What's new?
While IBM values the use of inclusive language, terms that are outside of IBM’s direct influence are sometimes required for the sake of maintaining user understanding. As other industry leaders join IBM in embracing the use of inclusive language, IBM will continue to update the documentation to reflect those changes.
Support for more Liberty features
CICS Transaction Server for z/OS, Version 5 Release 3 extends its support for JEE web applications through the WebSphere® Application Server Liberty profile.
| Feature | Name | Description |
|---|---|---|
| Contexts and Dependency Injection | cdi-1.0 | Provides a mechanism to inject components such as EJBs or Managed Beans into other components such as JSPs or EJBs. |
| EJB Lite | ejbLite-3.1 | Enables support for Enterprise JavaBeans written to the EJB Lite subset of the EJB 3.1 specification. |
| Local JMX Connector | localConnector-1.0 | Allows the use of a local JMX connector that is built into the JVM to access JMX resources in the server. |
| Managed Beans | managedBeans-1.0 | Provides a common foundation for different Java™ EE components types that are managed by a container. Common services that are provided to Managed Beans include resource injection, lifecycle management, and the use of interceptors. |
| MongoDB Java Driver | mongodb-2.0 | Provides support for the MongoDB Java Driver and allows remote database instances to be configured in the server configuration. Applications interact with these databases through the MongoDB APIs. |
| Monitor | monitor-1.0 | Enables performance monitoring of WebSphere Liberty profile runtime components by using a JMX client. |
| OSGi Console | osgiConsole-1.0 | Enables an OSGi console to aid with debug of the runtime. |
| Rest JMX Connector | restConnector-1.0 | Enables remote access by JMX clients via a REST-based connector and requires SSL and user security configuration. |
| Database Session Persistence | sessionDatabase-1.0 | Enables persistence of HTTP sessions to a data source using JDBC. |
| LDAP User Registry | ldapRegistry-3.0 | Enables support for using an LDAP server as a user registry. Any server that supports LDAP Version 3.0 can be used. Multiple LDAP registries can be configured, and then federated to achieve a single logical registry view. |
Changes in TCB switching for HTTP requests
The TCB switching that is required to send and receive messages over a TCPIPSERVICE PROTOCOL(HTTP) connection and over an HTTP client connection is reduced. This reduction in TCB switching improves the performance of CICS processing of these HTTP messages.
For sending or receiving messages over an SSL connection, the switching between the S8 and SO TCBs is eliminated. All processing now occurs on the S8 TCB.
For sending or receiving messages over a non-SSL connection, the switching between the SO TCB and the application TCB is reduced.
If the messages that are being sent or received are large, the CPU usage between the TCB switches will be larger. In this situation, the task that is sending or receiving the message might reach the runaway limit and be terminated. If sending or receiving large messages, determine whether you need to increase the transaction RUNAWAY value for the web server HTTP attach transaction (CWXN by default), the web server alias transactions, and any transactions that issue the web client API commands SEND, RECEIVE, and CONVERSE.
Easier management of logs from JVM server
- JVM server output logs, OSGi output, and Liberty logs are consolidated into a single directory structure.
- The location of the directory structure is unique to each JVM server. Symbolic links make it
easier to navigate between logs. If you need to use the directory structure of previous releases,
you can set an option in the JVM profile. Learn more:
- Timestamps in JVM server output logs can be localized.
- The time stamp uses the local time zone that you specify on the TZ variable in your JVM profile. If you don't specify a time zone, the time stamps continue to show UTC (Coordinated Universal Time).
- Old log files can be deleted.
- You can use a new option in the JVM profile, LOG_FILES_MAX, to specify how many iterations of each log file to keep. If you don't specify this option, or set it to zero, all logs are kept.
- File tagging for JVM Liberty files in UNIX System Services.
- The CICS JVM server now automatically tags the following
zFS files with the correct ASCII or EBCDIC coded character set:
- The file that is resolved from the setting STDOUT
- The file that is resolved from the setting STDERR
- The file that is resolved from the setting JVMTRACE
- server.xml
- installedapps.xml
This change enables automatic file conversion when using the CICS Explorer® z/OS UNIX Files view, or the UNIX System Services utilities.
Support for the Java EE 7 Full Platform in CICS Liberty Integrated mode, enhancements to
SET JVMSERVER DISABLE (PHASEOUT,PURGE, FORCEPURGE,KILL), and a more standard
configuration for CICS Db2 type connectivity using the Liberty dataSource.
- Support for Java EE 7 Full Platform in CICS Liberty Integrated mode.
- A more standard configuration for Db2 type 2 connectivity using the Liberty dataSource to supercede the cicsts_dataSource.
- Allowing individual tasks to be purged from the JVMSERVER.
- A new, more comprehensive and robust mechanism for handling RUNAWAY tasks in a JVMSERVER.
- Improved ability of a JVMSERVER to DISABLE with a more thorough and orderly procedure when quiescing outstanding threads and tasks.
New Java capabilities
- Connecting to IBM® MQ
-
You can use the IBM MQ classes for Java Message Service (JMS) to access IBM MQ resources, as an alternative to the IBM MQ classes for Java. This support is for Java programs running in an OSGi JVM server only, with IBM MQ for z/OS Version 7.1 and 8.
Support is provided for using the classic (JMS 1.1) and simplified (JMS 2.0) interfaces, provided that CICS is connected to a level of IBM MQ queue manager that supports the appropriate level of JMS and is using a suitable version of the IBM MQ classes for JMS.
This support relies on service enhancements to IBM MQ. Version 7.1 requires IBM MQ APAR PI29770 (built on fix pack 7.1.0.6) or any later fix pack level. V8.0 requires base APAR PI28482 and fix pack 8.0.0.4 or any later fix pack level. CICS TS V5.2 is also supported and requires APAR PI32151.
