Course Objective This material is for anyone that is new to z/TPF or is looking for a refresher about z/TPF. This is a technical course that primarily focuses on topics from a system point of view. This course will generally cover most aspects of z/TPF and it’s environment. Some topics will be covered in more detail. General background in Computer Science is needed to understand the general computing concepts discussed in the material. 1 © 2013 IBM Corporation TPF Agenda 1. History Hardware Software Supporting Systems System Characteristics System Configuration System Behavior Database Communications Security Console and Monitoring 2 System Characteristics Entry Control Block Message Processing Message Flow 4 3 5 Database Middleware Security Data Organization MQ Build Environment Layout & Details Web Services MakeTPF / BuildTPF Traditional z/TPF Business Events Development z/TPFDF WODM z/TPF Toolkit Memory Configurations Globals Ported Software z/TPF Debugger Dispatching/CPU Loop File Systems Troubleshooting Documentation Main Storage General Data Sets Console Messages InfoCenter Program Linkage z/TPFAR Dumps RedBooks Loader Utilities Functional Displays Support System Tables Performance/Tuning SR Tool (PMR’s) Communications Data Collection developerWorks Console Data Reduction TPF Users Group Network Tivoli EndPoint Manager SNA TCP/IP 2 © 2013 IBM Corporation z/TPF Detailed Summary - Basic Overview History Hardware Software Supporting Systems System Characteristics System Configuration System Behavior Database Communications Security Console and Monitoring 3 © 2013 IBM Corporation History Airlines Control Program (ACP) – 60’s, 70s: ACP consolidated from several individual efforts – IBM also consolidated the application package which became known as PARS and International PARS (IPARS) Transaction Processing Facility (TPF) – 70s, 80s: TPF 1 and subsequent versions came after IBM had to unbundle (sell separately) operating systems and HW – 90s: TPF 4.1, virtual addressing, C/C++ support and more – Multiple CPU support z/Transaction Processing Facility (z/TPF) – 2005: z/TPF 1.1 Introduced • 64 bit, open development 4 © 2013 IBM Corporation History – Compare and Contrast 5 © 2013 IBM Corporation Mainframe Operating System Heritage OS/360 -> OS/VS -> MVS/SP -> MVS/XA -> MVS/ESA -> OS/390 -> z/OS – z/OS is IBM’s premier zSeries operating system, is a highly secure, scalable, highperformance enterprise operating system on which to build and deploy traditional and Java-enabled applications, providing a comprehensive and diverse application execution environment. DOS/360 -> DOS/VS -> VSE/SP -> VSE/ESA -> z/VSE – VSE enables proven, robust, and cost-effective solutions. VSE provides sturdy batch and industrial strength on-line transaction processing (CICS) capabilities. VSE can fit comfortably into a legacy of thrifty, dependable VSE solutions. ACP -> TPF-> z/TPF – TPF is the platform driving the business-critical systems for many of IBM's largest and most sophisticated users of online transaction processing - airlines, railroads, hotels, financial services, government, credit card and banking industries. CP/67 -> VM/370 -> VM/SP -> VM/XA -> VM/ESA -> z/VM – z/VM provides a highly flexible test and production environment for enterprises deploying the latest e-business solutions. z/VM helps enterprises meet their growing demands for multi-user server solutions with support for a broad range of operating systems. Linux on System z – IBM decided to support Linux in 2000. 6 © 2013 IBM Corporation z/TPF Detailed Summary – Basic Overview History Hardware Software Supporting Systems System Characteristics System Configuration System Behavior Database Communications Security Console and Monitoring 7 © 2013 IBM Corporation Hardware - Needed to run z/TPF System z Server Console to access the system Storage Devices –Disk (DASD) –Tape Drives and Tapes Communication Card –Open Systems Adapter (OSA) 8 © 2013 IBM Corporation Hardware – System Z OS’s supported –z/OS –z/VM –z/Linux –z/VSE –z/TPF Blade Center Extension z/BX Power and X –AIX –Windows –Linux Source: If applicable, describe source origin 9 © 2013 IBM Corporation IBM Presentation Template Full Version Hardware – System Z (continued) Capacity – up to 101 Engines – z/TPF up to 99 Engines – 3TB memory per server Connectivity - Channels FICON/ESCON – Disk, Tapes, Console Cards – OSA, Crypto RAS Reliability Availability Serviceability Source: If applicable, describe source origin 1 © 2013 IBM Corporation 1 SE SE AIX AIX AIX AIX AIXAIX AIX AIX AIX AIX AIX AIXAIX AIX AIX AIX AIX AIXAIX AIX AIX xHyp xHyp xHyp xHyp xHyp pHyp pHyp pHyp pHyp pHyp pHyp pHyp Z CPU, Memory and IO z Blade Extension z Blade Extension Cell DWA Data Power DWA Linux x86 ISS ISS DP DP Cell Linux Linux Linux Linux Linux Linux Windows Linux Linux Linux Linux Linux Linux Linux Linux PR/SM zHypervisors Linux Linux zOS Virtual Machine Machine Virtual z/TPF zOS Virtual Machine Virtual Machine zOS Virtual Machine zOS HMC (with Unified Resource Management) Hardware – Diagram of System Z usage Workload Resource Groups: SLA Mgmt and Reporting Power AMM AMM AMM z Blade Extension © 2013 IBM Corporation Hardware – Console TPF Operation Server Provides: •Console Access •Automation •Monitoring •WinTel Hardware •Windows OS 1 © 2013 IBM Corporation z/TPF Detailed Summary - Basic Overview History Hardware Software Supporting Systems System Characteristics System Configuration System Behavior Database Communications Security Console and Monitoring 1 © 2013 IBM Corporation Software z/TPF is an Operating System Runs exclusively on IBM System z hardware High Performance, eXtreme Transaction Processing (XTP) Dynamic, Large Centralized System Remote Users accessing Shared Information Attributes – Speed • Efficient processing of transactions – Reliability • Hardware and Software provide minimal downtime – Availability • 24x7x365 – Scalability • 99 I-Streams in each server • 32 way loosely coupled servers • Choose your combination 1 © 2013 IBM Corporation Software – What z/TPF Provides z/TPF Operating System – Directly controls the management of the hardware resources assigned to the central processing complex (CPC) – Provides system services • Macros and Functions • Interfaces for Applications via API’s – Interfaces with Communication Networks, Disk, Tape, Console, and other attached devices – Data Collections provide overall utilization and performance Image – http://en.wikipedia.org/wiki/File:Operating_system_placement.svg 1 © 2013 IBM Corporation Software – z/TPF Highlights Efficient use of resources, such as main storage and file storage Short path lengths for critical system services, such as direct access storage device (DASD) input/output (I/O) Short Existence Time for messages/transactions – < .3 seconds Fast Restart and Recovery – 30 seconds to 2 minutes Entry Protection – each entry only knows about it’s resources Open-ended capacity growth, such as clustering as many as 32 multiprocessor Enterprise Systems Architecture (ESA) configurations with only a minimal increase in system overhead Expandable database capacity by the addition of direct access storage devices (DASD) Database integrity and online database maintenance capability. Reentrant code … i.e. sharable 1 © 2013 IBM Corporation Software – Control Program Also Known As: Control Program, CP, Kernel, CPS0 About 3.5 Meg in size Memory Memory Resident Written in Assembler Dispatch Control (CPU LOOP) aka dispatcher Channel Programs/Drivers – Efficient – Hardware Specific Memory/Storage Management Linkage – CSECTS linked together make up CPS0 – Built as part of System Initialization (SIP) Most of the Source Code is Available for Modifications Control Program User Exits More details in System Characteristics part of course 1 © 2013 IBM Corporation Software – Shared Objects / Programs Note: Core resident = Memory resident Memory Disk/DASD Core Resident Program Area Any software that is not part of the CP is a Shared Object (SO) that can be preloaded in memory or loaded when initially called for use. Control Program SO’s are written in: – Assembler – C/C++ SO’s can be z/TPF System Software or Application Software 1 © 2013 IBM Corporation Software – Middleware Layer Provides z/TPF services for applications. Includes communications, database managers, transaction services, API’s, etc For example – z/TPF supports –MQ (Turbo) and Client –Web Services:XML, SOAP,WS-Security –Mail Server –HTTP Server and Client –TPFDF –Tivoli Endpoint Manager –WebSphere Operational Decision Management (WDOM) –Business Events –Transaction Services –Ported services: Apache, OpenLDAP, MySQL, OpenSSL, zlib 