For full text search please use the '?' prefix. e.g. ? Onboarding

Z platform

Z is the brand name for IBM's range of mainframe products. A bunch of tools and technologies are named after it, collectively referred to as the "Z Platform".

Hardware

The exact arrangement of hardware within fames differs based on configuration, but at a high level:

  • Internal batteries provide emergency power to ensure graceful shutdown, preventing interruption to in-flight transactions.
  • Redundant power supplies ensure failure of an individual power supply unit or external supply can be tolerated.
  • PCIe I/O drawers contain I/O devices:
    • Crypto assist cards.
    • Network cards.
    • Compression cards.
    • FICON.
  • Support Elements provide a means of configuring the system during turnup and troubleshooting.
  • System Control Hubs provide the network used by the Support Elements.
  • CPC drawers can be pulled out to reveal processors and memory.
  • PCIe fan-outs are cables running to PCIe I/O cards.
  • Flexible Service Processor grants access to the internal management network.
  • Radiator pumps draw cold air from the floor and blow hot air out the back, circulating refrigerant throughout the frame.

IBM Z hardware contains different types of processors in its CPC drawers:

  • A CP performs general computation.
  • An SAP performs I/O, freeing up CPs.
  • An IFL has special licensing for running Linux operating systems.
  • Some workloads are offloaded onto a zIIP, e.g. Java.

The I/O cage contains I/O adapters connected to disk storage devices (DASD) identified by CHPID and PCHID.

Support Elements aren't used just for administration -- all of the following are stored on the SE:

  • LIC used to bring up the system.
  • Details of which images to boot on which CPs.
  • IOCDS, which defines the I/O configuration for the CPC's channel subsystem.
  • Battery-operated clock, which sets the CPC Time of Day clock during a POR.

Cryptography

The IBM 4767 Cryptographic Coprocessor is a FIPS-compliant (level 4) HSM that forms the basis of CPACF and Crypto Express cards.

CPACF provides hardware instruction set support for cryptographic operations.

Crypto Express PCIe cards can be used to wrap stored clear keys with transport keys.

Millicode

Millicode creates a layer between the principles of operations and the microarchitecture allowing backwards compatibility with older instruction sets, allowing microcode implementation to change over time without changing the instruction set.

It powers system initialisation and IML and provides the SIE instruction required to enable virtualisation.

HMC

The HMC is used to administer the system on a day-to-day basis, able to perform most operations of the support element. One HMC can maintain up to 100 mainframes, and a mainframe can be administered from up to 16 HMCs.

By default, several accounts are created to provide separation of duties:

  • OPERATOR is an operator
  • ADVANCED is an advanced operator
  • SYSPROG is an system programmer
  • ACSADMIN is an access administrator
  • SERVICE is an service representative

Notifications about the system's performance are visible in the HMC:

  • Exceptions indicate non-recoverable failures that require investigation.
  • Hardware and Operating System Messages provide notifications about interruptions of service.

Operating systems

Z platform hardware typically runs a purpose built operating system appropriate to its use case.

  • z/OS is a 64-bit mainframe operating system, a direct descendent of OS/360.
  • z/VM is a type 1 hypervisor.
  • z/TPF Transaction Processing Facility, high volume of transactions being processed in real-time (travel, logistics).
  • z/VSE Virtual Storage Extended.
  • Linux on IBM Z
  • KVM (Private) on Z

Virtualisation support was hosted on PR/SM before it was replaced with DPM in z13 and beyond.

z/OS

z/OS Components

  • Transaction Managers manage access to resources:
    • WebSphere is a web and application server that enables creation of websites.
    • CICS is a general purpose OLTP subsystem that enables executing programs in real-time as its program and data resources are in use by other users.
    • IMS is a hierarchical database and information management system.
  • Databases store and index data:
    • DB2 is a family of database server and data warehousing products.
  • Batch Jobs execute jobs on a series of data.
  • Security Manager applies access controls, limiting access to resources.
  • End User Interfaces bridge the gap between users and the system:
    • TSO hosts interactive CLI sessions.
    • ISPF provides a menu-driven interface.
  • Crypto Services offers encryption and decryption of data.
  • Workload Managers
    • WLM ensures quality of service based on configured goals or job priorities by managing virtual memory and disk I/O.
    • IRD optimises performance across processors and I/O channels by grouping LPARs on the same Z system into an LPAR cluster, allowing WLM to manage resources across the cluster.
  • Job Output
    • SDSF System Display and Search Facility allows you to fetch output from jobs.
  • Job Management:
    • JES Job Entry Subsystem receives job submissions declared in Job Control Language.
  • Software Maintenance:
    • SMP/E Software Maintenance Programme (Extended)
  • SNA TCP/IP Systems Network Architecture TCP/IP
  • Performance Monitoring
    • RMF Resource Monitoring Facility
  • Activity Reporting
    • SMF Systems Management Facility
  • Automated Disk Management
    • DFSMS Data Facility Storage Management Service
  • z/OS Unix Services
    • USS Unix System Services