- Passing an existing document into a Java program
-
The document services of the JCICS application programming interface have a new constructor,
Document(byte[] docToken), to use to pass an existing document, such as one created by a COBOL program, into the Java program. The Java program can then work with that document through the JCICS API.
z/OS Connect
IBM z/OS Connect enables better and more manageable connectivity between mobile systems and back-end z/OS systems and applications. You can now use z/OS Connect inside a CICS region. It provides a consistent interface for mobile systems that use REST and JSON, shields back-end systems from having to understand those protocols and formats, and shields mobile application developers from having to understand CICS.
z/OS Connect Enterprise Edition
With APAR PI59304, CICS TS 5.3 supports z/OS Connect Enterprise Edition, a separately-orderable IBM product. It builds on the capabilities of z/OS Connect for CICS 1.0. z/OS Connect Enterprise Edition enables API developers to construct JSON APIs from JSON services. The APIs are constructed and packaged with the Eclipse-based API Editor that is provided with z/OS Connect Enterprise Edition, then deployed to the z/OS Connect runtime. The API package includes Swagger 2.0 definitions to make it easier for developers to incorporate the APIs into their applications. Key z/OS Connect capabilities, such as authorization security checking for service invocation, creation of System Management Facility (SMF) records, and logging of RESTful service requests also apply to the APIs.
HTTP requests are processed by directly attached user transactions
The pipeline processing of HTTP requests is streamlined so that, in most situations, you no longer need an intermediate web attach task (CWXN transaction). This change reduces CPU and memory overheads for most types of SOAP and JSON-based HTTP CICS web services.
The socket listener task, CSOL, is optimized to attach user transactions directly for fast-arriving HTTP requests. The web attach task is bypassed, which reduces the CPU time that is required to process each request.
To qualify for optimization, both the TCPIPSERVICE and URIMAP resource attributes, and the request, must meet specific criteria. Using the analyzer program disqualifies the HTTP requests from directly attaching the transaction.
AT-TLS support for inbound HTTPS requests
Inbound HTTPS requests can have SSL support provided by the Application Transparent Transport Layer Security (AT-TLS) feature of IBM Communications Server. In CICS, TCPIPSERVICE resources define the association between ports and CICS services, including CICS web support. These resources can be configured as AT-TLS aware and obtain security information from AT-TLS. Using AT-TLS moves the role of configuring SSL(TLS) from CICS to AT-TLS, and can reduce CPU times, compared to using the CICS implementation of SSL(TLS).
You can define TCPIPSERVICE resources to get security information from AT-TLS. A new option, ATTLSAWARE, is added to the SSLTYPE parameter on commands to create, alter, and install TCPIPSERVICE through CEDA, CSD, and the resource definition utility DFHCSDUP.
If you specify ATTLSAWARE, CICS expects that the SSL session that is used is configured and by the AT-TLS function of TCP/IP. CICS inquires on the state of a socket connection that is established by a client. The query returns information, such as the cipher suite used for the TLS session and client certificate (if present).
Tailoring values in HTTP server- and user-agent headers
Two new SIT parameters are available to suppress or replace fields in the headers provided by CICS on HTTP requests and responses. HTTPSERVERHDR sets the value for the Server field. HTTPUSRAGENTHDR sets the value for the User-Agent field. These settings are reflected in the value that is returned on the PARTNER option of the INQUIRE IPCONN command.
More threadsafe commands
| INQUIRE commands | DISCARD commands | SET commands |
|---|---|---|
| INQUIRE ENQMODEL | DISCARD ENQMODEL | SET ENQMODEL |
| INQUIRE JOURNALMODEL | DISCARD JOURNALMODEL | SET JOURNALNAME |
| INQUIRE JOURNALNAME | DISCARD JOURNALNAME | SET TCLASS |
| INQUIRE RRMS | DISCARD TCPIPSERVICE | SET TCPIP |
| INQUIRE STORAGE | DISCARD TDQUEUE | SET TCPIPSERVICE |
| INQUIRE STREAMNAME | DISCARD TRANCLASS | SET TDQUEUE |
| INQUIRE SUBPOOL | DISCARD TSMODEL | SET TRANCLASS |
| INQUIRE TASK LIST | PERFORM SECURITY REBUILD | SET TSQNAME |
| INQUIRE TCLASS | PERFORM SSL REBUILD | SET TSQUEUE |
| INQUIRE TDQUEUE | WRITE OPERATOR | SET UOW |
| INQUIRE TCPIP | SET WEB | |
| INQUIRE TCPIPSERVICE | ||
| INQUIRE TRANCLASS | ||
| INQUIRE TSMODEL | ||
| INQUIRE TSPOOL | ||
| INQUIRE TSQNAME | ||
| INQUIRE TSQUEUE | ||
| INQUIRE UOW | ||
| INQUIRE UOWENQ | ||
| INQUIRE WEB |
TRANSACTION resources as application entry points
An application entry point identifies a resource that is an access point to an application. Application entry points are used to control users' access to different versions of an application that is deployed on a platform. They are also used to create an application context to monitor the resource usage for applications and to identify an application being run. TRANSACTION resources can now be used as application entry points, in addition to the PROGRAM and URIMAP resources from previous releases. By defining a TRANSACTION as an application entry point you can now scope policies to a particular transaction ID, whether deployed with CICS cloud applications or in stand-alone CICS bundles.
- APPLICATION to return the name of the application for which the TRANSACTION resource is defined as an entry point.
- APPLMAJORVER, APPLMINORVER, APPLMICROVER to return the version of the application.
- OPERATION, to return the operation name of the application for which the TRANSACTION resource is defined as an application entry point.
- PLATFORM, to return the name of the platform on which the application is deployed and for which the TRANSACTION is declared as an application entry point.
- AVAILSTATUS, to return the availability of the application.
