What's new in IBM Cloud Provisioning and Management for z/OS?

z/OS V2R5 updates

With IBM Cloud Provisioning and Management, you can provision a new z/OS system. Cloud Provisioning and Management includes a set of templates that you can use to provision and deprovision z/OS systems. By selecting a z/OS provisioning template from the Cloud Provisioning software services catalog, you can provision a new instance of z/OS in a monoplex configuration in less than one hour.

The Cloud Provisioning tasks are enhanced in the following ways:
  • You can provision an instance of the z/OS operating system. The steps for doing so are similar to the steps you would follow for provisioning other types of software instances. A key difference is that the z/OS Provisioning software service template must be associated with a new type of dedicated resource pool that is called an LPAR resource pool.

    Provisioning a z/OS instance requires some customization of the z/OS provisioning template properties file to use values that are suitable for your environment.

    See Provisioning a z/OS software instance.

    The Resource Management task now includes actions for creating, viewing, and modifying an LPAR resource pool.

June 2022 enhancements

The z/OS Provisioning tasks are enhanced in the following ways:

  • You can provision a z/OS instance with a new RACF database with the base RACF definitions that are required for IPL and z/OSMF. Creating the new RACF database adds about 5 minutes to the provisioning time.
  • You can configure Network job entry (NJE) with Transmission Control Protocol/Internet Protocol (TCP/IP) support to allow transmitting commands, messages, and jobs between the provisioned target LPAR and NJE configured nodes. The LPAR information that is used for the NJE definitions is retrieved from the properties file and from the LPAR pool. JES2 initialization is updated to configure NJE with TCP/IP support.
  • Storage Management Subsystem (SMS) support now provides a basic configuration for the target LPAR. SMS changes the storage management approach from user-managed volumes to SMS-managed data sets in SMS-managed storage groups. The configuration defines the SMS automatic class selection (ACS) routines, which automatically assign the SMS classes and storage groups to data sets. It also provides the required storage classes and groups for configuration. You can allocate the source and active control data sets on the different volumes, and an alternative volume to allocate these data sets is provided.
  • You can provision z/OS with z/OS Integrated Cryptographic Service Facility (ICSF) support. Basic configuration includes PARMLIB and PROCLIB setup and empty CKDS and PKDS data sets. More actions are required to prime the data sets.
  • IBM Health Checker is enabled on the provisioned z/OS instance to help detect issues with configuration. You can use the checked information to correct and optimize all issues that Health Checker compares the system environment to established settings to uncover potential problems.
  • You can provision z/OS with Policy Agent support. Configuring Policy Agent allows Secure Telnet and Secure FTP to be enabled on the provisioned system to provide secure access through either Secure FTP or TN3270 with TLS enabled.

The Cloud Provisioning and Management tasks are enhanced in the following ways:

  • LPAR pools can now be created and maintained in both domain and tenant-shared resource pools, and LPAR pool entries can be obtained and released from a shared resource pool.
  • You can archive history entries for domains, tenants, resource pools, and templates by offloading them to an external file in a user-specified directory. If the archive directory path is specified, entries are removed from the history based on the maximum number of history entries and then archived. If no archive directory path is specified, then history entries are removed but not archived.
  • The Software Services task is updated to support properly defined RACF group IDs as a RunAs step approver, as opposed to providing a list of individual users in a provisioning workflow definition.
  • Administrators can view which tenants are associated with a particular template in the Resource Management and Software Services tasks. Administrators can also see the template that the resource pool is associated to and easily retrieve the information of either resource.
  • The Software Services task also displays the version of the Software Services template that an instance was provisioned from. The template version property can be set and obtained from the instances API.
  • The Resource Management task provides a list of provisioned instances that are using resources from a specific resource pool. This applies to dedicated and shared resource pools.
  • You can begin provisioning with the new default shared resource pool in the default domain. The default pool is created upon the initialization of Cloud Provisioning and Management. This further expedites the setup process as you do not have to create a shared or dedicated pool to get started with provisioning.