1 © 2013 IBM Corporation Software – Application Layer z/TPF applications are customized and maintained by the customer –Pros • Unique applications to the industry • Customer controls features and functions • Customization provides specific functionality compared to of-the-shelf Application –Cons • Maintenance • Adding Feature/Functions • Available Subject Matter Experts z/TPF provides standardized system services, middleware, and application frameworks to modernize established applications as well as create new applications. Applications can be written in languages: –Assembler, C, C++ 2 © 2013 IBM Corporation Software - z/TPF Directory Structure of Software /ztpf d o m l_ ca /lo se /ba se /ba po /h /tpfdf rce u so n pe /o /bss po /h /tpfdf d e p ip h S ls o /tpfto x u /lin 0 9 s3 /o t n e d n e p e tionD ra u fig on C rce ou nS e p O rce ou dS e p ip h dS ifie od rM e stom u C 2 © 2013 IBM Corporation IBM Presentation Template Full Version Software – Comparing z/TPF to other Transaction OS’s Most other Transaction Processing models run on top of an operating system ===> are not as efficient as a native operating system like z/TPF Memory Based solutions Transactional speed achieved by in-memory tables – Capturing changes to memory database is problematic Distributed Based solutions – Transactional speed achieved by multiple images/servers • Syncing the distributed database is inefficient Heavy-weight vs Light-weight process model – z/TPF processes run on a CP or Kernel level compared to processes run on an application level. • This minimizes instruction length of processes 2 © 2013 IBM Corporation z/TPF Detailed Summary - Basic Overview History Hardware Software Supporting Systems System Characteristics System Configuration System Behavior Database Communications Security Console and Monitoring 2 © 2013 IBM Corporation Software - Supporting Systems z/TPF depends on other systems to: -build the z/TPF configuration, -build z/TPF software, -run off-line batch jobs, -connect primary console, and -provide tools for testing, performance and debugging. 2 z/OS – Format DASD Environment – Create System Initialization Environment – Run batch oriented tasks e.g analysis – Access to General Data Sets z/Linux – Used to build z/TPF object code – Create Loader components – Other Utilities © 2013 IBM Corporation Software - Supporting Systems (cont) z/TPF depends on other systems to: -build the z/TPF configuration, -build z/TPF software, -run off-line batch jobs, -connect primary console, and -provide tools for testing, performance and debugging. 2 VM – Can be used as main operating system with z/TPF as a guest TPF Toolkit (Eclipse based) – Recommended Integrated Development Environment TPF Operation System (PC based) – Recommended Operational Console Management environment Tivoli EndPoint Manager – Recommended continuous data collection environment © 2013 IBM Corporation Software - z/TPF still uses z/OS for… Assemble, compile, link of all z/OS offline programs – DASD Formatter – Data Reduction – Dump Post Processor – And others… Loading Software – Loader General File (LGF) – Via GDS, TAPE/VTAPE, VRDR Requirements – IBM z/OS Version 1 Release 3, or later release – High Level Assembler (HLASM) Release 5 or later – IBM Enterprise PL/I for z/OS Version 3 Release 3, or later release – GNU Make (3.79.1) * For current versions refer to “Required z/OS Software” in latest z/TPF documentation 2 © 2013 IBM Corporation Software - z/TPF uses Linux for… Building Software – Linux utility programs – SIP deck assembly (System configuration macros) – Face table generation (File format) – Assemble, compile, link of all online programs – Assemble, compile, link of all Linux offline programs Build Software Modules for Installation – BuildTPF, LoadTPF Load Software – OLDR loads (via FTP) to z/TPF Access to source code – Source Contol Manager (SCM) integration – Hosts source code for z/OS and Windows – Editing of source code Running Utilities, Editing, Troubleshooting, Etc For current versions refer to “Required Linux Software” in latest z/TPF documentation 2 © 2013 IBM Corporation Software - z/TPF still uses VM for… Ease of Use –Configuration changes –Virtual Tape Drives Multiple Images of z/TPF for testing –Can create smaller test systems CMS PER Trace (Event recording) VTAPE (Virtual