New statistics and messages provide information about the transaction entry points. A field, XMR_TRAN_ENTRYPOINT, is added to the resource statistics that are reported for transactions. This field shows whether the transaction is defined as an application entry point.
For more information, see Application entry points and INQUIRE TRANSITION, and Transactions: resource statistics.
Changes to EXEC CICS ASSIGN
- Retrieving the offset of an abend on ASSIGN
-
CICS already provides information about the abend code and abend program name on the ASSIGN command when ASRA, ASRB, and ASRD abends occur. This release adds the offset of the abend to the values that can be requested on ASSIGN. You can use this information to help with recovery routing in your applications.
- Determining the length of a terminal input string on ASSIGN
- The INPUTMSGLEN option allows you to test for the length of a terminal input string, before you receive the input.
Returning consistent data on INQUIRE PROGRAM
EXEC CICS INQUIRE PROGRAM now returns consistent data about a program, when the request is made after a SET PROGRAM PHASEIN request but before the program is loaded. In previous releases, a mix of information was returned, such as the program length from the copy that was previously loaded, but the load library name from the version that was phased in.
Querying a channel
You can now query the number of containers in a channel, and the total amount of storage that they occupy. There is a new EXEC CICS command, QUERY CHANNEL, and the equivalent JCICS method, getContainerCount(), on the Channel class.
Deleting a channel
You can now explicitly delete all the containers that are in a channel. Therefore, the application that owns the channel can delete the storage for the channel and its associated containers before the channel goes out of scope; for example, in a long-running task. There is a new EXEC CICS command, DELETE CHANNEL, and the equivalent JCICS method, void delete(), on the Channel class.
Integrated translator support for EXCI programs in PL/I
You can now use the integrated translator when you compile PL/I programs that use the External CICS Interface (EXCI) command level API. The previous restriction for programs in PL/I is removed, as is the warning message DFH7006.
A set of sample procedures is provided to show how to build an EXCI program by using the integrated translator.
Changes to the JSON transformer linkable interface
The JSON transformer linkable interface is extended to transform structured application data to and from JSON data without using a JVM server. Whether to use a JVM server is determined by the DFHJSON_JVMSERVR container. If this container is not provided or has a length of zero, the DFHJSON program attempts data transformation by using components that are internal to CICS, rather than the JVM server. This change removes the need to configure a JVM server, and offers potential CPU reductions.
New policy thresholds
You can use policies to control the behavior of running applications and platforms. You define threshold conditions and the actions to take when the conditions are met. This release extends the range of threshold policies.
Following the introduction of system rules with APAR PI83667, policy threshold rules are renamed to policy task rules, and policy thresholds are renamed to policy conditions.
- EXEC CICS requests
- You can define threshold policies for the number of EXEC CICS (API and SPI) requests performed by a user task.
- IBM MQ requests
- You can define threshold policies for the number of IBM MQ requests issued by a CICS task. A new rule type, IBM MQ request, defines a threshold for the number of MQI requests that are processed by the CICS-WebSphere MQ adapter for a CICS task.
- IMS DLI requests
- You can define threshold policies for the number of IMS DLI requests issued by a CICS task. The database request rule type is extended with a DLI command rule item to define a threshold for the number of EXEC DLI or CALLDLI requests.
- Shared temporary storage (TS) queues
- You can define threshold policies for the amount of user data that is written to a shared TS queue, or the number of requests that are issued to a shared TS queue by a CICS task. In previous releases, policy thresholds could be set only on auxiliary and main TS queues.
- Named counter requests
- You can define threshold policies for the number of EXEC CICS, EXEC CICS GET COUNTER and GET DCOUNTER requests performed by a user task.
Support for system rules in CICS policies
Available with APAR PI83667. If you want to monitor the state of system resources or the overall health of a CICS system, you can define system rules in CICS policies. System rules define an automated action to be performed, such as issue a message or emit a CICS event, when something of interest happens in a CICS system, such as a resource state change, a threshold that is crossed, or an unusual system state or action.
System rules provide equivalent function to system events, which are now deprecated. You should use system rules instead.
Following the introduction of system rules, policy threshold rules are renamed to policy task rules, and policy thresholds are renamed to policy conditions.
Support for static data capture items and event names for policy events
Available with APAR PI88500. If you use CICS Explorer® Version 5.4.0.6 or later and you use the policy definition editor to work with policy rules, you can now define items of static data to be emitted with policy events and specify a user-defined name for the event.
This capability is also available on CICS TS 5.1 and 5.2 with APAR PI88500.
Automatic recovery of application availability state
The availability status of a CICS cloud application is restored if you start or restart a CICS region in the platform after the time when you make the application available. In previous releases, an enabled status was restored, but you needed additional action to make the application available for use.
New private resource, PACKAGESET, for DB2 collections
The new private resource PACKAGESET makes the handling of DB2® data in a cloud environment easier and more flexible by enabling you to specify different DB2 collections across different environments. Using PACKAGESET, CICS can now issue the EXEC SQL SET CURRENT PACKAGESET command on behalf of the application. The PACKAGESET resource is optional, and existing mechanisms to manage different collections across different environments remain available, for example, multiple plans, dynamic plan exits, or setting the package set yourself in the application.
Transaction tracking for CICS-MQ bridge
CICS transaction tracking identifies relationships between tasks in an application as they flow across CICS systems, and visualizes them in CICS Explorer. Seeing these relationships simplifies problem determination, reporting, and auditing. Transaction tracking now covers transactions that are started by the CICS-MQ bridge.
Both IBM MQ trigger or bridge monitor tasks can use CICS transaction tracking by setting adapter fields in the origin data of the task that they start within a CICS region.
The user exit programming interface (XPI) for monitoring now includes a SET_TRACKING_DATA call on DFHMNTDX. This call sets the transaction tracking origin data tag for the issuing task.
New statistics
New statistics are available to help with monitoring and managing the CICS system.
