GT Software BLOG

Lightweight Directory Access Protocol (LDAP) is an Internet Protocol for accessing distributed directory services that act in accordance to X.500 data and service models with roots in the Telco industry and honed by 70 years of expertise.  X.500?  With X.500 there is a single Directory Information Tree which is distributed across one or more servers.

Each entry of the X.500 Directory structure consists of a set of attributes.  The server may return the values of an attribute, the attributes in an entry, and the entries found by a search operation in any order. This follows from the formal definitions – an entry is defined as a set of attributes, and an attribute is a set of values, and sets need not be ordered.

So now that you know about the directory abilities of LDAP, what can you do with LDAP?

An LDAP client (JXPlorer for example at http://jxplorer.org) can if programmed accordingly:

• Start TLS – Use the LDAPv3 Transport Layer Security (TLS) for Secure Connections
• Bind – Authenticate and specify LDAP protocol version
• Search/Compare  – Look up directory entries and see entry has a certain value
• Add/Delete/Modify Entries – Normal directory maintenance
• Abandon – Abort Operation
• Unbind – Close connection

Hey wait a minute. The LDAP directory doesn’t look anything like my directory system on the mainframe (e.g. RACF).  Given all of this information, why in the world would one want to consider putting an LDAP on the mainframe?  Think about it for a second.

1. Isn’t your mainframe the centerpiece of your IT Universe?
2. RACF in fact can be used as the back-end Database for LDAP (as well as DB/2).
3. RACF is a robust almost impenetrable security system.
4. IBM provides an LDAP Server for z/OS which provide centralized control.
5. The RACF Security Administrator can easily maintain RACF and not have to learn another Security System.

So if you have web or other corporate applications that need a COMMON directory against which to authenticate users then what more natural place than the mainframe especially since a bulk of corporate data resides on the mainframe?

R. Scott Ray

GT Software

Enterprise Systems Director

If you want a real surfin’ safari, then catch a wave and join GT Software at the 2011 WAVV Conference in Colorado Springs April 15^th – 19^th, 2011 at the Crowne Plaza, Colorado Springs.   WAVV is a user group promoting the interests of the users of the VSE, VM, and Linux operating systems. WAVV holds an annual conference consisting of over 100 educational sessions as well as a vendor show where vendors of VSE, VM, and Linux related products can show their wares and meet with current customers.

On Sunday at 3:00 PM in Pikes Peak III, Don Spoerke will present “GT Software’s Solutions for Maximizing the Integration and Usability of VSAM files on VSE”.  Don will present an in-depth overview of how GT Software’s Ivory suite can help developers maximize the usability of VSAM data without impacting development or IT resources.  Reusing these files saves time, money and eliminates the need to re-host the data for the purpose of BI, warehousing, or integration to new applications.   Also join Don at the SPLASH Exhibit Hall on Sunday from 7 – 11 PM, and Monday from 12:45 – 3:00 PM and 7:00 – 11 PM.  Click here for more information on WAVV 2011.

Please join GT Software at the 2011 IBM Impact Conference in Las Vegas April 10th – 15th, 2011 at the Venetian and Palazzo Hotels.  The IBM Impact 2011 Global Conference will bring together more than 6,600 technology and business leaders at a single event for a transformative learning opportunity.  Never has it been more important to work smarter for better business outcomes. IT professionals can learn the latest technology trends and quickly build skills in WebSphere, BPM, SOA and Cloud solutions and will come away with the expertise to help advance your career and advance your organization’s ability to improve business outcomes and grow.

Rob Morris will be presenting “Drive Value and Cut Costs with Mainframe Web Services“ on Tuesday, April 12^th from 4:45 – 6:00 PM in the Venetian – Delfino 4001A room.  Rob will focus on how mainframe integration and Web services using Ivory from GT Software can drive maximum value from your existing mainframe investments, while cutting costs. Many think this problem is completely ‘solved’ with WebSphere MQ, free utilities, or out of date approaches. This session will challenge those beliefs and empower you to drive maximum value from the mainframe while lowering costs.  Also join GT Software as we exhibit the Ivory suite at the zZone Solution Center.   Solution Center hours can be found here.

IBM VM (Virtual Machine) is an operating system created by IBM that runs on IBM Mainframe Systems.  VM provides the virtualization technology that enables multiple copies of operating systems to run as GUEST Operating Systems (commonly referred to as GUESTs) on a common physical hardware platform.  VM provides a robust virtual computing platform.  The motivating factor behind virtualization technology is realizing huge economies of scale as we will see later on discussion of z/Linux.