March 2021 enhancements

The Cloud Provisioning tasks are enhanced in the following ways:
  • History logging for a domain can be enabled or disabled, as needed. To do so, the domain administrator uses the option Enable history logging in the Resource Management task. History logging is enabled by default.

    A new option Maximum number of history entries allows the domain administrator to manage the size of the history log in the range of 10 - 200 entries. By default, the history log is limited to 50 entries.

z/OS V2R4 updates (12/17/2020)

The Cloud Provisioning tasks are enhanced in the following ways:
  • A resource pool defines the scope of shared z/OS® resources within a cloud domain that has multiple tenants. In this release, the concept of a shared resource pool is expanded to include sharing resources across an entire domain. Here, the resource pool is referred to as a domain-shared resource pool. Previously, you were limited to sharing a resource pool within a single tenant. By allowing multiple tenants within a domain to share a resource pool, you simplify the management of resources in a cloud provisioning environment. Administrators need only to create a domain shared resource pool once; thereafter resources from this pool are shared across multiple tenants when you provision middleware templates. In contrast, if resource isolation across tenants and templates is needed for your z/OS environments, it is recommended that you define a tenant-specific shared resource pool or a dedicated resource pool.

    The Resource Management task is updated with new functions to create, view, and modify domain-shared resource pools. The Software Services task is updated to allow a domain-shared resource pool to be associated with a template. The names of shared resource pools end with two wildcard qualifiers (*.*).

    When you define a domain-shared resource pool, you also select the templates to be associated with the resource pool. A template can be associated with a domain-shared resource pool for one or more tenants within the domain. However, within a tenant, a template can be associated with only one of the following types of resource pools:
    • Dedicated resource pool
    • Tenant shared resource pool
    • Domain-shared resource pool
  • The default domain now supports manual security mode for creating templates and tenants. This option is intended for provisioning environments that cannot use automatic security mode. Previously, the default domain was required to run in automatic security mode. Now, when the default domain is created at z/OSMF startup time, it is placed in manual security mode if no security administrator is specified on the CLOUD_SEC_ADMIN statement in the IZUPRMxx parmlib member.
  • If you have incorrectly configured the security mode for Cloud Provisioning and Management, it is now possible to change it. Doing so requires only that you edit the CLOUD_SEC_ADMIN statement in the IZUPRMxx parmlib member and restart the z/OSMF server. You can switch a domain from automatic security to manual security, and vice versa. Your changes to the CL OUD_SEC_ADMIN statement affect the security mode of all existing domains. The suggested practice is that you run Cloud Provisioning and Management in automatic security mode.

    Previously, when a domain's security mode was set, it could not be changed without deleting the domain and starting over. With this support, the security mode of any existing domain—even the default domain—can be switched quickly.

