server; Starting INETD and Telnet; SSHD UNIX file; SSHD - Using ICSF and /dev/random); SSHD - Creating configuration files; SHD - Creating SSHD server keys; SSHD - Set up SSHD server userids; SSHD - Create SSHD server started task; SSHD - TCP configuration; SSHD - Verify z/OS DNS / Resolver operation; The FTP server; FTPS and SFTP; Pros and cons of FTPS and SFTP; Customising the FTP.DATA dataset; Customising the PROFILE & SERVICES datasets; Starting FTP; SYSLOGD; SYSLOGD -/dev/console and /dev/log; SYSLOGD - create the syslog daemon configuration file; SYSLOGD - create empty syslog output file; SYSLOGD - port and services assignments; SYSLOGD started task JCL; OMVS startup; SYSLOGD RACF definitions; OMPROUTE; OMPROUTE - configuration file; OMPROUTE reserve the ports; OMPROUTE - update the RESOLVER configuration file; OMPROUTE - started task JCL; OMPROUTE services port numbers; OMPROUTE - RACF definitions; OMPROUTE - SYSLOGD; OMPROUTE - static routes; OMPROUTE - Configure OSPF authentication; Customising other servers; Enterprise Extender; z/OS services for SNA traffic; PPN parameters in startup options; Implementation considerations; TCP/IP implementation; DYNAMICXCF; IUTSAMEH; DYNAMICXCF & HiperSockets; Modifications to TCP/IP profile; Modifications to OSPF interface; Proof of initialisation of IUTSAMEH; VTAM implementation; Defining the XCA HPRIP major node; Defining model major nodes for EE connections and RTP pipes; Defining switched PUs for EE connections.

TCP/IP Security

Why secure the TCP/IP network; Tasks that need protection with SERVAUTH Class; Policy based networking; SERVAUTH Resource Class responsibilities; SERVAUTH Resource Class; Protecting the TCPIP stack; Example of protecting the stack; Protecting your network access; Application considerations when using NETACCESS; Using the NETSTAT and PING commands to check protection; Protecting your network ports; RACF definitions for protecting network ports; Using the NETSTAT command to check PORT access; Protecting the use of socket options; What are network commands; Protecting network commands - z/OS TCPIP commands; Protecting network commands - NETSTAT and ONESTAT commands; Protecting network commands - EZACMD REXX program; Protecting FTP access; Other FTP profiles; Protecting TN3270 Secure Telnet Port; Protecting the MODDVIPA command; Introduction to policy based networking; The Policy Agent; RACF and PAGENT; Other address spaces that will need RACF profiles; Central policy server; SERVAUTH authorisation for Policy Client; Quality of Service; SNMP overview; SNMP in operation; IP filtering; IP Security; IKE protocols; CSFSERV resource class; Network Address Translation; Intrusion Detection Services; Application Transparent Transport Layer Security; TN3270 security; Secure FTP; Note to Auditors; Next step?.

Problem Determination Considerations

Problem determination tools; The PING and OPING commands; The TRACERTE and the OTRACERT commands; TCP/IP SYSLOG output; TCP/IP packet trace overview; Starting a packet trace; The external writer procedure; Stopping a packet trace; Analysing a packet trace with IPCS; Non-z/OS packet traces; TCP/IP component trace overview; Starting and stopping a component trace; Analysing a component trace via IPCS; Analysing a component trace; Other available traces; Packet trace; Sample definitions; Sample TCPIP.PROFILE dataset; Sample TCPIP.DATA dataset; Sample TCPIP.SERVICES dataset; Sample Inetd Configuration file; Sample FTP Configuration file; Sample ROUTED Configuration file; Sample SMPT Configuration file.

Network Management Considerations

SNMP overview; SNMP in operation; The ASN 1 protocol; SNMP on z/OS; Basic SNMP Components; SNMP on z/OS; SNMP support on z/OS; Configuring SNMP on z/OS; Configuring the SNMP v1 & v2 agent; Configuring the SNMP v3 agent; The OSNMPD.DATA dataset; Configuring the SNMP query engine; Configuring the SNMP manager.

Sample Definitions

Sample TCPIP.PROFILE dataset; Sample TCPIP.DATA dataset; Sample TCPIP.SERVICES dataset; Sample Inted Configuration file; Sample FTP Configuration file; Sample ROUTED Configuration file; Sample SMPT Configuration file.


© RSM Technology 2020