- Peak depth of TD queues
-
A field, TQRPNITM, is added to the resource statistics that are reported for transient data queues. This field contains the peak depth of the transient data queue. This information can help you to take action if too many records are on the queue.
- Transaction CPU time
-
New metrics for transaction CPU time measurements are added to global CICS statistics. These statistics are gathered even if CICS monitoring is turned off. This capability gives you greater insight into the CPU use of CICS regions, without having to collect and process SMF 110 monitoring records.
Three new fields are added to the monitoring domain statistics. These fields show the accumulated transaction CPU time for each completed transaction during the statistics interval.- MNGCPUT shows the total transaction CPU time that is accumulated for the CICS dispatcher-managed TCB modes that are used by the completed transactions.
- MNGTONCP shows the total transaction CPU time, on a standard processor, that is accumulated for the CICS dispatcher-managed TCB modes used by the completed transactions.
- MNGOFLCP shows the total transaction CPU time, on a standard processor, that was eligible for offload to a specialty processor (zIIP or zAAP). This time is accumulated for the CICS dispatcher-managed TCB modes that are used by the completed transactions.
Additional information about EYU9XENF
The CICSPlex® SM batch utility, EYU9XENF, reports CICS ESSS (Environment Services System Services) information on a specific release in an LPAR. The utility report now clarifies the status of connections to the ESSS by showing the job ID or task ID of each one. It also shows the service level of the ESSS program.
Increased security capabilities
- Enhanced Password Algorithm
- Stronger encryption of passwords comes from support for the Enhanced Password Algorithm. This algorithm was implemented in RACF® with APAR OA43999.
- Signing on from 3270 with a Kerberos token: EXEC CICS SIGNON TOKEN
- The new EXEC CICS SIGNON TOKEN command saves flowing a password. This command enables applications to validate a Kerberos security token, as determined by an external security manager, and to associate a new user ID with the current terminal. This command is threadsafe.
- Requesting a PassTicket: EXEC CICS REQUEST PASSTICKET
- A PassTicket is a secure representation of a password that a program can use to sign on to an application. Using a PassTicket in place of a password means that applications don't need to store passwords, or ask users to reenter them, to sign on to the target system. Passwords are not transmitted across the network. The REQUEST PASSTICKET command requests an external security manager such as RACF to build a PassTicket. Message DFHXS1500 indicates that a PassTicket request failed because the request was not authorized by the external security manager. This command is threadsafe.
- Offloading authentication requests to open TCBs
- Offloading authentication requests to open TCBs reduces contention on resource-owning transaction control blocks (TCBs).
- Identifying the token type that is used in sign-on
-
Exit XSNON has a new parameter, UEPSGTYP, that identifies whether the SIGNON operation was by USERID or TOKEN. You can use this new parameter to see how many sign-on operations were done by using the new Kerberos mechanism, and you can now log who performs the sign-on.
- Seeing the number of invalid password attempts
-
If you supply an incorrect password on a VERIFY PASSWORD request, the invalid attempt count is increased for the user ID. If you supply multiple incorrect passwords on successive VERIFY PASSWORD requests, the user ID might be revoked by the external security manager. CICS already issued message DFHXS1201 when you supplied an incorrect password on a VERIFY PASSWORD request. Now, when you supply a correct password following one or more invalid attempts, CICS issues message DFHXS1206. The new message includes a count of the invalid attempts that were made before the valid attempt.
- AT-TLS support
- The new TCPIPSERVICE option of SSL(ATTLSAWARE) allows CICS to fully use AT-TLS including access to client certificates to identify users. See AT-TLS support for inbound HTTPS requests for details.
Controlling RNL processing through the SIT: NQRNL
CICS uses z/OS global resource serialization to provide sysplex-wide protection of application resources. z/OS global resource serialization includes resource name lists (RNLs) that specify the scope of resources. RNL processing can cause the scope of resources to change from the scope that was specified in the ENQMODEL resource definition in CICS. You can use a new system initialization parameter, NQRNL, to specify that z/OS global resource serialization uses RNL processing for enqueue and dequeue requests from CICS.
Performance improvements
Internal performance improvements in CICS Transaction Server for z/OS, Version 5 Release 3 contribute to reducing CPU.
- HTTPS requests with SSL support that is provided by CICS
- Performance is improved for HTTPS requests where SSL support is provided by CICS. Although these requests still need the CWXN transaction, the number of switches between task control blocks (TCBs) is reduced.
- Exploiting new hardware instructions in the IBM System z9®
-
CICS exploits new hardware instructions added on the IBM System z9 and later systems. This includes the use of store clock fast, cache alignment of some key CICS control blocks, the use of prefetch, reduced lock contention within monitoring algorithms, improvements to the MRO session management algorithms, and further tuning of internal procedures.
These improvements in efficiency flow through to CICS, especially for CICS trace, CICS monitoring, and for MRO connections that have high session counts.
- Performance tuning of HTTP connections
- The new SOTUNING SIT parameter specifies whether
performance tuning for HTTP connections occur to protect CICS
from unconstrained resource demand. If the SOTUNING SIT parameter is set to the
default value of YES, if the region becomes overloaded CICS temporarily stops listening for new HTTP connection requests. If
overloading continues, CICS closes existing HTTP persistent
connections and marks all new HTTP connections as non-persistent. These actions prevent oversupply
of new HTTP work from being received and queued in CICS,
allowing feedback to TCP/IP port sharing and Sysplex Distributor, promoting a balanced sharing of
workload with other regions that are sharing the same IP endpoint and allowing the CICS region to recover more quickly.
If SOTUNING is set to YES, CICS periodically closes persistent connections to allow more efficient sharing of workload across regions that share IP endpoints, using technologies such as TCP/IP shared ports and Sysplex distributor.