  • It is possible to set a maximum time limit for a provisioned instance, such as 7 days, 30 days, or unlimited. This time limit can be set by the domain administrator for the associated resource pool. When a provisioned instance exceeds its time limit, it is marked as expired, and the instance remains in provisioned state. The Instances tab of the Software Services task shows when an instance is expired in the "State" column as "Provisioned - Expired". When an instance for which a time limit is set nears its time limit, z/OSMF notifies the consumer, who can then deprovision the instance. By default, no time limit is set; a provisioning instance is retained until it is deleted explicitly by the domain administrator.
  • The domain administrator can modify a published template. With this support, the domain administrator can change following attributes of a published template without the need to create a new version of the template:
    • Description of the template
    • Workflow and job disposition
    • Disposition of deprovisioned instance.
  • When creating a template, the domain administrator can now specify new options to do the following:
    • Delete instances automatically when they are deprovisioned. Previously, it was always necessary to delete a deprovisioned instance manually.
    • Archive provisioning workflows automatically when they complete. This selection is made through the workflows disposition setting. Previously, the domain administrator was limited to selecting to either keep or delete a workflow. Archive is the new default value for the workflows disposition setting.
  • It is possible to modify the software services instance name prefix. The domain administrator can specify a different general name prefix, or switch to using the SNA application ID as the prefix. After the prefix is in use by existing instances, it cannot be modified.
  • In the Software Services task, it is now possible to provide an optional description for the provisioning actions that you define.
  • The domain administrator is automatically notified when a template is approved or rejected.
  • History logging is added to the Resource Management task and Software Services task. This support enables the domain administrator to retrieve a history of actions that were performed on various objects, such as a template, domain, tenant, or resource pool.
  • The actions editor is enhanced to work with variables of all types. Previously, the editor was limited to working with string variables only.
The Workflow Editor task includes the following enhancements:
  • It is now possible to delete multiple steps at once in the Workflow Editor shared step library. Previously, you were limited to deleting one step at a time.
  • You can open the Workflows task directly from the Workflows Editor by using the new Test option. This option opens the Workflows task and initializes its input fields with values for your workflow files. It provides a way to quickly create a workflow instance with your workflow definition.
  • A path selector option is added to some input fields to assist you with locating workflow files and templates on your system. In the path selector window, enter a pattern that is a partial or complete name of a data set, member, or a UNIX file path.

z/OS V2R4 updates (12/19/2019)

The Cloud Provisioning tasks are enhanced in the following ways:
  • You can define a multiple sysplex domain, which allows you to provision middleware across sysplexes in your enterprise. In this configuration, creating and modifying objects is done from a primary z/OSMF system, from which you can provision templates on other, secondary z/OSMF systems. This enhancement allows your cloud provisioning environment to scale beyond the scope of a single sysplex. To use this capability, you must configure a primary z/OSMF system for communicating with secondary z/OSMF systems. You can perform this setup by using the z/OSMF Systems task to define the z/OSMF systems, then enable them for single sign-on.
  • You can create storage resource pools and assign them to specific tenants and templates. When you add or modify a template and resource pool for tenants, you have the option to create a storage resource pool by using the Resource Pools tab. If so, you can use the data set attributes table to add, modify, or remove data set attributes that are associated with your storage resources.

    To use this capability, the provisioning templates must be updated to dynamically obtain data set attributes by using the Resource Management services REST API. Previously, it was not possible to isolate storage resources to particular tenants or templates, which might lead to contention for storage resources.

  • You can specify SAF groups for the various administrator roles when you create, modify, or view domains. You can also specify a SAF group for template approvers when you create or modify a template. Previously, it was necessary to specify individual user IDs for these roles. You might find that using groups to represent users can help to simplify the management of Cloud Provisioning resources.
The Workflow Editor task includes the following enhancements:
  • A raw text option is added to the Workflow Editor. If you select this option, the Workflow Editor opens the workflow definition in a simple text editor. The text editor provides editing access to the specified file, but without the usual tabbed interface and multi-paned layout of the Workflow Editor. Consider using the text editor when you need to quickly correct a syntax error that prevents the file from opening in the Workflow Editor UI.
  • An Expand option is added to the Instructions tab on the Step Details page and the Template contents field for template steps. Use this option to expand the input area to full screen width for a larger text entry area.
  • It is possible to create an input properties file in the Workflow Editor during an editing session. Previously, you had to supply an existing input properties file at the beginning of an editing session.
  • As a convenience, the Edit Workflow Definition dialog now saves the location of the files that you edit. On subsequent uses, you can select the file location from the pull-down menu, rather than having to enter the full path and file name manually, as was done previously.
For more information see https://community.ibm.com/community/user/ibmz-and-linuxone/blogs/hiren-shah1/2019/12/20/whats-new-in-zosmf-cloud-provisioning-mgmt-122019.

z/OS V2R2 and z/OS V2R3 updates (01/04/2019)

