z/OS Version 1 Release 9

With z/OS V1.9, IBM delivers functionality that continues to solidify System z leadership as the premier data server. z/OS V1.9 offers enhancements in areas of security, networking, scalability, availability, application development, integration, virtualization, and improved economics with more exploitation for specialty engines. But why do System z and z/OS persist as such a phenomenal data serving platform? The platform's classic strengths come to mind, but at the root of these classic capabilities - a foundational element of the platform - is z/OS tight interaction with the System z hardware and its high level of system integrity.

Commitment to system integrity

First issued in 1973, IBM's MVS System Integrity Statement and subsequent statements for OS/390 and z/OS stand as a symbol of IBM's confidence and commitment to the z/OS operating system. Today, IBM reaffirms its commitment to z/OS system integrity.

IBM's commitment includes designs and development practices intended to prevent unauthorized application programs, subsystems, and users from bypassing z/OS security--that is, to prevent them from gaining access, circumventing, disabling, altering, or obtaining control of key z/OS system processes and resources unless allowed by the installation. Specifically, z/OS "System Integrity" is defined as the inability of any program not authorized by a mechanism under the installation's control to circumvent or disable store or fetch protection, access a resource protected by the z/OS Security Server (RACF), or obtain control in an authorized state; that is, in supervisor state, with a protection key less than eight (8), or Authorized Program Facility (APF) authorized. In the event that an IBM System Integrity problem is reported, IBM will always take action to resolve it.

IBM's long-term commitment to System Integrity is unique in the industry, and forms the basis of z/OS's industry leadership in system security. z/OS is designed to help you protect your system, data, transactions, and applications from accidental or malicious modification. This is one of the many reasons System z remains the industry's premier data server for mission-critical workloads.

Securing the system, securing the network

Building on the solid foundation of z/OS System Integrity, IBM has added more security capabilities to z/OS V1.9 to help you protect your data. z/OS V1.9 has enhanced PKI Services and RACF to help improve the creation, authentication, renewal, and management of digital certificates for user and device authentication. In addition, the z/OS Integrated Cryptographic Service Facility (ICSF) is planned to be enhanced to include the PKCS#11 standard. ICSF is part of the base of z/OS mainframe encryption, which enables you to encrypt and decrypt data, generate and manage cryptographic keys, and perform other cryptographic functions dealing with data integrity and digital signatures. By adopting the PKCS#11 standard the strength of mainframe encryption and secure centralized key management can be brought to and used by Web-based application and networking environments more easily.

z/OS V1.9 adds additional security enhancements, such as: additional exploiters for Application Transparent-TLS (AT-TLS), enhancements to PKI Services and RACF digital certificates, Network Authentication Support for AES, and enhanced System SSL support.

Sophisticated yet simplified systems management and operations

In addition to supporting network security capabilities such as AT-TLS and IPSec, z/OS has additional enhancements which can help simplify overall network and network security management. The z/OS Communications Server uses a Policy Agent to centrally collect and distribute network settings you define in a simplified, centralized, manageable, and auditable manner. With this ability to provide centralized policy services for network Intrusion Detection Services (IDS), Quality of Service (QoS), IPSec (IP Security), and Application Transparent - Transport Layer Security (AT-TLS), and now with Network Security Services (NSS) and TCP/IP Policy-Based Routing (PBR), you in effect have the ability to customize your network to suit the needs of your applications and data more easily.

In addition to its commitment to secure and reliable data serving, z/OS V1.9 also continues to deliver on IBM's commitment to simplify z/OS systems management. This release offers improvements in problem diagnosis and problem determination; network and security management; and overall z/OS, I/O configuration, sysplex, and storage operations. These improvements are intended to help simplify systems management, improve application programmer, system programmer, and operator productivity, and to make functions easier to understand and use:

IBM Health Checker for z/OS

Simplifies diagnosis and problem avoidance and now supports checks written in the new System REXX facility.

Migration Checker for z/OS (a downloadable tool)

Simplifies migration to z/OS V1.8 and V1.9.

