Oct 23 ’12
z/OSMF Simplifies System Management
The IBM z/OS Management Facility (z/OSMF) is quickly gaining acceptance globally across all industries by companies of all sizes; now in its third release, it delivers on IBM’s mainframe simplification strategy, easing system management tasks for new and experienced systems programmers. The latest version of z/OSMF, which comes with z/OS V1R13, offers significant enhancements and functions (see Figure 1).
The Software Deployment function lets you clone any System Modification Program/Extended (SMP/E)-installed software (including additional non-SMP/E files or data sets) whether it’s an IBM product or not. You can clone the software within the system or sysplex with shared DASD (also called local deployment) or across the sysplexes in an enterprise (also referred to as remote deployment). This capability reduces the complexity of software cloning.
With the z/OSMF Software Deployment task, IBM has provided a codified solution based on best practices that will bring rigor and discipline to the practice of rolling out software on z/OS while also making it easier. It will ensure that all artifacts of the software instance are copied instead of just selected parts; this can reduce problems in the future.
You can adopt this new function gradually, starting with mainframe products that lack appropriate rigor, then move on to service levels, the whole system, and the operating system. This will help your site avoid having to continuously manage the software deployment process.
The Software Deployment function provides a checklist approach with embedded wizards to guide you through the process, starting with selecting or defining the software to be deployed (see Figure 2). The software to be deployed, called a software instance, may contain one or more products based on what you want to manage and deploy as a single entity.
The deployment process allows for identifying missing required PTF service on instances that will share resources with the deployed software in the sysplex and also across sysplexes. Without the z/OSMF Software Deployment function, there’s no method to identify missing required PTF service across different sysplexes in a single action. You must manually generate and compare the software service reports on each sysplex to determine what’s missing. Furthermore, by ensuring all required PTFs are installed, future problems, including a possible system outage, can be avoided. z/OSMF Software Deployment can identify fixes and functions on a prior software level that will be regressed after a deployment operation. It can also identify required HOLD actions that must be reviewed prior to a deployment operation.
Generated reports. The reports generated at the conclusion of the checklist summarize all the planned updates on the target system before any actual updates are made to the target system. The reports can be saved for a later audit or used for problem determination if needed.
Granular authorization. A key software management enhancement in z/OSMF 1.13 with APAR PM40764 is Granular Authorization, which lets security administrators control users' access to certain functions or objects by defining specific System Authorization Facility (SAF) profiles. For example, a DB2 administrator can be authorized to add and modify software instances and deployments for DB2 software only, and a z/OS administrator may be allowed to only work with z/OS and not DB2. The default is that all authorized z/OSMF users will have access to all software instances and deployments.
Web Access to ISPF
The new release of z/OSMF delivers a browser-based interface to the traditional ISPF under the z/OS classic interface category. It’s similar to the ISPF that z/OS systems programmers know and love; the changes provide access to ISPF from a browser anytime, from any place, with no 3270 emulator required. Also, there’s some color instead of the “green screen,” and fields can be coded to be mouse-clickable. A unique new feature is the way the split-screen function has been implemented. z/OSMF ISPF allows horizontal and vertical splits, so you can have up to four panes that can be individually sized and have a maximum of eight ISPF tabs open simultaneously (see Figure 3). It also supports up to 10 concurrent login sessions by the same userid from different browser sessions and a Time Sharing Option (TSO) session. Of course, this requires enabling ISPF profile sharing for the enterprise (see the z/OSMF Configuration Guide for details).
An overwhelming value of enabling ISPF for the Web is that it allows for easy exploitation of the new z/OSMF application linking function. This lets you launch an ISPF application from any other Web application, which can be another z/OSMF task or another IBM or non-IBM application.
The Application Linking capability supports linking and launching, with or without context, from a z/OSMF task or an external Web application (IBM or non-IBM) to another z/OSMF task or external Web application. IBM has provided Representational State Transfer Application Program Interfaces (RESTful APIs) to enable application linking and a Graphical User Interface (GUI) in z/OSMF under the administration category. This lets you define events as well as handlers for the events. z/OSMF has exploited this function in the current z/OSMF 1.13 release in its Incident Log task under the Problem Determination category.
The Incident Log
With a single mouse click, the Incident Log provides a consolidated view of all the system abnormal ending (abend) problems across the sysplex, for IBM or non-IBM products and components that produce such diagnostic data (see Figure 4). The system will also capture and manage log snapshots as first failure data capture at time of error and logically attach this to the incident. Users don’t need to manually search and extract log data for further diagnostics.
The Incident Log task lets you send diagnostic data using a wizard that reduces the overall time required from about 30 minutes per problem to about 30 seconds, and requires no deep system skills. Furthermore, you can attach and send additional diagnostic data that the service team may require. You can send data easily for any product on your z/OS system.
Some organizations have started using the Incident Log as their main interface to File Transfer Protocol (FTP) data since the wizard will create all the required Job Control Language (JCL) as well as compress/terse the data as needed.