The following enhancements are available with PTFs UI60075, UI60040 (z/OS V2R3) and PTFs UI60077, UI60042 (z/OS V2R2)
  • Memory Capping : You can now set a cap for the memory that is consumed by software services instances that are provisioned in a tenant. You can also view a tenant's memory consumption.
  • Software Cluster Provisioning: New clustered composite templates allow you to leverage sysplex capabilities to provision a continuously available middleware environment. With a single provisioning action, you can provision network-clustered instances of a specific middleware in a sysplex.
  • Dataset Support: The files for a template, such as the workflow and actions definition files, can now be in sequential or partitioned data sets. Previously, they were required to be in z/OS UNIX files. Workflow editor is also enhanced to edit/view workflow file in sequential or partitioned dataset.
  • Serviceability Enhancements: Diagnostic information for provisioning an instance is enhanced. When you view an instance, you see new information for instances that are being provisioned or that failed provisioning, including the template owner, the number of steps and current step of the provisioning workflow, and the workflow message text. You can also display additional information by hovering the mouse pointer over the state of an instance on the Instances table.
  • Usability improvements: The Resource Management task has been reorganized for better usability. Properties of a domain, including the associated tenants and resource pools, are now displayed on tabs.
  • Workflow Enhancements: REST steps in z/OSMF workflow can now specify the HTTPS protocol for secure connections. z/OSMF workflow is also enhanced to support a new "array" type of variable that you can define for your workflow. Consider using an array variable when you need to map a list of values.
  • Workflow Editor Enhancements: The Workflow Editor now includes a "toolbox" of IBM-supplied steps, which are designed for performing common tasks on z/OS, such as creating a data set or submitting a REST request.
For more information see https://community.ibm.com/community/user/ibmz-and-linuxone/blogs/hiren-shah1/2019/11/24/whats-new-in-ibm-cloud-provisioning-mgmt-010419.

z/OS V2R2 and z/OS V2R3 updates (06/06/2018)

The following enhancements are available with PTFs UI55996, UI55973 (z/OS V2R3) and PTFs UI56001, UI55978 (z/OS V2R2)
  • Simplified security setup: Middleware system programmers such as CICS administrators and Db2 administrators can now create and test software service templates independently -- there is no need for z/OS system programmers or security administrators to perform additional setup.
  • Swagger support: Cloud architects can easily consume cloud provisioning REST APIs which are now documented to the Swagger specification (now OpenAPI Specification).
  • Sharing of provisioned instances: Middleware instances provisioned by a user in a specific tenant group can be shared with other users in the same tenant group. These users can view and perform actions against the shared instances.
  • Workflow Editor enhancements: Workflow authors can now reference JCL, shell scripts or REXX execs in data sets when authoring workflows using Workflow Editor.
  • Comprehensive content collection (c3): A new collection in Documentation provides all the information about IBM Cloud Provisioning and Management for z/OS in one place.
For more information see https://community.ibm.com/community/user/ibmz-and-linuxone/blogs/hiren-shah1/2019/11/22/whats-new-in-ibm-cloud-provisioning-mgmt-060118.

z/OS V2R2 and z/OS V2R3 updates (1/25/2018)

  • A cloud service provider will now be able to meter the CPU utilization by a specific tenant to allow proper charge-back. Also, CPU utilization can now be capped, to prevent the possibility of runaway costs for a tenant.
  • Using the z/OSMF graphical user interface, a service provider will be able to define a composite template of different middleware types with appropriate connectivity across these components. Using the composite template, a consumer will be able to provision a complex environment that consists of multiple middleware services in a matter of minutes.
  • Dynamically provisioned middleware instances can be relocated on other systems in the case of an orderly shutdown of the system where they are currently running.
  • Administrator can define a single "shared" resource pool for a tenant which can be used during provisioning of multiple templates. This enhancement greatly simplifies administrator task to set up templates for a tenant.
  • Enhancements in workflow editor that enables building workflow efficiently.
For more information see https://community.ibm.com/community/user/ibmz-and-linuxone/blogs/hiren-shah1/2019/11/21/whats-new-in-ibm-cloud-provisioning-management-for.