Front coverTivoli and WebSphere              SphereApplication Server for         onz/OSComprehensive management ofWebSphe...
International Technical Support OrganizationTivoli and WebSphere Application Server for z/OSJanuary 2004                  ...
Note: Before using this information and the product it supports, read the information in “Notices” on page xvii.First Edit...
Contents                 Figures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ....
3.3.2 NETCONV connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47                3.4 Confi...
4.6.1 The Big Board report. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135    4.6.2 Big Board t...
6.3 Using IBM Tivoli Access Manager with RACF . . . . . . . . . . . . . . . . . . . . 259                   6.3.1 WebSEAL ...
Other publications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 344Online res...
viii   Tivoli and WebSphere Application Server for z/OS
Figures                 1-1     IBM automation blueprint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ....
3-15   Tivoli desktop: opening Task Library . . . . . . . . . . . . . . . . . . . . . . . . . . . 59               3-16   ...
4-14   Configure QoS listener. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1154-15   Configure...
5-8    Adding a sample WebSphere policy . . . . . . . . . . . . . . . . . . . . . . . . . . 165                5-9    Ente...
5-51   Linking TIODMN to TIO_CLASS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1965-52   Defining TIOIR . . ...
6-9    IBM Tivoli Access Manager run-time configuration . . . . . . . . . . . . . . . 254               6-10   IBM Tivoli ...
Tables                 4-1     IBM Tivoli Monitoring for Transaction Performance . . . . . . . . . . . . . . . . 96       ...
xvi   Tivoli and WebSphere Application Server for z/OS
NoticesThis information was developed for products and services offered in the U.S.A.IBM may not offer the products, servi...
TrademarksThe following terms are trademarks of the International Business Machines Corporation in the United States,other...
Preface                 IBM® WebSphere® Application Server has grown to be a successful application                 server...
Budi Darmawan is a Project Leader at the International Technical               Support Organization, Austin Center. He wri...
Become a published author        Join us for a two- to six-week residency program! Help write an IBM Redbook        dealin...
xxii   Tivoli and WebSphere Application Server for z/OS
1    Chapter 1.   Introduction                 This chapter introduces the redbook and provides an overview of our        ...
1.1 Managing WebSphere Application Server for z/OS               As enterprises move to Web-enable most applications they ...
Business Service Management                          Policy Based Orchestration       Availability       Assurance        ...
Optimization provides tools to make the most of the resources you have – so                   that they are running at pea...
IBM Tivoli Monitoring for Transaction Performance Version 5.2, which allows                            multiple agents to ...
Additional products that we use are:                   On z/OS:                   – z/OS Version 1.4                   – I...
implementation using the IBM Tivoli Access Manager for e-business withauthorization to IBM Security Server for z/OS (forme...
8   Tivoli and WebSphere Application Server for z/OS
2    Chapter 2.   Our WebSphere Application                 Server for z/OS environment                 This chapter discu...
2.1 WebSphere Application Server for z/OS environment               Our operating environment consists of two z/OS logical...
transport handler based on the CloneID the WebSphere for z/OS Web containerassigned to the original request. If one J2EE s...
This application requires the CICS Transaction Gateway in local mode to                     communicate with the CICS Tran...
should be placed after the WebSphere directives. If placed before, theWebSphere directive may not be taken into account.On...
</UriGroup>                     <Route ServerGroup="PolicyIVP_Servers" UriGroup="PolicyIVP_UriGroup"                      ...
2.3 WebSphere Application Server for z/OS and DB2           In order to observe the behavior of WebSphere Application Serv...
Tip: If you want to use the HTTP transport handler included in Service Level                W401500, do not forget to add ...
Application-Environment Notes Options Help  --------------------------------------------------------------------------    ...
Example 2-3 Sample RACF security setup               RDEFINE SERVER CB.*.TIOTRAD UACC(NONE)               PERMIT CB.*.TIOT...
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Tivoli and web sphere application server on z os sg247062
Upcoming SlideShare
Loading in...5
×

Tivoli and web sphere application server on z os sg247062

7,274

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
7,274
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
11
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "Tivoli and web sphere application server on z os sg247062"

  1. 1. Front coverTivoli and WebSphere SphereApplication Server for onz/OSComprehensive management ofWebSphere Application ServerFrom performance andavailability to securityExtensive examples andscenarios Budi Darmawan Foulques de Valence Daniela Chersoniibm.com/redbooks
  2. 2. International Technical Support OrganizationTivoli and WebSphere Application Server for z/OSJanuary 2004 SG24-7062-00
  3. 3. Note: Before using this information and the product it supports, read the information in “Notices” on page xvii.First Edition (January 2004)This edition applies to IBM WebSphere Application Server for z/OS Version 4.0.1, IBM TivoliMonitoring for Web Infrastructure Version 5.1.1, IBM Tivoli Monitoring for TransactionPerformance Version 5.2, IBM System Automation for z/OS Version 2.2and IBM Tivoli AccessManager for e-business Version 4.1.© Copyright International Business Machines Corporation 2004. All rights reserved.Note to U.S. Government Users Restricted Rights -- Use, duplication or disclosure restricted by GSA ADPSchedule Contract with IBM Corp.