- Controlling the way JSON is parsed
-
A
java_parserattribute is provided to the<provider_pipeline_json>element of the z/OS Connect for CICS pipeline configuration file, which allows you to control where the JSON input message gets parsed.
- Enhanced z/OS Workload Manager (WLM) Classification for CICS Subsystem
- WLM already reports CICS
transaction response times, and now a new function passes the CPU times that are used by
transactions to z/OS WLM. This change enables CPU time
collection for groups of transactions based on WLM classifications. There are two new z/OS WLM classifications based on TCP/IP service name and
transaction class:
- Connection Type (CT) name of the TCP/IP Service that received the request for this transaction, and Connection Type Group (CTG)
- Transaction Class (TC) name of the transaction class to which this transaction belongs, and Transaction Class Group (CTG)
Creating the USERAUTH attribute from the DFH0IPCC migration utility
The DFH0IPCC migration utility converts APPC and MRO connections to IPIC connection definitions. When a CONNECTION entry has ATTACHSEC values of LOCAL, IDENTIFY, or VERIFY, a USERAUTH attribute is created on the IPCONN definition.
Additional checks during initialization
- Checks during initialization for mismatch of program releases
-
CICS now checks during initialization that no CICS nucleus module comes from an earlier release than the release that is currently being started. If a mismatch is detected, message DFHLD0110I is issued, and CICS terminates.
This check also encompasses macro tables that are loaded during initialization, so ensure that all macro tables are reassembled, using the new release macros.
- Checks during initialization for required hardware
-
CICS now checks during initialization for the required level of hardware. This release requires a z9® or subsequent 64-bit z/Architecture® processor with a configuration that has a terminal and a tape device capable of reading one of the types of tape on which CICS TS is supplied. For more information about prerequisites for this release, see Requirements for CICS TS.
New features of DFHCSDUP
- Copying individual resources between groups
-
You can use DFHCSDUP COPY to copy a single resource definition from one group to another. In previous releases, this functionality was possible only with CEDA. The group from which the resource definitions are copied can be on the primary CSD, or on another CSD file that is specified by the FROMCSD parameter on DFHCSDUP COPY.
- Showing the maintenance level of the CSD
-
DFHCSDUP LIST shows the current status of the CSD file. If maintenance has been applied to the CSD, an additional heading is shown:
LAST CSD MAINTENANCE UPGRADE USED filename AT PTF ptfnumber LEVELFor example, maintenance that is applied through DFHCSDUP UPGRADE USING(DFHCURDM) indicates the PTF level of DFHCURDM that was used.
New PHASEIN support for SET BUNDLE
The new PHASEIN support for the SET BUNDLE command enables the registration of a new version of an OSGi bundle with the OSGi framework to replace any version that is currently registered. The new version of any OSGi services that are implemented by the new version of an OSGi bundle are then used by any new invocation of a Java program that is defined to use this OSGi service. Existing requests continue to use the old version until the request completes.
Libraries can use the extended addressing space (EAS) of an extended address volume (EAV) DASD volume
You can place CICS DFHRPL libraries, such as SDFHLOAD, and dynamic program LIBRARY concatenations, in the EAS of an EAV DASD volume. In previous releases, if the DFHLDSVC module tried to access dynamic program LIBRARY resources from the EAS, an IEC142I 113-44 message was issued and the request failed.
Avoiding the storm drain effect with CICS to IMS, IBM MQ, and VSAM RLS
CICS now informs the z/OS Workload Manager when requests fail because connections to IMS, IBM MQ, and VSAM RLS are
unavailable. This change extends the support for connections to DB2 in previous releases. The CICSPlex SM dynamic
routing program uses this information to avoid routing more work to a CICS region that is affected by the storm drain effect
.
More information provided by messages
Some new messages, and extensions to existing messages, help with problem diagnosis or automation. In addition to the messages listed here, many new messages are added to support the new features of this release. You can find the full list in Changes to messages and codes.
- Notification when a shared data table is full
- A CICS message is issued when an EXEC CICS WRITE command that is issued to a shared data table fails because the data table is full. Previously, this information was returned only on a NOSPACE condition on the WRITE command. Notification by a CICS message allows you to use automation packages to disable access to the data table.
- Identification of a web service that is in error
- To help with problem diagnosis in a situation where multiple web services are deployed in a requester pipeline, the CICS message DFHPI0997 now identifies the web service that is in error. In previous releases, you couldn't tell from the message which specific web service timed out, particularly when multiple services were defined in the requester pipeline.
- Notification when the CICS-MQ adapter is already active
- For consistency with the behavior of the CICS-DB2 attach, CICS now issues the message DFHMQ0245 when CICS attempts to connect and the CICS-MQ adapter is already active and connected to a queue manager.
HTTP TRACE is now inactive by default
HTTP TRACE is a debugging tool that you can use to diagnose certain types of connectivity problems. However, its support might lead to potential security vulnerabilities. In this release, HTTP TRACE requests are no longer supported by CICS. They receive an HTTP 501 (Not Implemented) response.
Change of defaults on STGPROT and TRTABSZ
A couple of changes improve the serviceability of CICS Transaction Server for z/OS, Version 5 Release 3 .
- Default setting for storage protection is YES
- The default setting of the system initialization parameter that controls storage protection,
STGPROT, is changed from NO to YES.
CICS uses storage protection facilities that are available in the operating system to prevent CICS code and control blocks from being overwritten accidentally by user application programs. The STGPROT parameter specifies whether your CICS region uses these facilities.
- Default size for internal trace table is increased
- The default setting of the system initialization parameter that controls the size of the CICS internal trace table, TRTABSZ, is increased from 4 MB to 12 MB.
Changes to CICS Explorer
CICS Explorer is included with CICS Transaction Server for z/OS, Version 5 Release 3 and is updated to support the new capabilities of this release.