tapes) VPARS (Share a TPF image on mult VMs for testing) 2 © 2013 IBM Corporation Software - z/TPF still uses TPF Toolkit for.. Integrated Development Environment(IDE) Debugger Performance Analyzer Interface to Source Control Manager (SCM) 2 © 2013 IBM Corporation Software - z/TPF still uses Tivoli Endpoint Management Continuous Data Collection Integration with Enterprise Monitoring 3 © 2013 IBM Corporation Software - z/TPF still uses TPF Operations Server for… Console Access Automation Logging of output Interface to other Enterprise systems 3 © 2013 IBM Corporation Software – Diagram of Supporting Systems BuildEnvironment: What'sit looklike? Extract Linuxfor zSeries z/OS® offline support programs e-type loader HFS 3 FTP Loadsets ® z/VM and z/TPF Check-in Check-out Network Access offline executables source control system buildtools sourcefiles online executables Rexec Workstation Network Access © 2013 IBM Corporation IBM Presentation Template Full Version z/TPF Detailed Summary - Basic Overview History Hardware Software Supporting Systems System Characteristics System Configuration System Behavior Database Communications Security Console and Monitoring Source: If applicable, describe source origin 3 © 2013 IBM Corporation z/TPF Security Features System Characteristics - Entry Control Block (ECB) “Start a Process” Input Message Control Program Entry Control Block (ECB) “End a Process” Output Message “Interacts with..” Shared Object(s) Shared Object(s) CPU(s) “Interacts with..” Memory/Disk 3 © 2013 IBM Corporation IBM Presentation Template Full Version System Characteristics – Application Transaction A message is a component of a transaction in z/TPF. - The number of messages to complete a transaction depends upon the application design The time required is dependent upon the speed of the end user and the complexity of the transaction. z/TPF is designed on the assumption that each end user message require only small amounts of CPU processing. A transaction consists of one or more messages. Example of a transaction – A13JULSLCJFK7P • Availability entry requesting flights from Salt Lake City to New York beginning at 1900 on July 13th – N1Y2 • Need one seat in Coach Class from the display which is on line 2 – -lastname/firstname Source: If applicable, describe source origin 3 © 2013 IBM Corporation IBM Presentation Template Full Version System Characteristics – Application Transaction Examples An example of a transaction – A13JULSLCJFK7P • Availability entry requesting flights from Salt Lake City to New York beginning at 1900(7PM) on July 13th – N1Y2 • Need one seat in Coach Class from the display which is on line 2 – -lastname/firstname An example of Web Service Transaction – XML Request Source: If applicable, describe source origin 3 © 2013 IBM Corporation System Characteristics - Main Supervisor (Control Program) The principal functions performed by the main supervisor are: – Work scheduling – dispatching • Priority List scheme: Ready, Input, Defer, suspend lists (queues) • Dispatch all tasks on the list before move to the next list – I/O interface • No ‘access method’, channel program is integrated into system support – Virtual address space memory management • EVA (Primary address space) or (ECB Virtual Address) vs. SVA (Home address space) or (System Virtual Address) – Storage management – Interrupt processing • I/O, SVC, Program, External, – Keypointing (aka checkpointing) • Save system status in case of restart because of a hardware or software malfunction. In other operating systems, this usually is called 3 © 2013 IBM Corporation System Characteristics - Memory Fencing of Data – An ECB’s memory is not addressable by another ECB • This includes memory requested by the application – Some memory can be shared via: • Global memory • Common Virtual Memory – Memory get backed with real memory when needed – System Virtual Memory (SVM) – ECB Virtual Memory (EVM) Protection keys • Applications cannot write to system memory without special access - restricted macros and API’s 3 © 2013 IBM Corporation Memory Layout EVM vs SVM 0 Common Virtual Addresses Prefix Area Control Program 16MB IPLB/CCIO/Keypoints/CIMR 31-bit System Tables SVA Differences EVA Differences 31-bit User Areas* 31-bit CRPA* -----Copy-on-Write Common Blocks IOBs ECB Private Area SWBs Thread Stack