  4. 4. Contents Figures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xv Notices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvii Trademarks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xviii Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xix The team that wrote this redbook. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xix Become a published author . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxi Comments welcome. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxi Chapter 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 1.1 Managing WebSphere Application Server for z/OS . . . . . . . . . . . . . . . . . . 2 1.2 IBM automation blueprint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 1.3 Our operating environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 1.4 Document organization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 Chapter 2. Our WebSphere Application Server for z/OS environment. . . . 9 2.1 WebSphere Application Server for z/OS environment . . . . . . . . . . . . . . . 10 2.2 IBM HTTP server and WebSphere z/OS HTTP plug-in . . . . . . . . . . . . . . 12 2.3 WebSphere Application Server for z/OS and DB2 . . . . . . . . . . . . . . . . . . 15 2.3.1 Creating a new J2EE server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 2.3.2 Installing the Trade2 application . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 2.4 WebSphere Application Server for z/OS and CICS . . . . . . . . . . . . . . . . . 22 2.4.1 Installing the Trader application within CICS . . . . . . . . . . . . . . . . . . 23 2.4.2 Enabling CICS connector support for WebSphere for z/OS . . . . . . . 25 2.4.3 Deploying the Trader presentation logic to WebSphere z/OS . . . . . 29 2.5 WebSphere Studio Workload Simulator for z/OS . . . . . . . . . . . . . . . . . . . 33 Chapter 3. IBM Tivoli Monitoring for Web Infrastructure: the inside-out viewpoint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41 3.1 What IBM Tivoli Monitoring for Web Infrastructure is . . . . . . . . . . . . . . . . 42 3.1.1 Availability management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43 3.1.2 Performance management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43 3.1.3 Operations management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43 3.2 How ITM for Web Infrastructure works . . . . . . . . . . . . . . . . . . . . . . . . . . . 43 3.3 Configuration of IBM Tivoli NetView for z/OS . . . . . . . . . . . . . . . . . . . . . . 46 3.3.1 Configuring the NetView UNIX System Services server . . . . . . . . . . 46© Copyright IBM Corp. 2004. All rights reserved. iii
  5. 5. 3.3.2 NETCONV connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47 3.4 Configuration of WebSphere for z/OS. . . . . . . . . . . . . . . . . . . . . . . . . . . . 48 3.5 Configuration of ITM for Web Infrastructure . . . . . . . . . . . . . . . . . . . . . . . 52 3.5.1 Defining the administration server. . . . . . . . . . . . . . . . . . . . . . . . . . . 52 3.5.2 Defining application servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55 3.5.3 Enabling metrics for application servers . . . . . . . . . . . . . . . . . . . . . . 58 3.5.4 Configuring the Data Collector . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63 3.5.5 Defining profiles to monitor application servers . . . . . . . . . . . . . . . . 64 3.5.6 Configuring the Web Health Console . . . . . . . . . . . . . . . . . . . . . . . . 70 3.6 Usage examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72 3.6.1 IBM Tivoli desktop. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72 3.6.2 IBM Tivoli Monitoring Web Health Console. . . . . . . . . . . . . . . . . . . . 74 3.6.3 Application Server Status resource model . . . . . . . . . . . . . . . . . . . . 76 3.6.4 EJBs resource model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78 3.6.5 HTTP Sessions resource model . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82 3.6.6 DB Pools resource model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83 3.6.7 JVM resource model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83 3.6.8 Thread Pools resource model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86 3.6.9 Transactions resource model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87 3.6.10 Web Applications resource model. . . . . . . . . . . . . . . . . . . . . . . . . . 89 Chapter 4. ITM for Transaction Performance: the outside-in view . . . . . . 95 4.1 IBM Tivoli Monitoring for Transaction Performance . . . . . . . . . . . . . . . . . 96 4.2 How IBM Tivoli Monitoring for Transaction Performance works . . . . . . . . 97 4.2.1 Discovery component . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97 4.2.2 Listening component . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97 4.2.3 Playback component. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100 4.3 Schedules and agent groups configuration . . . . . . . . . . . . . . . . . . . . . . . 103 4.3.1 Configuring schedules. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104 4.3.2 Creating management agents. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106 4.3.3 Configuring agent groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109 4.4 Configuration of QoS listening policies . . . . . . . . . . . . . . . . . . . . . . . . . . 110 4.4.1 Configuring management agents . . . . . . . . . . . . . . . . . . . . . . . . . . 112 4.4.2 Configuring the QoS listener . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114 4.4.3 Configuring QoS thresholds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117 4.4.4 Choosing a QoS schedule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119 4.4.5 Choosing a QoS agent group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120 4.4.6 Assigning a name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121 4.5 Configuration of STI playback policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123 4.5.1 Configuring STI management agent . . . . . . . . . . . . . . . . . . . . . . . . 123 4.5.2 Configuring transaction recordings . . . . . . . . . . . . . . . . . . . . . . . . . 124 4.5.3 Configuring a STI playback policy. . . . . . . . . . . . . . . . . . . . . . . . . . 131 4.6 Usage examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134iv Tivoli and WebSphere Application Server for z/OS