CICS is aware when a protected DB2 thread is canceled
A DB2ENTRY can specify that a number of threads are not terminated immediately when they are not in use, but they are protected for a period of time. These threads can be reused by subsequent transactions. In previous releases, the DB2 request might fail for a CICS transaction that was attempting to reuse a protected DB2 thread. CICS is now aware if a DB2 thread that it is trying to reuse has been canceled in DB2, and ensures that a subsequent transaction can use that thread correctly.
Obsolete options
- PASSWORD on FILE resource
- The PASSWORD attribute on FILE resource definitions specified the 1- to 8-character password that was used to verify user access to the file. PASSWORD is obsolete because it is superseded by other RACF control mechanisms.
- ACTJVMTCBS and MAXJVMTCBS on INQUIRE and SET DISPATCHER
- ACTJVMTCBS and MAXJVMTCBS are obsolete. ACTJVMTCBS was used only on INQUIRE DISPATCHER to inquire on the number of J8 and J9 mode TCBs currently allocated to user tasks. MAXJVMTCBS was used on both INQUIRE and SET DISPATCHER to process the maximum number of J8 and J9 mode TCBs allowed in the JVM pool. The JVM pool no longer exists.
- BEAN, CORBASERVER, JVMPOOL, JVMPROFILE, and REQUESTMODEL on PERFORM STATISTICS
- BEAN, CORBASERVER, JVMPOOL, JVMPROFILE, and REQUESTMODEL options are obsolete. These options were used to request statistics for enterprise beans, CorbaServer entries, pooled JVMs and their profiles, and request models, which CICS no longer supports.
Automation for application deployment
The CICS build toolkit, the JCL utility called DFHDPLOY, and the ability to use UrbanCode® Deploy with CICS components all make it easier to automate builds and to deploy them to the right environments.
- CICS build toolkit for automated builds
-
The CICS build toolkit provides a command-line interface to automate the building of CICS projects created by using CICS Explorer. These include CICS bundles, CICS applications, CICS application bindings, and projects that are referenced by CICS bundles, such as OSGi applications, OSGi bundles, enterprise applications, and dynamic web projects.
You can automate the build of CICS applications by calling the CICS build toolkit from your build scripts. In a continuous integration environment, a build script can automatically run when developers make updates to their applications. This build script can check out the latest application version from source control along with its dependencies. The script then calls the CICS build toolkit to build the projects that form the application. Finally, the script copies the built projects to a suitable location, such as an artifact repository or a staging area on zFS.
You can automate the resolving of variables in CICS bundles by calling the CICS build toolkit from your deployment scripts. A script typically uses the built projects together with a properties file that defines values for variables in the target environment.
The CICS build toolkit is supported on z/OS, Linux®, and Microsoft Windows operating systems.
- Deploying through batch
-
DFHDPLOY is a batch utility to support the automated provisioning of CICS bundles and cloud-like CICS applications. The DFHDPLOY utility provides commands that can be scripted to connect to a CICSplex, deploy CICS bundles and applications, set their state after deployment, and to remove them when they are no longer required. These commands are:
- SET APPLICATION
- SET CICSPLEX
- SET BUNDLE
- DEPLOY APPLICATION
- UNDEPLOY APPLICATION
- DEPLOY BUNDLE
- UNDEPLOY BUNDLE
- Deploying through IBM UrbanCode Deploy
-
IBM UrbanCode Deploy orchestrates and automates the deployment of applications, middleware configurations, and database changes. CICS provides a plug-in for IBM UrbanCode Deploy. This plug-in allows IBM UrbanCode to install and discard resources, change the state - for example: enable or open - of resources, and perform actions such as new copy and phase-in of programs, and pipeline scans.
The CICS plug-in is available to download from the IBM UrbanCode website.
Changes to documentation
- Self-service PDFs
-
From IBM Knowledge Center, you can build your own collections of information. You can create a PDF of the collection, and download it for use offline. When IBM updates the information, any changes are reflected automatically in your collections.
This release provides collections of topics that match the manuals. These collections contain the same information as you find online in IBM Knowledge Center, but they have a structure that originated in previous versions of CICS. These PDFs are available here.
IBM Knowledge Center V2.0, released in June 2016, withdrew support for creating bespoke PDFs. As a consequence, the collections that are described earlier are withdrawn from the CICS documentation.
- Program Directories in IBM Knowledge Center
-
CICS Program Directories are now provided online in IBM Knowledge Center. This change is intended to make it easier for you to search them and use them with the other CICS information. Find the Program Directories here.
- New look for Upgrading
- Information about upgrading from earlier releases is now in one document. The document shows changes between versions, and the actions that you need to get what you have today working on the new release. Find the Upgrading documentation here.
- Parallel Sysplex® Application Migration information is moved into CICS documentation from z/OS
- The z/OS Parallel Sysplex Application Migration manual (SA22-7662) contained information that was relevant to CICS. This information, from Part 1: Introduction and Part 2: Migrating CICS Applications, is updated and merged into the CICS documentation.
New web services commands
Available with APAR PI54841. The EXEC CICS TRANSFORM command is extended to provide conversion between JSON data and a language structure.
The following commands are now available:
- TRANSFORM DATATOJSON to convert application data to JSON.
- TRANSFORM JSONTODATA to convert JSON to application data.
Decision Server Insights Event format
Available with APAR PI55134. The Decision Server Insights Event format is an XML representation of a CICS event that is recognized by the Decision Server Insights component of IBM Operational Decision Manager. This format can also be used by any consumer that can recognize the Decision Server Insights Event format.
Change in TCB allocation for Liberty threads
Available with APAR PI54263. To alleviate the potential impact of Liberty thread pooling on zIIP-eligibility of workloads, tasks that run as Liberty threads now invoke a TRUE on the T8 TCB that CICS provided to the Liberty ThreadPool. All other tasks continue to invoke it on the QR TCB.