Hardware Configuration Manager (HCM) (a z/OS priced feature)

Simplifies I/O configuration and with z/OS V1.9 supports more reporting options.

z/OS Workload Manager

Now supports services for identifying "troubled" applications (z/OS V1.8), managing zIIP and zAAP workloads, cancelled jobs, and discretionary work (z/OS V1.9).

Configuration Assistant for z/OS Communication Server (a downloadable tool)

Simplifies network and security management.

Classic strengths

Of course, z/OS V1.9 continues to enhance its classic data serving strengths. Scalability is improved with new 54-way single image support, new SMF System Logger support, message flooding automation, as well as several sysplex and Language Environment performance enhancements. Availability is improved with Parallel Sysplex, Coupling Facility, and Unix System Services updates. Support for a new, robust IBM Tivoli Directory Server for z/OS offers a more scalable, available, better performing LDAP for z/OS. Support for the new Integrated Removable Media Manager for the Enterprise means you can use a single DFSMSrmm inventory to centrally manage, administer, and report on the vaulting, retention, and retirement for both z/OS and for distributed removable media. Application development is improved with the availability of a new System REXX facility, METAL C option, as well as enhanced UNIX commands, Language Environment, Binder, and ISPF improvements.

Improved economics

New workloads

IBM has provided a new pricing metric for z/OS, System z New Application License Charges (zNALC). zNALC offers a reduced price for the z/OS operating system on LPARs where you are running a qualified 'new workload' application such as Java language business applications running under WebSphere Application Server, Domino, SAP, PeopleSoft, and Siebel. If you do not have one of the qualified applications (or database in support of a qualified application) listed above, then you can submit it to IBM for qualification. zNALC replaces New Application License Charges (NALC) and z/OS.e**, and is IBM's strategic z/OS offering for new workloads.

IPSEC

IPSec on z/OS not only helps secure network traffic end-to-end, but can act as the foundation for a Virtual Private Network (VPN) too. To make IPSec solutions on z/OS more attractive, the z/OS Communications Server has been enhanced to allow IPSec processing to take advantage of IBM System z9 Integrated Information Processors (zIIPs). This is designed to allow you to take advantage of IPSec network security to protect your valuable business transactions and bulk data movement using your z/OS host, but with the cost saving benefits of zIIP.

XML

For those investigating expanding the System z data serving role with XML data, z/OS V1.9 now enables part of DB2 V9 XML parsing workloads to be made eligible for zAAP processors. With z/OS V1.9, z/OS XML System Services is enabled to exploit the zAAP specialty processor. Specifically, all z/OS XML System Services parsing performed in TCB mode is eligible to be run on the zAAP processor. The immediate exploiter and benefactor of this enhancement is DB2 for z/OS V9. This means that locally attached applications (ISV or homegrown) can store XML data in DB2 with the TCO benefit of the zAAP processor without any anticipated changes to the application. XML parsing from individual XML document inserts, XML updates requested from local thread or stored procedures, and bulk table loads are eligible for the zAAP. The function is available with z/OS V1.9 and will be rolled back to z/OS V1.7 and z/OS V1.8 with PTFs.

Requires IBM System z servers

z/OS V1.9 requires z/Architecture and only runs on IBM System z9 and eServer zSeries (z890, z990, z800, z900) servers.

Migration

z/OS V1.9 is an important release for all z/OS V1.7 customers because it is the last z/OS release that you can migrate to in a single step. End of service for z/OS 1.7 is planned for September 2008. The updated Migration Checker for z/OS can help simplify your migration to z/OS V1.9.

* All statements regarding IBM future direction and intent are subject to change or withdrawal without notice, and represents goals and objectives only.

** z/OS.e V1.8 (5655-G52) is the last release of z/OS.e; there is no z/OS.e V1.9. z/OS.e V1.8 will remain orderable until October 2007. IBM intends to withdraw service for z/OS.e V1.8 in September 2009.