Originally released in 1972 as VM/370 because it ran on the IBM/370 mainframe.  VM/370 ran a re-implementation of CP/CMS System.  CP/CMS has several previous versions including CP-40/CMS and CP-67/CMS.  VM/370 was based on a CP-370/CMS.  The CP (Control Program) piece is the hypervisor used to share computing resources of the physical hardware and CMS is a User Time-Sharing and Editing environment.  Simply put, CP/CMS is the administrative and user environment of VM.

z/VM is the current implementation of IBM’s VM and run on all of IBM latest Mainframe Systems including the z/10 and z/Enterprise Systems (z196).  The z/VM Hypervisor CP (Control Program) provides the mechanisms for sharing hardware and software resources that enable virtualization in z/VM.  A series of CP commands and scripting can be used to provide the virtual environment with which the GUEST operates.

z/Linux is a complete implementation of Linux on System z.  Linux implementations for the IBM Mainframe were developed in labs over a period of late 1998 and early 1999 with a commercially available package available in 2000.

Using a combination of z/VM and z/Linux, a customer can literally run thousands of Linux GUESTs on a single IBM Mainframe platform.  As mentioned earlier in this article the user community can realize tremendous economies of scale by establishing a Many to One relationship between the z/Linux GUESTs (MANY) to a common physical hardware platform (ONE).  IBM Mainframes have a specialized processor called an Integrated Facility for Linux (IFL) to handle the z/Linux workload.  The real beauty of IFLs is that they run at Uniprocessor speed (Full Throttle) and are NOT “knee-capped”) as are the General Processors (GPs) used for running other mainframe workload.  With z/Linux, the customer is not hassled with providing commodity based hardware platforms that may only provide a ONE-for-ONE environment.

The market for z/Linux is rapidly expanding and maturing.  Production, Development and Test/QA environments have found real relevance for z/VM and z/Linux.

R. Scott Ray

Enterprise Systems Director

GT Software’s Dusty Rivers talks about the mission-critical nature of the applications on the IBM System z. The mainframe is the platform customers trust for the availability, security and reliability to run their core business applications. The new IBM zEnterprise System will be the basis to begin working over the cloud.

Dusty Rivers talks about IBM System z

Hear Rob Morris “Shoot it Out” with other CICS Web Service vendors and learn how Ivory Service Architect from GT Software will help your organization drive value while containing costs.

SHARE 2011 will be held in Anaheim, CA, February 27th – March 4th, 2011.   The theme of this year’s show is Driving Value While Containing Costs.  Rob Morris, Chief Strategy Officer for GT Software, has been invited to speak at the session titled “CICS Web Service Vendor Shootout.”

Rob, along with other CICS vendors, will discuss the use of web services tooling for mainframe integration versus what is offered by IBM.   Rob will stress why having choices for how services are developed, what can be included, how the services are called, and where the services are run are critical to maximize your investments while containing costs.  He’ll also highlight that Ivory Service Architect includes support for IBM specialty engines which will definitely impact the total cost of an integration framework.  To support Rob’s message, he will include testimonials from GT Software customers that have enhanced the value of their mainframe while containing costs. As Chief Strategy Officer for GT Software, Rob has written articles for many industry publications and is a frequent presenter at SHARE and key IBM events.

“The CICS Web Services Vendor Shootout” will be held in Room 205B of the Anaheim Convention Center at 3:00PM on Tuesday March 1, 2011. More information on the SHARE conference can be found at www.share.org. For information on how GT Software can maximize the value of modernizing your mainframe investments while containing costs, please visit www.gtsoftware.com or call 404-253-1300 to speak to one of our Integration experts.

In my last tech tip, I talked about how to name a dataset.  Data sets can be password protected, and if the data set has both RACF and password protection, the password protection is bypassed. RACF provides more security than password protection.  With RACF protection, only authorized users can access the data set; with password protection, any user who knows the password can access the data set.  When a user attempts to access a data set, RACF verifies both the user and the data set profiles to determine whether to grant or to deny the access.

For example, the generic profile ALPHA.* could protect the data sets ALPHA.DATA, ALPHA.DATA.TEST, and ALPHA.CNTRL.DATA. If a rule is in place for a discreet dataset name, that access rule is used not the generic rule.

A simple example of dataset access for different users:

¹ UACC is for universal access.

RACF uses the following access privileges:

NONE – Does not allow users to access the data set.

READ – Allows users read-only access the data set. READ access to read a data set allows the user to copy or print it.

UPDATE – Allows users to read from, copy from, or write to the data set. They are not authorized to delete, rename, move, or scratch the data set.

CONTROL – For non-VSAM data sets, this is equivalent of UPDATE.  For VSAM data sets, CONTROL allows users to access the control-interval, and to retrieve, update, insert, or delete records in the data set.

