In the ever-evolving landscape of enterprise computing, staying at the forefront of technological advancements is crucial. IBM’s z/OS, a trusted operating system powering some of the world’s most critical business operations, has recently undergone a significant upgrade with the release of version 3.1. Packed with a myriad of new features and enhancements, z/OS 3.1 is poised to revolutionize mainframe computing. In this blog post, we’ll take a closer look at some of the exciting features that make z/OS 3.1 a game-changer. GA for z/OS v3.1 was September 2023 and with this announcement, the z/OS community should take into consideration the news concerning z/OS v3.1 as this latest z/OS operating system provides further enhancements already produced with previous versions of z/OS.
z/OS 3.1 introduces a new functionalities for z/OS Management Facility (z/OSMF), offering additional capabilities and enhancements to consider:
- CFRM Policy Editor enhancements
- Analyzing WLM service definitions with Policy Advisor
- Security simplification with Security Configuration Assistant (SCA)
- New z/OS Management Services Catalog user experience enhancements
- Support for IBM z/OS Change Tracker
z/OS v3.1 prerequisites and restrictions:
It is important to understand the prerequires and restrictions of z/OS v3.1. Preparation for the listed changes can then be planned beforehand. z/OS v3.1 can be installed on IBM z hardware z14 and upward. It is important that customers migrate from previous IBM z hardware (including z13) in order to use this newest z/OS operating system. Much of z/OS v3.1 has been designed to support AI (through AI framework) and ML but to fully make use of AI and ML using IBM z16 hardware becomes highly recommended.
- TCPIP link statements withdraw (with z/OS v2.5)
Most of nowadays z/OS installations make use of the TCPIP link statements in order to support TCPIP traffic through OSA adapters. Before migration to z/OS v3.1, it becomes mandatory to remove these statements from TCPIP configurations and replace them with Interface statements in TCPIP. This change can be implemented and tested before the actual migration to z/OS v3.1 on previous z/OS systems.
- HFS file system withdraw (with z/OS v2.4):
USS (Unix System Services) on previous z/OS systems used HFS file systems and zFS file systems. z/OS v2.4 becomes the last z/OS to support HFS file systems and it becomes mandatory to replace these file systems with zFS. This change can be implemented and tested before the actual migration to z/OS v3.1 on previous z/OS systems.
- SDSF internal protection withdraw (with z/OS v2.4):
SDSF is a commonly used TSO/ISPF application on z/OS. Nowadays it is rear to see an z/OS installation that is not using it. Previous versions used SDSF internal protection with little or no interaction with RACF (or other 3rd party security servers on z/OS). z/OS v2.4 becomes the last z/OS to support such protection and it becomes mandatory to replace this kind of protection with external protection using RACF SDSF classes. (or something similar for other 3rd party security servers on z/OS). This change can be implemented and tested before the actual migration to z/OS v3.1 on previous z/OS systems.
- z/OS support for z/OS Global Mirror:
IBM plans to support and maintain z/OS Global Mirror, also known as extended remote copy (XRC) on z/OS with its current function only, with z/OS V2.5 as the last release to provide such support. New functions to support asynchronous replication technology are intended to be developed only for DS8000 Global Mirror, and no new z/OS Global Mirror functions will be provided with DS8900F or z/OS. If customers are using z/OS Global Mirror, plans for replacement must be made before migration to z/OS v3.1.
Containerization for Mainframes:
In z/OS 3.1, significant advancements are introduced to zCX, enabling the seamless execution of Linux Containerized workloads on z/OS. z/OS Container Extensions now serve as a virtual appliance, allowing the deployment of Linux on Z workloads on the z/OS platform. Notably, the compatibility extends to binary container images originally designed for Linux on Z under z/VM or zKVM, eliminating the need for porting when transitioning to zCX.
z/OS 3.1 is crafted to empower clients by harnessing industry-standard technology, facilitating increased development speed, and the modernization of applications. This update introduces new environments and APIs, ensuring a consistent approach to building, deploying, and managing workloads on both Linux and z/OS across hybrid cloud environments. Key features include:
- IBM z/OS Container Extensions (zCX) and zCX Foundation for Red Hat OpenShift Enhancements:
– Optimized for improved performance and security.
– Introduces new features supporting NFS, HTTPS, IBM WebSphere Hybrid Edition, and IBM Storage Fusion OpenShift Shared Persistent Storage.
- Data Set File System:
– A novel physical file system designed for z/OS UNIX utilities.