Features

  • HiperSockets provide in-memory TCP/IP connections between LPARs within a CPC.
  • HiperDispatch reduces CPU contention on LPARs, improving cache performance, offering more predictable performance.
  • zDAC Discovery and Auto-configuration helps locate FICON/SAN devices and manage I/O configuration (HCD; Hardware Configuration Definition)
  • VFM is storage-class memory in the CPC which improves paging performance.
  • zAware (z Advanced Workload Analysis Reporter) alerts on deviations from ordinary operation.
  • z/OSMF is the z/OS Management Facility.
  • MVS Multiple Virtual Storage.
  • GDG Generation Data Group.

Security

The process for obtaining access to resources is:

  1. User request to resource manager.
  2. Resource manger to SAF, a router for identifying the appropriate system, e.g. RACF.
  3. SAF directs the request to RACF.
  4. RACF does lookup in its database and responds.

RACF

User profiles comprise:

  • User ID.
  • Owner of the ID.
  • Credentials; zero or more of:
    • Password, below 8 characters.
    • Passphrase, beyond 8 characters.
  • Special attributes; zero or more of:
    • RACF special, allowing authorisation stuff.
  • Group memberships.

All groups except SYS1 have a superior (owning) group.

Permissions on data sets

ALTER allows full access. CONTROL allows create, deletion and renaming. UPDATE allows reading from and writing to a resource. READ allows only reading. EXECUTE allows opening datasets to load programs from the library. NONE allows no access.

Permissions are managed with the PERMIT command.

Catalogs are data sets that contain information about other data sets, allowing users to query data sets by name without needing to know their locations. The system's master catalog is shared between all users, and each user has their own catalog.

Pervasive encryption allows encryption at-rest and in-flight, deferring decryption to the point of use.

Sysplex

Sysplex is a means of clustering mainframes for high availability workload processing.

There are a number of components:

  • STP synchronises CPC TOD clocks.
  • GRS allows multiple machines to access the same data sets by serialising access.
  • XCF manages communications between applications in a Sysplex, and authentication across systems.
  • Coupling Links allow direct memory access between systems, connecting LPARs to processors.
  • CDS are shared between the Sysplex members.

They can be configured scenarios:

  • A Monoplex is a single mainframe Sysplex, often used in testing/staging.
  • A Base Sysplex uses system to system connection.
  • A Parallel Sysplex is connected using an LPAR as a coupling facility. There should be multiple replicas of this LPAR.

A Parallel Sysplex allows performing a rolling IPL, enabling downtime-free maintenance by temporarily migrating workloads to other members.

Development

Development is client-server, with z/OS running on real Z hardware and the development environment communicating with it over z/OSMF. To authenticate you need a z/OSMF URL, username and password. You may need to disable certificate verification in development environments.

Surprisingly modern tooling is available for working with the Z platform:

Process

At a high level:

  1. Make your changes to your *.cbl source code.
  2. Submit your source code to the JES using a *.jcl file describing the job, yielding a job ID. Ensure that the JCL provides data definitions for all files used within your COBOL source code.
  3. Fetch the result spool for the job, which includes your program's output.

Job Control Language

JCL defines a job and the dependencies necessary to run it.

//NAME TYPE ARG,ARG,ARG

Common types:

  • DD data definition:
    • DSN specifies data source name
    • DISP specifies action mode:
      • SHR allows shared reads.
  • EXEC executes a program:
    • First argument is the application program or procedure.
    • All other arguments are passed to the program.
  • JOB job

Media

Backlinks