Area* ECBs Application/ECB Stack Area* 4K Frames Pre-allocated ECB Stack 31-bit System Heap* 2GB 4GB 64 bit CRPA (PJ37995) Pre-allocated 31-bit ECB Heap 31-bit ECB Heap* Region/Segment/Page Tables 64-bit System Tables TCP/IP Areas* 64-bit User Areas* 64-bit CRPA* 1MB Frames -----Copy-on-Write 64-bit ECB Heap* System Heap Control* 64-bit System Heap* Highest SVA 3 VFA © 2013 IBM Corporation z/TPF Characteristics - Disk Data defined as modules Data is spread out across modules – A database is spread out over multiple modules to minimize highly accessed data (avoid “hot” spots" Modules duplicated logically in modules and physically on hardware – Prime – Dupes Data reads from quickest path available Data writes duplicated Virtual File Access (VFA) – Data reads in memory for faster access – Data writes in memory and physical file (write thru) – Highly accessed data stays in memory – Low utilized data bubbles out of memory 4 © 2013 IBM Corporation z/TPF Characteristics - Tape Tapes defined as individual devices that are accessible via Tape API’s Primary and Alternates defined – If a tape becomes full will switch to Alternate – If z/TPF cannot write to a tape it tries on the Alternate Application and System Errors are written to tape – Data can be post processed to produce a dump report Dump Buffer Area – A defined area in memory to quickly write out the error so that the snap shot time is minimized 4 © 2013 IBM Corporation z/TPF Characteristics – Loading Software New software is loaded to z/TPF using: –General File Loader –E-type Loader –Image Loader –Data Loader z/TPF has the ability to introduce new real-time software while running transactions –ZOLDR Functional Message –Activation number –Software bundled in loadsets • Activated/Deactivated • Accepted/Deleted 4 © 2013 IBM Corporation z/TPF Detailed Summary - Basic Overview History Hardware Software Supporting Systems System Characteristics System Configuration System Behavior Database Communications Security Console and Monitoring 4 © 2013 IBM Corporation System Configurations Uni Configuration – Single CPU Tightly Coupled Configuration – Multiple CPU’s (Instruction Streams) Sharing Memory – Single Copy TPF Executing Concurrently Loosely Coupled Configuration – Two or more CPC sharing a common set of DASD (Database) and using an external lock facility (XLF) to synchronize multiple access to the DASD records. – Each CPC can be Tightly Coupled or in uni-processor mode – Each CPC runs a copy of TPF concurrently 4 © 2013 IBM Corporation System Configuration - Uni Environment Network System Z LPAR Only one I-stream used in Uni system Up to 99 I-Streams DASD Online Programs Control Program z/TPF 4 © 2013 IBM Corporation System Configuration - Tightly Coupled Network System Z LPAR Up to 99 I-Streams DASD Online Programs Control Program z/TPF 4 © 2013 IBM Corporation System Configuration - Loosely Coupled Environment Network System Z LPAR System Z LPAR Up to 99 I-Streams Online Programs 4 Up to 99 I-Streams DASD Online Programs Control Program Control Program z/TPF z/TPF © 2013 IBM Corporation z/TPF Detailed Summary - Basic Overview History Hardware Software Supporting Systems System Characteristics System Configuration System Behavior Database Communications Security Console and Monitoring 4 © 2013 IBM Corporation System Behavior - Initial Program Load (IPL) Initial IPL - IPL From Loader General File (LGF) – The Loader General File is a disk module >contains programs and keypoints >used to initialize a system. >sequential collection of records >created offline under z/OS control. 4 © 2013 IBM Corporation System Behavior - Initial Program Load (IPL) – The TPF system is loaded to the online system in 2 steps: 1. The online keypoints, the file resident and main storage resident program segments: are loaded to the loader general file by the system loader offline (ALDR). 1. They are then loaded from the loader general file to the online files by IPLing the loader general file. (ACPL) – The TPF system is started by IPLing the prime (or backup) online system pack. 5 © 2013 IBM Corporation System Behavior - Restart IPL Any IPL After Initial IPL Hard IPL –Initiated from the HMC (Hardware Console) –Operator is given the opportunity to select a TPF image (a composite of control program and applications) –It is disruptive – users will be affected. Soft IPL –Initiated by ZRIPL or –Automatic Recovery After Failure (catastrophic error) • Preserves Previous State • Attempts 3 times within 5 minutes ZRIPL for test systems. Check about usage in production environment???? 