– Provides transparent access to data in a secure and consistent manner.
- Union File System (UFS):
– Purpose-built for z/OS, offering a merged view of one or more directories.
– Efficiently manages files, enhancing overall file system management.
- Enhanced COBOL-Java Interoperability:
– Extends interoperability for 31-bit COBOL applications to call 64-bit Java programs.
– Utilizes the IBM Semeru Runtime Certified Edition for z/OS, Version 11 (Java).
- z/OS UNIX Enhancements:
– Introduces new utilities and callable services.
– Includes a skulker rewrite for improved performance and usability.
I think that Data Set File System (DSFS) is particularly exciting because it allows us to write programs that will access all of MVS datasets using standard Unix file access functions in a POSIX-standardized way which will further ease porting of various open-source utilities from x86 and PPC architectures.
Extended Support for Modern Development Tools
Recognizing the importance of modern development practices, z/OS 3.1 provides extended support for popular development tools. This includes enhanced compatibility with open-source tools, streamlined integration with DevOps pipelines, and improved support for APIs. Mainframe developers can now leverage contemporary tools to build, test, and deploy applications more seamlessly.
Enhanced COBOL-Java interoperability for 31-bit COBOL applications plans to be extended to call 64-bit Java programs using the IBM Semeru Runtime Certified Edition for z/OS, Version 11 (Java). IBM Semeru version 11 (Java) now can be an integral part of z/OS v3.1. A set of modern APIs, with a C-based, key-value interface, designed to simplify the application effort needed to access NoSQL VSAMDB data sets on z/OS. Previous enhancements to VSAM RLS enabled applications to store Not Only SQL (NoSQL) document databases directly on z/OS, which could then be accessed in real-time, at scale, and with transactional consistency. Usage of NoSQL document is connected to a new type of VSAM on z/OS. Very much related to this is the introduction of EzNoSQL for z/OS. EzNoSQL for z/OS provides a comprehensive set of C and Java based APIs that allow applications the ability to store open standard JSON objects into VSAM Key Sequence Data Sets (KSDS) with RLS. You can now easily create and access JSON ‘key:value’ databases directly on z/OS.
In step with the times and needs. Integrating applications on z/OS into the current DevOps world has significantly accelerated and facilitated our application development process, which we’ve integrated with the rest of our enterprise system using APIs! We can’t wait to try EzNoSQL for z/OS. I think it will be of great help to us in managing JSON data.
Machine Learning Integration
Recognizing the importance of artificial intelligence in today’s data-driven world, z/OS 3.1 integrates machine learning capabilities directly into the operating system. This allows organizations to harness the power of predictive analytics, anomaly detection, and intelligent automation to optimize system performance and proactively address potential issues. In the era of artificial intelligence, z/OS 3.1 steps up by integrating machine learning capabilities. This empowers the operating system to analyze performance data, identify patterns, and optimize system resources for enhanced efficiency. The marriage of mainframes and machine learning opens up new possibilities for proactive problem resolution, resource forecasting, and improved overall system performance.
AI Framework for IBM z/OS 3.1 – AI-Infused OS
IBM Z showcase cutting-edge hardware and software functionalities meticulously crafted to enhance the scalability of artificial intelligence (AI) in conjunction with your organization’s pivotal workloads and data. The AI capabilities on IBM Z span a broad spectrum, encompassing server technology, a myriad of IBM and third-party solutions, and a variety of open-source projects. Noteworthy improvements comprise advancements like the IBM Telum on-chip inference accelerator, seamlessly integrated into the IBM z16 systems, with their proven potential to simplify and automate tasks, are being seamlessly integrated into the operating system. Introducing the AI Framework for IBM z/OS, a strategic initiative aimed at enhancing z/OS with intelligence. This augmentation is tailored to optimize IT processes, simplify management, improve overall performance, and concurrently reduce skill requirements. The groundbreaking AI-Powered WLM takes center stage as the first to leverage AI System Services. This component is expertly designed to intelligently predict upcoming batch workloads and respond dynamically, ensuring the optimized allocation of system resources.
The idea that you can relax and let the system take care of optimizing and allocating initiators based on your regular workload cycle is very exciting. I do hope that EzNoSQL, which underpins the whole z/OS AI ecosystem, in future will not depend on the implementation of sysplex and coupling facilities in the IBM Z since a lot of the customers don’t have that right now, and this presents a major setback to implementation. I don’t know anyone who would go to the trouble of implementing of CF just to try out AI and EzNoSQL, no matter how exciting they sound.