Non-Java support for JSON web services
Available with APAR PI56897. CICS TS is extended to support processing of JSON messages in CICS regions without any Java configuration. Therefore, you do not need to configure and install a JVM server. Performance and throughput for many workloads is better than when a JVM server is used to process JSON messages.
To set up CICS as a non-Java JSON service provider, you must configure a provider pipeline that uses the CICS-supplied program DFHPIJT as the terminal handler. For detailed instructions, see Creating the CICS infrastructure for a non-Java JSON service provider.
Support for Kerberos mutual authentication through VERIFY TOKEN command
Available with APAR PI56774. New options OUTTOKEN and OUTTOKENLEN are added to VERIFY TOKEN to support Kerberos mutual authentication.
New user replaceable module for BMS
Available with APAR PI54386. The basic mapping support (BMS) now supports a new user replaceable module (URM), DFHBMSX (3270 datastream validation program).
This URM is called to enable 3270 data stream validation at CICS initialization. It is also called when a 3270 data stream validation error is detected when BMS RECEIVE MAP commands are issued.
New system initialization parameter XPTKT to control whether CICS performs a RACF check before generating a PassTicket
You can use the XPTKT system initialization parameter to instruct CICS to perform a RACF check before it generates a PassTicket. The default is NO. If you have applications that generate PassTickets by using the EXEC FEPI REQUEST PASSTICKET, EXEC CICS REQUEST PASSTICKET, or EXEC CICS REQUEST ENCRYPTPTKT commands, you must create RACF definitions to allow regions (and optionally userIDs or groups) to generate PassTickets.
CICS standard-mode Liberty: New support for Java EE 7 Full Platform
Available with APAR PI58375. Use the CICS embedded Liberty JVM server in standard mode to port and deploy Liberty applications from other platforms to CICS without changing your application. Standard mode is ideal for hosting applications that are written for and rely on the Java Enterprise Edition (Java EE) Full Platform, but do not require full integration with CICS. Applications running on CICS standard-mode Liberty can take advantage of Liberty services, management, and security, and benefit from the performance and capabilities of Java on z/OS, the z Systems® platform, and close proximity to data in DB2 and IBM MQ.
CICS programs can invoke a Java EE application
Available with APAR PI63005. A CICS program can now invoke a Java EE application that is running in a Liberty JVM server. You have the option to invoke a Java EE application as the initial program of a CICS transaction, or invoke it by using the LINK (EXCI) or the START command from any CICS program.
You can use this function if you want to write new function in Java as part of your CICS application, invoke Java code from part of an existing web application, or reimplement existing COBOL applications in Java.
System autoinstall of program definitions for Language Environment
Available with APAR PI60389. CICS now uses system autoinstall to install program definitions for Language Environment® as required, removing the need to maintain definitions in the CEE CSD group.
New option DEFAULT-FRACTION-DIGITS in DFHJS2LS for JSON schema to high-level language conversion
Available with APAR PI80580. The DFHJS2LS procedure supports a new option DEFAULT-FRACTION-DIGITS that you can use in JSON schema to high-level language conversions. Use this option to specify the default number of fraction digits to use on a JSON decimal schema type.
z/OS Provisioning Toolkit, a command-line utility to rapidly provision and deprovision CICS and other z/OS environments
IBM z/OS Provisioning Toolkit (z/OS PT) is a simple command-line utility that uses the IBM z/OS Management Facility (z/OSMF) REST API to rapidly provision and deprovision CICS and other z/OS development environments. System programmers can set up the environments, authorize access to individuals or teams, and set provisioning controls and limits. Then, using a command-line interface, application developers can quickly provision and deprovision environments, without needing mainframe administration skills or authority.
Support for IBM Health Checker for z/OS
Available with APAR PI76965. IBM Health Checker for z/OS provides a foundation to help simplify and automate the identification of potential configuration problems. CICS TS now supports three health checker rules that define best practice for CICS TS security. If a CICS region becomes non-compliant with these security best practices, a warning message is issued so that you can take corrective actions.
New system initialization parameter SNPRESET allows preset userid terminals to share a single ACEE
Available with APAR PI85452. The new system initialization parameter, SNPRESET, allows userid terminals that are associated with the same user ID to share a single access control environment element (ACEE). You can save storage by specifying SNPRESET=SHARED.
New MAPPING-OVERRIDES option for schema-to-PL/I conversion
Available with APAR PI57467. A new MAPPING-OVERRIDES option, HYPHENS-AS-UNDERSCORES, is available in the DFHWS2LS, DFHJS2LS, and DFHSC2LS assistants. You can use this option to convert any hyphens in the schema to underscores, rather than the character X. Using this option can improve the readability of the generated PL/I language structures.
New WIDE-COMP3 option for schema-to-COBOL or schema-to-PL/I conversion
Available with APAR PI47466. A new WIDE-COMP3 option, FULL, is available in the DFHWS2LS, DFHJS2LS, and DFHSC2LS assistants. You can use this option to generate packed decimal fields that are large enough to hold all valid values. The maximum size is 31 digits.
Support for mapping level 4.1 in the CICS assistants
Available with APAR PI67641. Mapping level 4.1 is added to the web services assistants, XML assistants, and JSON assistants. This mapping level implements improved mappings for simple arrays generated bottom-up from existing copybooks. It also adds the ability for CICS to auto-detect uninitialized trailing storage in arrays, and to omit those records from the generated XML/JSON form.
New system initialization parameter, KERBEROSUSER, specifies a user ID to be associated with the Kerberos service principal
You can use the new KERBEROSUSER system initialization parameter to specify a user ID other than the CICS region user ID, to be associated with the Kerberos service principal for the CICS region. This user ID must not be a protected user ID, because protected user IDs should not be used for Kerberos authentication and Kerberos authentication failures can result in user revocation.