ALTER – Allows users to read, update, delete, rename, move, or scratch the data set.  When specified in a generic profile, ALTER gives users no authority over the profile itself. When specified in a discrete profile, ALTER allows users to read, alter, and delete the profile, but they may not change its owner.

EXECUTE – Allows users to load and execute, but not read or copy, load modules (programs).

Frank Skellen

Mainframe Specialist

GT Software

What is a dataset name?  A data set name can be one name segment or a series of joined name segments where each name segment represents a level of qualification. For example, the data set name VERA.LUZ.DATA is composed of three name segments. The first name on the left is called the high-level qualifier (HLQ), the last name on the right is the lowest-level qualifier (LLQ).

Segments or qualifiers are limited to eight characters, the first of which must be alphabetic (A to Z) or special (# @ $). The remaining seven characters are either alphabetic, numeric (0 – 9), special characters, a hyphen (-). Name segments are separated by a period (.).

Including all name segments and periods, the length of the data set name must not exceed 44 characters or a maximum of 22 name segments.

For example, the following names are not valid data set names:

• Name with a qualifier that is longer than eight characters (HLQ.ABCDEFGHI.XYZ)
• Name containing two successive periods (HLQ..ABC)
• Name that ends with a period (HLQ.ABC.)
• Name that contains a qualifier that does not start with an alphabetic or special character (HLQ.123.XYZ)

The HLQ for a user’s data sets is typically controlled by the security system. The remainder of the name follows conventions, not rules, which may include the following:

• LIB in the name indicates that the data set is a library. PDS is a lesser-used alternative
• CNTL, JCL, or JOB in the name typically indicates the data set contains JCL
• LOAD, LOADLIB, or LINKLIB in the name indicates the data set contains executables
• PROC, PRC, or PROCLIB indicate a library of JCL procedures
• COBOL, Assembler, FORTRAN, PL/I, etc., are used to indicate language source code
• A portion of a data set name may indicate a specific project, such as PAYROLL.

Using too many qualifiers is considered poor practice. For example, the following name is a valid data set name (upper case, does not exceed 44 bytes, no special characters) but it is not very meaningful.

P390A.A.B.C.D.E.F.G.H.I.J.K.L.M.N.O.P.Q.R.S

A good practice is for a data set name to contain three or four qualifiers.

Frank Skellen
Mainframe Specialist
GT Software

This isn’t some twisted Dr. Seuss book; it’s a new feature IBM has introduced in z/OS V1.11. zAAP (System z Application Assist Processor) eligible workloads can run on the zIIP (System z Integrated Information Processors) specialty engine. This new capability is ideal for customers without enough zAAP- or zIIP-eligible workload to justify a specialty engine today; the combined eligible workloads may make the acquisition of a zIIP cost effective. This new capability is also intended to provide more value for customers having only zIIP processors by making Java and XML-based workloads eligible to run on an existing zIIP. Customers who have already invested in zAAP, or have invested in both zAAP and zIIP processors, should continue to use these as this maximizes the new workload potential for the platform. This new capability is not available for z/OS LPARS if zAAPs are installed on the server. Additional terms and conditions apply; see the FAQ for more information.

For more information on how GT Software uses the IBM specialty engines, click here.

Scott Ray

GT Software

Enterprise Development Mgr

IMS has been around and in production for over 40 years as the backbone system of many world class organizations in all industry verticals.  Now with some of the new technologies and systems many are looking to try and replace those tried and true systems. Why replace something that is tried and true, why not just incorporate the new technologies and let them drive the existing IMS systems (without changing the IMS systems).

Already companies are using web-services to drive IMS transactions or sets of transactions to create composite business services needed by the new business initiatives. Now it is also possible to create RESTful services (RESTful interfaces typically require less development effort and use less runtime overhead) and include those in many new technologies easier that using the WSDL or Web service protocol. Also as many systems move to Web 2.0 interfaces they can be used there also with mash-up tools to create the new user facing systems. You can also use both Web Services and RESTful services in mash-up tools depending on designer preferences.

If you are using Microsoft tooling like SharePoint 2010 those services can be easily incorporated into the design of the SharePoint 2010 applications also. In SharePoint 2010 you can also use either service (REST or WSDL).

In all the scenarios mentioned, the underlying IMS applications (transactions) do not need to be changed; they just continue to work as they have for decades. The important part is to focus on the business need required to drive the use of the new technology, and not replacing existing software just because it’s been running for awhile. Use IMS with the new technology, it will be a lot easier and less painful.

For Information on using IMS with REST, Web Services, SharePoint 2010 see www.gtsoftware.com.