  6. 6. 4.6.1 The Big Board report. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135 4.6.2 Big Board topology reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136 4.6.3 Big Board topology minimum and maximum tables . . . . . . . . . . . . 138 4.6.4 Big Board STI charts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140 4.6.5 Big Board response time line charts . . . . . . . . . . . . . . . . . . . . . . . . 141 4.6.6 General report: overall transaction over time graphs . . . . . . . . . . . 143 4.6.7 General report: transaction with subtransactions graphs . . . . . . . . 145 4.6.8 General report: slowest transactions tables . . . . . . . . . . . . . . . . . . 146 4.6.9 General report: availability graphs . . . . . . . . . . . . . . . . . . . . . . . . . 147 4.6.10 General report: page analyzer viewer reports . . . . . . . . . . . . . . . . 149 4.6.11 General report: table views . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152 4.6.12 General report: component events reports . . . . . . . . . . . . . . . . . . 153Chapter 5. System Automation for z/OS: automation & high availability1555.1 IBM System Automation for z/OS overview . . . . . . . . . . . . . . . . . . . . . . 156 5.1.1 Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156 5.1.2 System Automation for z/OS objects . . . . . . . . . . . . . . . . . . . . . . . 156 5.1.3 Solution components. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1575.2 Getting started with policy database . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158 5.2.1 Allocate data sets for the customization dialog . . . . . . . . . . . . . . . . 158 5.2.2 Allocate policy database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159 5.2.3 Using the sample policy database for WebSphere . . . . . . . . . . . . . 1645.3 Defining policies for WebSphere Application Server . . . . . . . . . . . . . . . . 165 5.3.1 Describing your environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165 5.3.2 Application and application group design . . . . . . . . . . . . . . . . . . . . 184 5.3.3 Defining applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186 5.3.4 Application group creation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208 5.3.5 Linking application groups to their parent . . . . . . . . . . . . . . . . . . . . 212 5.3.6 Defining relationships . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214 5.3.7 Activating System Automation for z/OS . . . . . . . . . . . . . . . . . . . . . 216 5.3.8 Activating the WebSphere Application Server automation . . . . . . . 2215.4 Sample usage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226Chapter 6. IBM Tivoli Access Manager: securing WebSphere for z/OS . 2356.1 Introducing IBM Tivoli Access Manager . . . . . . . . . . . . . . . . . . . . . . . . . 236 6.1.1 IBM Tivoli Access Manager features. . . . . . . . . . . . . . . . . . . . . . . . 236 6.1.2 IBM Tivoli Access Manager secure domain . . . . . . . . . . . . . . . . . . 237 6.1.3 Using z/OS LDAP native authentication . . . . . . . . . . . . . . . . . . . . . 2396.2 Configuration of z/OS LDAP native authentication . . . . . . . . . . . . . . . . . 240 6.2.1 Configuring LDAP on z/OS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241 6.2.2 Configuring LDAP native authentication . . . . . . . . . . . . . . . . . . . . . 249 6.2.3 Configuring LDAP on z/OS for IBM Tivoli Access Manager . . . . . . 251 6.2.4 Configuring IBM Tivoli Access Manager with LDAP on z/OS . . . . . 252 Contents v
  7. 7. 6.3 Using IBM Tivoli Access Manager with RACF . . . . . . . . . . . . . . . . . . . . 259 6.3.1 WebSEAL junction to WebSphere for z/OS . . . . . . . . . . . . . . . . . . 260 6.3.2 Creating a new IBM Tivoli Access Manager user . . . . . . . . . . . . . . 264 6.3.3 First user logon and password change . . . . . . . . . . . . . . . . . . . . . . 268 6.4 Single sign-on with Trust Association Interceptor . . . . . . . . . . . . . . . . . . 270 6.4.1 The SWIPE application . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272 6.4.2 Configuring WebSphere for z/OS for authentication . . . . . . . . . . . . 279 6.4.3 Configuring WebSEAL to transfer identity. . . . . . . . . . . . . . . . . . . . 282 6.4.4 Trust Association Interceptor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 285 Appendix A. Tivoli Management Framework: a short overview . . . . . . . 295 The framework . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 296 Physical management environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297 Working with the framework . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 298 Appendix B. IBM Tivoli NetView for z/OS: a short overview . . . . . . . . . . 303 IBM Tivoli NetView for z/OS concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 304 IBM Tivoli NetView for z/OS components . . . . . . . . . . . . . . . . . . . . . . . . . . . 