Typically, the CICS region user ID is a protected user ID, so it is recommended to specify a non-protected user ID on KERBEROSUSER for the Kerberos service principal.
VSAM dynamic buffer addition disabled for CICS LSR pools
Available with APAR PI92486. From z/OS V2.2, VSAM provides a dynamic buffer addition capability that allows for the addition of extra buffers for an LSR pool if no buffer is available for a given VSAM request. For CICS, it is preferable to retry the request rather than allow uncontrolled expansion of an LSR pool, so dynamic buffer addition is not enabled for CICS LSR pools.
Enhanced support for IBM SDK, Java Technology Edition Version 8
Available with APAR PI87181, CICS is changed to report the full heap and garbage collection
statistics for IBM SDK, Java Technology Edition Version 8 Service Refresh 5 and above. CICS has also been changed to
disable the new heap structure by specifying
-XX:+HeapManagementMXBeanCompatibility. You can override this setting by using
-XX:-HeapManagementMXBeanCompatibility in the JVM profile.
APAR PI87695 is required by the Liberty JVM server to support IBM SDK, Java Technology Edition Version 8.
Management of Db2 threads used by CICS tasks subject to purge or forcepurge requests
Available with APAR PI98569. The SET TASK command has been enhanced such that CICS processing of task purge or forcepurge requests will attempt to cancel active Db2 threads used by CICS tasks that are being purged or forcepurged.
If CICS detects that the task being purged or forcepurged has a thread active in Db2, it will issue a Db2 cancel thread command to cancel the request in Db2 before initiating the purging of the CICS task. This enhancement ensures that the purge does not cause problems for Db2 and that the Db2 updates are safely backed out.
To cancel the Db2 thread in Db2 used by the task being purged or forcepurged, CICS uses a Db2 IFI command to issue the cancel thread command. This IFI request uses a command thread defined as part of the DB2CONN. The ID passed to Db2 needs to have the relevant authority to issue cancel thread requests; therefore, you should review the COMAUTHTYPE or COMAUTHID settings of the DB2CONN. Processing of the purge or forcepurge request will continue even if the cancel thread request is unsuccessful.
Enhanced replication logging for VSAM files
Available with APAR PI97207. A new system transaction, called CFCT, and its associated program, DFHFCLJ1, are supplied to provide tie-up records for VSAM files (including non-recoverable VSAM files) to a replication log at specified intervals. You enable this capability by setting the INITPARM system initialization parameter.
REXX for CICS internal tracing, online help, and product documentation improvements
Available with APARS OA56111, OA56806, and OA56807. Support for REXX for CICS internal tracing and a new online help utility are now provided. To use the help utility, you must load the relevant data sets, as described in Creating the help files. The REXX for CICS Transaction Server product documentation is provided in this Knowledge Centre, and in the online help.
New replication log record
Available with APAR PH09381. Replication logging in support of GDPS Continuous Availability is enhanced to log a REDO record when an application issues an UNLOCK command following a read-update command, or a series of write-massinsert commands. It allows replication products to cater more efficiently for non-RLS applications, which, in the absence of browse for update support, issue read-update requests against all records in a file, but update very few and unlock most records.
Build support for other toolchains
Available through continuous delivery. Build toolchains such as Maven and Gradle are extremely popular for developing, building, and testing applications. To provide an enhanced experience for Java developers who are using such tools, CICS now offers JCICS and related artifacts through Maven Central.
With this enhancement, you can manage Java dependencies more easily, develop the applications in an integrated development environment (IDE) of your choice, and integrate the application build smoothly with popular automation tools such as Jenkins and Travis CI.
Improvement to CICS exception handling when a JVM server encounters a TCB failure
Available with APAR PH12280. CICS exception handling when a JVM server encounters a TCB failure has been changed to the following process to ensure that the JVM server is recycled.
- CICS disables the JVMSERVER resource with the PHASEOUT option to allow existing work in the JVM to complete where possible and prevent new work from using the JVM.
- If the PHASEOUT operation fails to disable the JVMSERVER within the interval specified by the PURGE_ESCALATION_TIMEOUT JVM server option, CICS escalates to the next disable action PURGE until the JVMSERVER is disabled.
- If the PURGE operation fails to disable the JVMSERVER within the interval, CICS escalates to the next disable action FORCEPURGE.
- If the FORCEPURGE operation fails to disable the JVMSERVER within the interval, CICS escalates to KILL.
- After the JVMSERVER is successfully disabled, message DFHSJ1008 is issued.
- CICS attempts to re-enable the resource to create a new JVM.
You can control the interval between the disable actions that CICS performs by setting the PURGE_ESCALATION_TIMEOUT JVM server option.
Support for Spring Boot applications packaged as WAR files
The CICS Liberty JVM server supports Spring Boot applications using the Spring application programming model. Spring was originally designed to simplify Java Enterprise Edition (EE), using plain old Java objects (POJOs) and dependency injection. It has since grown to extend and encompass many aspects of Java EE development.
Spring Boot builds on Spring by adding components to avoid complex configuration, reduce development time, and offer a simpler startup experience. Spring Boot applications can run on CICS without modification. It also is possible to configure Spring Boot applications for integration with CICS transactions and security, and to call the CICS API using JCICS when built as a web application archive (WAR). A Spring Boot application can be deployed and managed using CICS bundles in the same way as can other CICS Liberty applications.
The LINK capability is available in CICS TS V5.5 for Spring Boot applications packaged as WAR or JAR files. It is not available in CICS TS v5.4 or v5.3
Messages reporting changes to APPC and IRC log names
Available with APAR PH03691.
- DFHRM0240 reports the local log name that is set during CICS initialization and sent to a remote system when CICS establishes an APPC or IRC connection.
- DFHRM0241 reports a log name that has been set for an APPC or IRC connection.
- DFHRM0242 reports a log name that has been deleted for an APPC or IRC connection.