Multiple users can log into the same z/OSMF instance and look at the same information simultaneously. So, when a problem does occur, it’s ideal for triage, especially for any problems that span components or products. Without these new features, users must look at logs, find the dumps, and apply Interactive Program Control System (IPCS) skills to access the dumps. There’s also no easy way to get one view of all the problems across the sysplex with great filtering and sorting options.
The Incident Log task provides details about an incident at a glance, such as the product name, component id, problem symptom string, date/time of error, system and release, etc. With a single click, you can launch directly into ISPF browse within the log snapshot data set. After sending the diagnostic data, you can view the status of FTP jobs by launching directly into the System Display and Search Facility (SDSF) or an equivalent product, after a one-time setup of the handler via the application linking manager. This minimizes the number of steps you must perform each time and provides an overall seamless experience.
Workload Manager offers an easy-to-use interface to manage workload management policies for the sysplex that supports creating, editing, printing, installing, and activating policies. Best practice checks are built in. Recent enhancements include granular authorization for the different actions that can be performed with a policy (i.e., view, edit, update, and install).
With this feature, a broader group of people, including managers, can view and even understand policies and how workload is being managed, while only a subset can actually update, install, or activate it. Workload Manager is easy to navigate and offers table-driven views and built-in best practices; it can significantly reduce the overall time needed to work with policies (i.e., minutes vs. hours).
The process to optimize the service definition based on best practices using the existing ISPF application used to be cumbersome and time-consuming. In contrast, when using the z/OSMF function, all you have to do is check the best-practice hints the GUI displays for policy elements, and modify the policy elements as needed. With the robust filtering and sorting capabilities, this takes minutes, or at most, a few hours, when done initially. Customized views can be saved for each user. The print feature allows for filtered previews and report-like outputs; the export/import functions support data sets as well as workstation files. You also can access a history of every action performed on the service definitions.
As the team transitions to using the z/OSMF WLM function, there may be a time when the ISPF and z/OSMF application for Workload Manager are both being used in parallel, and that’s fine. You just need to decide whether the master service definitions should reside in the host sequential data sets, or the z/OSMF repository. Then the appropriate exports/imports can occur with proper naming conventions. The application will manage all the serialization and prevent any mistakes or overlays.
Customers who use IBM’s Resource Monitoring Facility (RMF), especially the RMF Monitor III function, can configure and use the resource monitoring tasks in z/OSMF and instantly see the impact of the Workload Manager policy in effect. From one view in the System Status task, they can view the overall performance index and see whether the important workloads are meeting their goals. While some metrics and dashboards have been pre-defined for z/OS, it’s easy to define additional dashboards and even mix Linux, AIX, and z/OS metrics in one view. When additional dashboards are defined, these can only be viewed and accessed by the user who has defined it. If the user wants to share the dashboard among the team, they can open it in a new browser tab and then save the URL for the dashboard as a link in the z/OSMF navigation, giving it the right authorization for the role and users who can access it. With z/OSMF designed for role-based authorization that extends even to individual links, this is a useful function.
Capacity Provisioning Manager Support
z/OSMF now provides a new function for working with the Capacity Provisioning Manager (CPM) on the z/OS system that manages temporary capacity on demand. It provides support for managing the connections to different CPMs, as well as viewing the domain configurations, status of CPCs and z/OS systems, and active policies. It’s likely that more of the management function will be available in the future.
z/OSMF has always provided network configuration functions. The Configuration Assistant is a GUI application for setting TCP/IP policy-based networking functions for some of the technologies for z/OS Communication Server policy agents such as IPSEC, AT-TLS, etc. Today, handling common network configuration process tasks can take many hours or even days for initial setup. With Configuration Assistant for Communication Server in z/OSMF, everything is simpler. You need only go to the IP security perspective, add a connectivity rule for an IP filter, and use application setup tasks to assist with the configuration and setup of the required applications. The Configuration Assistant will help you deploy the configuration files to your z/OS system in about 30 minutes.
In addition to the RESTful APIs for application linking, z/OSMF is also hosting new RESTful APIs for managing jobs on z/OS. This feature also supports the batch modernization initiative for the platform. Instead of relying on FTP transfers, this new function uses a Web 2.0 RESTful interface to submit jobs, get job output or status, or cancel jobs.
z/OSMF supports and builds upon the z/OS security with role-based, application-level authorization support. Besides supporting granular authorization in individual tasks, z/OSMF also added support for defining custom roles in this latest release via the SAF mode support.
z/OSMF has a broad set of functions to help the z/OS systems programmer be more productive, ranging from problem data management to configuration and software management. It’s designed to reduce the learning curve for newer systems programmers and help make life easier for experienced systems programmers. The Web-based GUI interface makes it more user-friendly and there’s also excellent online help for every function and feature. For more information, visit the z/OSMF Website at http://www-03.ibm.com/systems/z/os/zos/zosmf/.