Overview
This new, four-day course is the second part of the definitive z/OS Communications Server training programme. This course explains in detail how TCP/IP works in a z/OS environment. Installation, profile definition and implementation are all taught in depth. All versions of TCP/IP for z/OS are covered, along with all the servers. Additionally, all the essential and important configuration options are explained and examples are provided.
Extensive hands-on practical sessions, in which each student has their own system to work on, form the central part of the course. These sessions make up approximately 30% of the whole course. Each segment of the course also contains extensive review questions/exercises - thus ensuring that all students fully grasp each topic before moving on to the next.
This course is also available for one-company, on-site presentations and for live presentation over the Internet, via the Virtual Classroom Environment service.
Prerequisites
Attendance on the courses TCP/IP Fundamentals and z/OS Communications Server Part 1 - SNA & VTAM or equivalent experience. A familiarity with UNIX is also required and some z/OS systems programming experience would be an advantage, but is not essential.
Delegates will learn how to
- describe the structure, operation and the addressing mechanisms used in a TCP/IP network
- list the major configuration steps involved in customising TCP/IP for z/OS and explain the Security Server customisation required in z/OS
- explain the purpose and use of Virtual IP addressing (VIPA) and explain how to code for both a static and dynamic VIPA configuration
- explain the purpose and use of Distributed VIPAs and the need for Sysplex Distributor
- describe and define devices to TCP/IP for z/OS and explain how to define the TCP/IP for z/OS host IP address(es)
- describe and define the purpose and customisation of the DATA dataset and RESOLVER
- define the host name, domain name and DNS information
- describe and define the HOSTS file and the SERVICES dataset
- explain the configuration of the TN3270 server and the SNA gateway and explain the VTAM configuration required to support the gateway
- implement a VTAM USS table for TN3270 users
- describe and define the Telenet servers, INETD and SSHD
- describe and define the operation and customisation of the FTP server and its major security features
- explain the differences between SFTP and FTPS
- explain and define the operation and customisation of the SMTP server, the ROUTED and OMPROUTE servers
- describe the purpose and use of the major TCPIP, TSO and USS commands
- explain how to start, stop and interpret a TCP/IP packet trace and a component trace using IPCS and WireShark
- describe in overview how SNMP is implemented on z/OS and list the steps involved in customising SNMP under z/OS
- explain and define the purpose of the Enterprise Extender
- explain how the security product Policy Agent is used and why it is needed
- explain and define the structures required in a Parallel Sysplex for TCPIP High Availability.
Outline
Review of TCP/IP Fundamentals
What is TCP/IP?; Why are we interested in TCP/IP?; What does TCP/IP comprise?; Internetworking principles; IPv4 addressing principles; IPv4 addressing in detail;IPv4 subnetting principles; IPv4 subnetting mechanism; IPv4 subnetting in action;IPv4 variable subnetting principles; IPv4 variable subnetting mechansim;Network Address Translation; One to One NAT; Network Address Port Translation (NAPT); TCP/IP protocol stack; IPv4 Address Resolution Protocol; IPv4 Dynamic Host Configuration Protocol; Why IPv6?; IPv6 addressing; IPv6 prefixes and address types; Global unicast address format; Anycast address; Multicast address; Required host information; Port numbers; IPv4 Transport Protocol message formats; IPv4 Internet Protocol message format; IPv6 packet format; IPv6 header format; Extension Headers; IPv6 Routing Header; IPv6 fragmentation header; IPv6 options header; Internet domain names; Internet domain name hierarchy; Common user applications; Common system applications.
Overview of TCP/IP on z/OS
TCP/IP for z/OS; TCP/IP access to SNA applications; How the gateway works; SNA access to TCP/IP applications; Communications Storage Manager; Device connectivity; Device attachments; Direct vs indirect attachment; Direct attachment problem; Virtual IP addressing - the solution; Sharing attachments across LPARs; UNIX Systems Services considerations.
TCP/IP for z/OS Installation
UNIX Systems Services prerequisites; Security Server prerequisites; Customisation procedure (Steps 1 through 8); z/OS customisation procedures; 'Must Have' reference manuals; 'Nice to Have' reference manuals.
TCP/IP for z/OS Command Overview
Available TCP/IP commands, Starting and stopping TCP/IP; commands: MODIFY,DISPLAY, VARY, OBEYFILE, NETSTAT.