5 © 2013 IBM Corporation System Behavior - IPL Actions Whenever you restart the control program –an initial copy of the control program is loaded from file to main storage –the keypoint records are then loaded from the IPL file and are used to initialize various fields and tables in main storage –all working memory is initialized with all main memory blocks on the uncommitted memory lists –during initialization, a check is performed to determine whether a dump tape is mounted and ready. If one is not mounted, you are notified and no more action occurs until the you mount a tape. When initialization is completed, the following message is displayed on the system console: CVRN0004I hh.mm.ss RESTART COMPLETED- 1052 STATE 5 © 2013 IBM Corporation System Behavior - System States z/TPF has different states that can restrict or limit certain activity 1052 State- Commands only accepted from the system console or 3270 local UTIL State- Commands only from valid CRAS terminals CRAS State- All terminals, are allowed to log on to the z/TPF system applications. However, non-CRAS authorized terminals have their application access restricted Message Switching State-All lines are active. The only high-speed messages accepted in the system are messages with a primary action code of Y, Z, or O. NORMal State- NORM state allows you to start all system and application functions. All entries are allowed. 5 © 2013 IBM Corporation System Behavior - Errors that TPF handles Hardware malfunctions that are overcome by retrying the I/O operation. – Error statistics are recorded An error detected by the system from which the programs related to an ECB may be able to recover. – program regains control (for example, a record identification check). An error detected by the system from which the Entry cannot recover. – The ECB is forced to exit An error detected by the system that makes continued operation of the system inadvisable. This is called a catastrophic error. – The system may needs to be restart. 5 © 2013 IBM Corporation System Behavior - Types of Dumps SNAP Dump SERRC Dump – Application Dump – System Dump Dumps are written to tape – RTA/RTL 5 © 2013 IBM Corporation z/TPF Detailed Summary - Basic Overview History Hardware Software Supporting Systems System Characteristics System Configuration System Behavior Database Communications Security Console and Monitoring 5 © 2013 IBM Corporation Physical Database – Direct Access Storage Device (DASD) IBM Physical disk Drives Prime Modules and Duplicate of Prime Modules –Read from least busy –Write to both Prime and Dupe –System can survive with one module, either prime or dupe –Prime and Dupe never on same Control Unit • Prevents bottlenecks • Prevents single point of failure DASD limit is 40,000 logical volumes, and up to 65520 cylinder in each volume –65520 cylinders/mod * 15 tracks/cylinder * 12 4K records/track * 4095 bytes/record = 48.2 GB per module –48.2 GB * 19,999 module (prime + dup) = 962 TB 5 © 2013 IBM Corporation z/TPF Databases Storage Based i.e. disks Memory Based Globals Fixed File Pool TPFDF TPFCS File Systems –TFS –FFS –PFS –MFS 5 © 2013 IBM Corporation z/TPF Database Maintenance Resources given back by application – appl code releases Resources given back when an Entry exits – entry exits Recoup – Pool storage –Garbage Collection –Usually run weekly –Short Term and Long Term addresses returned to the system Capture and Restore - return to point in time- then add changes (play log) –z/TPF has package –Most DASD has external functionality to capture a “point in time” –Exception recording on tapes used for time gap Online Database Reorganization 5 © 2013 IBM Corporation z/TPF Detailed Summary - Basic Overview History Hardware Software Supporting Systems System Characteristics System Configuration System Behavior Database Communications Console and Monitoring 6 © 2013 IBM Corporation z/TPF Communications - Overview Communications that z/TPF Supports 3215 / 3270 –OSA Integrated Console Controller (OSA-ICC) –Used for console support for TPF Operations Server (TOS) –Also can be attached via