Python AI Toolkit for IBM z/OS
The Python AI Toolkit for IBM z/OS stands as a comprehensive library, offering a curated selection of open-source software tailored to meet the demands of contemporary artificial intelligence (AI) and machine learning (ML) workloads. This toolkit comprises various Python packages, conveniently installable and manageable through the widely used Python package manager, Package Installer for Python (pip). These Python packages are sourced from an IBM-hosted PyPi-style repository, ensuring supply chain security and providing a consistent software management experience across different Python environments. This streamlined approach enhances your ability to manage software efficiently, fostering a unified experience throughout your Python development environments.
It brings a secure way for installation of AI Python packages what is extremely important in today insecure world. Financial institutions running AI on mainframe will be able to comply with increasingly rigorous security regulations.
IBM SMF Explorer with Python:
IBM SMF Explorer represents a Python framework designed for direct access to SMF data from dump datasets. Leveraging the z/OS Data Gatherer: SMF Data REST Services, this framework efficiently retrieves data from a z/OS host. As a Python library, IBM SMF Explorer offers versatility, enabling scriptwriting, integration into other applications, or interactive data retrieval. The extensive Python ecosystem further grants access to a diverse array of libraries for visualization, data analysis, machine learning, and more. This framework simplifies the extraction of SMF data records, providing details on selected SMF fields and delivering chunks of SMF data tailored for various analysis types. Users can easily select and process these data sets for further analysis. For different SMF records and subtypes, predefined sets of SMF fields are available, streamlining the retrieval of relevant data such as system utilization, LPAR utilization, cache statistics, and more. To enhance user experience, IBM SMF Explorer seamlessly integrates with JupyterLab, a web-based interface for interactive Python execution, facilitating straightforward data visualization and manipulation. The IBM SMF Explorer Github repository offers a JupyterLab environment for quick initiation into the tool’s capabilities.
Great thing! The practical thing that allowed me to view SMF records and expose them for further analysis in the desired manner. Very, very helpful for system programmers and IT managers as well.
Enhanced Security
Security is a top priority in the digital age, and z/OS 3.1 takes it to the next level. System SSL/TLS enhancements, including the ability to perform TLS 1.3 cached handshakes instead of full handshakes when connecting to multiple servers. Enabling SSL/TLS with z/OS v3.1 gives additional in-flight protection.
Security is paramount in the mainframe world, and z/OS 3.1 raises the bar with advanced security features. The latest update includes quantum-safe and simplified cryptographic features, featuring an encrypted RACF Database, support for read-only archived keys in data set encryption, and the integration of TLS 1.3 sysplex session caching. In the realm of system hardening, notable updates include the extension of RACF password phrase intervals, the incorporation of AC(1) APF loadmod scanning into zAuthorized Code Scanner (zACS), and the introduction of the cutting-edge z/OS Authorized Code Monitoring (zACM), collectively reinforcing security measures and fortifying system resilience. In pursuit of simplified compliance, the latest enhancements encompass support for multiple components within the IBM Z Security & Compliance Center, counter support for CP Assist for Cryptographic Function (CPACF), and adherence to the stringent security standards defined by CIS Benchmarks, streamlining and bolstering overall compliance efforts. Protect and thrive with exceptional security and resilience capabilities, including a new Authorized Code Monitor to guard against potential vulnerabilities, expanded System Recovery Boost solutions, and new interfaces for runtime diagnostics and resource monitoring. Features like these will provide additional security checks on z/OS.
I think z/OS 3.1 introduces improvements in SSL/TLS, such as the ability to perform TLS 1.3 cached handshakes for faster connections to multiple servers, enhancing in-flight protection. Also, Advanced Security Features update includes quantum-safe cryptographic features and simplified encryption methods, such as encrypted RACF Database and support for read-only archived keys in data set encryption. Integration of TLS 1.3 sysplex session caching further strengthens security.
For zACS – Notable updates in system hardening include extending RACF password phrase intervals, incorporating AC(1) APF loadmod scanning into zAuthorized Code Scanner (zACS), and introducing z/OS Authorized Code Monitoring (zACM) to reinforce security measures and system resilience.
In summary, z/OS 3.1 elevates security standards with advanced encryption techniques, system hardening measures, simplified compliance efforts, and additional security features, ensuring enhanced protection and resilience in the mainframe environment.