Profile Definitions
Required host information; customising the PROFILE dataset; PROFILE dataset syntax; device interface properties; Statements that define an interface; DEVICE statement; LINK statement; defining LCS,defining CLAW devices; OSAs, Hipersockets and Channel Attached Routes; OSA diagnostic device; QDIO and non-QDIO; OSA Express CHPID definitions; Adding an OSA Control Unit and device; Adding OSAD device; Hipersockets ;Hipersockets definition; CHPID Type IQD;MTU sizes; Channel Attached Routers and Servers; Defining MPCPTP devices; Defining MPCIPA devices; HOME statement; INTERFACE - IPAQENET OSA-Express QDIO interfaces statement; Syntax for INTERFACE - IPAQENET OSA-Express QDIO; Syntax for INTERFACE -- IPAQIDIO HiperSockets interfaces statement; Virtual IP addressing - a reminder; defining VIPA devices using the VIRTUAL statement; Specifying the Source IP Address; Syntax for INTERFACE -- VIRTUAL interfaces statement; Examples of the INTERFACE statement for VIPA; The START statement; The routing statements; Subnetting - a reminder; Routing statements: GATEWAY, BEGINROUTES, BSDROUTINGPARMS; variable subnets and GATEWAY; variable subnets and BEGINROUTES; statements: VIPAs; Static VIPA; Dynamic VIPA; Dynamic VIPA - introduction; Dynamic VIPA takeover; Stack-managed DVIPA; Non-disruptive dynamic VIPA takeback; Application-specific DVIPA; IOCTL or Command-Activated DVIPA; Dynamic VIPA statements; MODDVIPA (EZBXFDVP) utility; TCPIP commands for Dynamic VIPAS in a Sysplex;Dynamic VIPA usage; When does the DVIPA move?; Distributed VIPA - introduction;Distributed VIPA statements; TCPIP commands for Distributed VIPAS in a Sysplex; Communication Paths in a Sysplex; DynamicXCF transport choices; IUTSAMEH; XCF Groups and their usage; Display XCF groups; Load balancing and availability; Sysplex Distributor; Sysplex Distributor and MNLB; Connection Optimizing DNS; Information flow overview; DNS/WLM registration; Single system IP perspective of the sysplex; TCPSTACKSOURCEVIPA / SYSPLEXPORTS; CFRM policy example; Enterprise Extender; z/OS services for SNA traffic; APPN parameters in startup options; Implementation considerations; TCP/IP implementation; IUTSAMEH; DYNAMICXCF; DYNAMICXCF & HiperSockets; Modifications to TCP/IP profile; Modifications to OSPF interface; Proof of initialisation of IUTSAMEH; VTAM implementation; Defining the XCA HPRIP major node; Defining model Major Nodes for EE connections and RTP pipes; Defining switched Pus for EE connections; operational statements.
Other Datasets Needed
Customising the DATA dataset; association with the TCP/IP stack; specifying the host name and domain name; specifying the name server parameters; A typical DATA dataset ;RESOLVER;RESOLVER procedure;RESOLVER files; Resolver other statements ; CINET GLOBALTCPIPDATA; TCPIP.DATA Search Order; The SITE dataset; The SERVICES file.
Server Customisation
Configurable servers;TN3270 customisation steps; updating the TN3270 started task JCL; TelnetGlobals statement;Reducing demand for ECSA storage; TELNETPARMS statement; updating the PORT statement; BEGINVTAM statement; VTAM application major node; defining a USS table; Identifying the USS table in the PROFILE dataset; other TN3270 profile statements; UNIX Telnet server operation; customising the INETD server; starting Inetd and Telnet; SSHD UNIX files; SSHD - Using ICSF and /dev/random);SSHD - Creating configuration files; SSHD - Creating SSHD server keys; SSHD - Set up SSHD server userids; SSHD - Create SSHD server started task; SSHD - TCP configuration; SSHD - Verify z/OS DNS / Resolver operation; FTP server in operation; FTPS and SFTP; Pros and cons of FTPS and SFTP; customising the FTP.DATA dataset; customising the PROFILE and SERVICES datasets for FTP; Starting FTP; SYSLOGD ;SYSLOGD -/dev/console and /dev/log ; SYSLOGD Create the syslog daemon configuration file; SYSLOGD Create empty syslog output file; SYSLOGD - Port and Services assignments ; SYSLOGD Started Task JCL; OMVS startup ;SYSLOGD RACF Definitions; operation and customisation of the ROUTED server; OMPROUTE; OMPROUTE - Configuration file; OMPROUTE Reserve the ports; OMPROUTE - Update the Resolver Configuration File; OMPROUTE - Started Task JCL; OMPROUTE Services Port Numbers; OMPROUTE - RACF defintions; OMPROUTE - SYSLOGD; OMPROUTE - Static Routes; OMPROUTE - Configure OSPF authentication; operation and customisation of the SMTP server; customising other servers.