ESCON and Controller Unit (Vendor) System Network Architecture (SNA) –3745 Network Control Program –Channel to Channel (CTC) TCP/IP –Via OSA Express Card Others - e.g. industry protocols (AirInc) 6 © 2013 IBM Corporation z/TPF Communications – TCP/IP Diagram 6 © 2013 IBM Corporation z/TPF Communications - Internet Daemon Internet Daemon Model – Similar to other platforms like Unix and Linux – A ‘listener’ is started to accept TCP/IP requests coming from a specific port address and IP address – Long running process – A ‘monitor’ also runs validating that ‘listeners’ are running and for error recovery 6 © 2013 IBM Corporation z/TPF Communications - Example of Internet Daemon – specific IP addresses&Ports----or any port 6 © 2013 IBM Corporation z/TPF Communications – Socket Based API Standard Socket API’s –Bridge TCP/IP protocol layer to the Application layer 6 © 2013 IBM Corporation z/TPF Detailed Summary - Basic Overview History Hardware Software Supporting Systems System Characteristics System Configuration System Behavior Database Communications Security Console and Monitoring 6 © 2013 IBM Corporation Security – z/TPF Basics Hardware Support –Cryptographic Cards on Server and CPACF - (encryption hardware assist) –TPF Operations Server Software Support –OpenSSL –Non Displayable Memory Datacenter Access Minimum User Access Within the Enterprise 6 © 2013 IBM Corporation Security - OS Common Problems Everyone is concerned about sensitive and confidential information being generally available or exposed due to a security hole Security Breaches – SpyWare • Can this run on z/TPF? – Unauthorized access • Can an unauthorized user get into z/TPF? • If so – what can be done? – Authorized exploitation • User has access but can exploit other information – Open TCP/IP Ports • Only ports actively listened for can be accessed Buffer Overflow – z/TPF ‘fences’ process space • EVM vs SVM Denial of Service Requests • Disable access by overloading communication to OS • Refer to TPFUG presentation 6 © 2013 IBM Corporation z/TPF Detailed Summary - Basic Overview History Hardware Software Supporting Systems System Characteristics System Configuration System Behavior Database Communications Security Console and Monitoring 6 © 2013 IBM Corporation Consoles 7 Operator Consoles have access to administer the z/TPF system Hardware consoles can administer control of hardware functions – Hardware IPL – Changing Hardware settings Software consoles can administer the z/TPF OS via functional messages – Available via TPF Operations Server (TOS) – CRAS terminal - Computer Room Agent Set (travel agent) – Prime CRAS – entries can be restricted to a specific terminal or Prime Terminal which has special authority to specific commands – RO CRAS – read only version of CRAS – Functional Console Support - CRAS terminals designated to receive messages related to a specific function; sometimes called a functional CRAS console. For example, all TAPE related messages can be routed to a TAPE Functional Console. – Remote Console Support – CRAS terminals designated to operate the TPF system from a remote location. Useful for Disaster Recovery. © 2013 IBM Corporation The z/TPF Console Log The z/TPF Console Log reports ongoing system activity Output sent to System Operator – Prime Computer Room Agent Set (Prime CRAS) z/TPF System documented Messages – Output categorized by a header that can be referenced • Available in the Messages section in the TPF documentation z/TPF Applications – User applications usually report status, start/end, etc by sending output to Prime CRAS Example: IPLB0045I IPLB0044I TPF CPU ID B OPERATION TO BE CONTINUED ON_ PROCESSOR FF02153F MODEL 2094 CPA 0000 + TPF CPU ID B COUPLING PROCEEDING ON _ PROCESSOR FF02153F MODEL 2094 CPA 0000+ Console log saved using TOS functionality (TOS = TPF operations server) – Ability to send to another environment (for example, VM) – Ability to access via TOS 7 © 2013 IBM Corporation z/TPF Basic Overview – Terms and Definitions TPF is short for Transaction Processing Facility XTP is short for eXtreme Transaction Processing Control Program refers to CP or Kernel Logical Partition is also known as LPAR OS is short for Operating System Direct Access Storage Device is also known as DASD A Transaction consists of one or more messages 7 © 2013 IBM Corporation