CICS / WebSphere

The latest version of IBM CICS Transaction Gateway (CICS TG), Version 9.0, was made generally available in December 2012. CICS TG V9.0 builds on the strengths of previous versions by elimi-nating many of the restrictions and variations between different deployment topologies and provid-ing enhancements so CICS TG can be used in a wider variety of deployments and process larger workloads than ever before. Some of the trade-offs between the various deployment options have been eliminated, allowing CICS TG to be used in a configuration that best fits your needs and re-quirements.

Let’s take a look at some of the major enhancements provided in CICS TG V9.0.

Capacity and Scalability

Designed to cope with the ever-increasing demands of the modern enterprise, CICS TG V9.0 in-cludes some significant improvements that allow it to handle higher volumes of requests with larger payloads than ever before.

By employing multiple Gateway daemons configured as a highly available Gateway group, cus-tomers using CICS TG for z/OS can dynamically increase CICS TG capacity by adding Gateway daemon instances to the group. However, when using the IPIC protocol to connect CICS TG to multiple CICS servers, and processing large channel payloads from client applications, a Gateway daemon in the group can easily reach the resource limits of a 31-bit address space. With CICS TG V9.0, these limits are raised considerably by allowing CICS TG to operate within a 64-bit address space. By simply configuring the Gateway daemon to use a 64-bit Java Virtual Machine (JVM) in-stead of a 31-bit JVM, it’s possible for CICS TG to cope with thousands of concurrent requests with large channel payloads (see Figure 1). This can mean fewer Gateway daemons are required to cope with the demands of the enterprise.

To accompany the support for 64-bit Gateway daemons, CICS TG V9.0 for z/OS includes a new system environment statistic, SE_C31MAX, which shows the real-time limit of used 31-bit user storage within the Gateway daemon address space. When coupled with the existing SE_CELOAL statistic, which shows the currently allocated 31-bit user storage, a systems administrator can de-tect the onset of an out-of-memory condition and take preventive action.

For two-tier topologies using the IPIC protocol, CICS TG V9.0 adds the ability to configure the number of IPIC sessions requested when CICS TG is negotiating with CICS. In previous versions, local mode applications would always request 100 sessions, limiting the maximum size of an IPIC workload. CICS TG V9.0 overcomes this limit by adding a new connection factory property for the CICS TG resource adapter and a new protocol property for Java base class applications, allowing the number of IPIC sessions to be configured in all environments. This allows two-tier CICS TG topologies to process larger IPIC workloads than ever before.

Customers using CICS TG for z/OS and who are migrating from EXCI to IPIC can now take ad-vantage of a per-connection ECI timeout configured within the Gateway daemon. This provides a similar timeout capability to that provided by the EXCI options table, DFHXCOPT, but with the added ability to configure different IPIC connections with different timeout values. This lets the sys-tem administrator protect against applications that specify no ECI timeout, or a timeout that’s too large. The ECI timeout value configured on the IPIC connection overrides any timeout value speci-fied in the request. The configurable ECI timeout feature is available in all CICS Transaction Gateway products.

Security

Building on previous releases, security is a major focus in CICS TG V9.0, which allows end-to-end security to be employed in more topologies than ever before.

First, CICS TG V9.0 allows IPIC connections to be configured to use Secure Sockets Layer (SSL) protocols in three-tier topologies. Previous versions of CICS TG only supported IPIC connections with SSL in two-tier topologies. In three-tier topologies, CICS TG already supported secure con-nectivity between the client application and the Gateway daemon, and this enhancement extends secure connectivity from the Gateway daemon to CICS. Therefore, it’s now possible to configure end-to-end connection security in three-tier topologies when using Java Connector Architecture (JCA) applications, Java base class applications and .NET Framework applications. For JCA ap-plications hosted within WebSphere Application Server, this also allows identity propagation to be employed in three-tier topologies where CICS TG isn’t in the same sysplex as CICS.

3 Pages