TCP/IP Security
Why secure the TCP/IP Network; Tasks that need protection with SERVAUTH Class; Policy Based Networking; SERVAUTH Resource Class responsibilities; SERVAUTH Resource Class; Protecting the TCPIP Stack; Protecting your Network Access; Application considerations when using NETACCESS; Using the NETSTAT and PING commands to check protection; Protecting your network ports; RACF definitions for protecting Network Ports; Using the NETSTAT command to check PORT access; Protecting the use of Socket Options; What are network commands; Protecting Network commands: z/OS TCPIP commands, Netstat and Onetstat commands, EZACMD REXX program; Protecting FTP access; Other FTP Profiles; Protecting TN3270 Secure Telnet Port; Protecting the MODDVIPA command; Introduction to Policy Based Networking; The Policy Agent; RACF and PAGENT; Other address spaces that will need RACF Profiles; Central Policy Server; SERVAUTH authorisation for Policy Client; Quality of Service; IP Filtering; IP Security; IKE protocols; CSFSERV resource class; Network Address Translation; Intrusion Detection Services; Application Transparent Transport Layer Security; TN3270 security; Secure FTP.
Problem Determination Considerations
Problem determination tools; The PING and OPING commands; The TRACERTE and the OTRACERT commands; TCP/IP SYSLOG output ; TCP/IP packet trace overview; Starting a packet trace; The external writer procedure; Stopping a packet trace; Analysing a packet trace with IPCS; Analysing a packet trace; Non-z/OS packet traces; TCP/IP component trace overview; Starting and stopping a component trace; Analysing a component trace via IPCS; Analysing a component trace; Other available traces; Packet trace.
Network Management Considerations
SNMP overview; SNMP in operation; The ASN 1 protocol; SNMP on z/OS; Basic SNMP Components; SNMP on z/OS; SNMP support on z/OS; Configuring SNMP on z/OS; Configuring the SNMP v1 & v2 agent; Configuring the SNMP v3 agent; The OSNMPD.DATA dataset; Configuring the SNMP query engine; Configuring the SNMP manager.
Sample Definitions
Sample TCPIP.PROFILE dataset; Sample TCPIP.DATA dataset; Sample TCPIP.SERVICES dataset; Sample Inted Configuration file; Sample FTP Configuration file; Sample ROUTED Configuration file; Sample SMPT Configuration file.
Frequently asked questions
How can I create an account on myQA.com?
There are a number of ways to create an account. If you are a self-funder, simply select the "Create account" option on the login page.
If you have been booked onto a course by your company, you will receive a confirmation email. From this email, select "Sign into myQA" and you will be taken to the "Create account" page. Complete all of the details and select "Create account".
If you have the booking number you can also go here and select the "I have a booking number" option. Enter the booking reference and your surname. If the details match, you will be taken to the "Create account" page from where you can enter your details and confirm your account.
Find more answers to frequently asked questions in our FAQs: Bookings & Cancellations page.
How do QA’s virtual classroom courses work?
Our virtual classroom courses allow you to access award-winning classroom training, without leaving your home or office. Our learning professionals are specially trained on how to interact with remote attendees and our remote labs ensure all participants can take part in hands-on exercises wherever they are.
We use the WebEx video conferencing platform by Cisco. Before you book, check that you meet the WebEx system requirements and run a test meeting (more details in the link below) to ensure the software is compatible with your firewall settings. If it doesn’t work, try adjusting your settings or contact your IT department about permitting the website.
How do QA’s online courses work?
QA online courses, also commonly known as distance learning courses or elearning courses, take the form of interactive software designed for individual learning, but you will also have access to full support from our subject-matter experts for the duration of your course. When you book a QA online learning course you will receive immediate access to it through our e-learning platform and you can start to learn straight away, from any compatible device. Access to the online learning platform is valid for one year from the booking date.
All courses are built around case studies and presented in an engaging format, which includes storytelling elements, video, audio and humour. Every case study is supported by sample documents and a collection of Knowledge Nuggets that provide more in-depth detail on the wider processes.
When will I receive my joining instructions?
Joining instructions for QA courses are sent two weeks prior to the course start date, or immediately if the booking is confirmed within this timeframe. For course bookings made via QA but delivered by a third-party supplier, joining instructions are sent to attendees prior to the training course, but timescales vary depending on each supplier’s terms. Read more FAQs.
When will I receive my certificate?
Certificates of Achievement are issued at the end the course, either as a hard copy or via email. Read more here.