304 Subsystem interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 304 NetView interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 305 Event subsystem. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 305 Automation subsystem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 306 Appendix C. The SMEUI: overview and concepts . . . . . . . . . . . . . . . . . . 307 Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 308 Conversations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 308 J2EE servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 310 J2EE resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 311 J2EE applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 312 Activation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 314 Appendix D. LDAP z/OS native authentication for TAM files. . . . . . . . . . 317 LDAP setup configuration file: ldap.profile . . . . . . . . . . . . . . . . . . . . . . . . . . . 318 LDAP configuration file: SLAPDCNF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 326 Appendix E. Additional material . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 339 Locating the Web material . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 339 Using the Web material . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 339 System requirements for downloading the Web material . . . . . . . . . . . . . 340 How to use the Web material . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 340 Abbreviations and acronyms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 341 Related publications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 343 IBM Redbooks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 343vi Tivoli and WebSphere Application Server for z/OS
  8. 8. Other publications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 344Online resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 346How to get IBM Redbooks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 346Help from IBM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 347Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 349 Contents vii
  9. 9. viii Tivoli and WebSphere Application Server for z/OS
  10. 10. Figures 1-1 IBM automation blueprint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1-2 Overall management environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 2-1 WebSphere Application Server for z/OS environment . . . . . . . . . . . . . . 11 2-2 WebSphere Application for z/OS PolicyIVP window . . . . . . . . . . . . . . . 14 2-3 Trade2 components and flow. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 2-4 WLM administration main menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 2-5 Creating a new WLM application environment . . . . . . . . . . . . . . . . . . . 17 2-6 Trade2 application first page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 2-7 Trader components and flow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 2-8 Trader 3270 presentation logic logon window . . . . . . . . . . . . . . . . . . . . 25 2-9 CLASSPATH modification example . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 2-10 LIBPATH modification example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 2-11 CICS ECI connection J2EE Resource instance example . . . . . . . . . . . 29 2-12 Activation policy message . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 2-13 Reference and Resource Resolution window . . . . . . . . . . . . . . . . . . . . 31 2-14 Trader Web presentation logic logon window . . . . . . . . . . . . . . . . . . . . 32 2-15 Trader company selection window. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33 2-16 WebSphere Studio Workload Simulator main window. . . . . . . . . . . . . . 34 2-17 WebSphere Studio Workload Simulator Capture process . . . . . . . . . . . 35 2-18 WebSphere Studio Workload Simulator Create new script window. . . . 35 2-19 WebSphere Studio Workload Simulator Run Script window . . . . . . . . . 36 2-20 WebSphere Studio Workload Simulator Run Options window . . . . . . . 37 2-21 WebSphere Studio Workload Simulator Monitor window . . . . . . . . . . . 38 2-22 WebSphere Studio Workload Simulator Run Options window (2) . . . . . 39 3-1 IBM Tivoli Monitoring for Web Infrastructure architecture . . . . . . . . . . . 45 3-2 SMEUI window example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48 3-3 SMEUI CLASSPATH modification window . . . . . . . . . . . . . . . . . . . . . . 49 3-4 SMEUI LIBPATH modification window . . . . . . . . . . . . . . . . . . . . . . . . . 50 3-5 SMEUI JVM_BOOTCLASSPATH modification window. . . . . . . . . . . . . 50 3-6 SMEUI WS_EXT_DIRS modification window . . . . . . . . . . . . . . . . . . . . 51 3-7 SMEUI WAS_JAVA_OPTIONS modification window . . . . . . . . . . . . . . 51 3-8 Tivoli desktop: create WSAdministrationServer window . . . . . . . . . . . . 53 3-9 Tivoli desktop: check status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54 3-10 Tivoli desktop: check status result window . . . . . . . . . . . . . . . . . . . . . . 54 3-11 Tivoli desktop: list application servers result window . . . . . . . . . . . . . . . 55 3-12 Tivoli desktop: policy region window . . . . . . . . . . . . . . . . . . . . . . . . . . . 56 3-13 Tivoli desktop: create WSApplicationServer window . . . . . . . . . . . . . . . 57 3-14 Tivoli desktop: application servers window . . . . . . . . . . . . . . . . . . . . . . 58© Copyright IBM Corp. 2004. All rights reserved. ix
  11. 11. 3-15 Tivoli desktop: opening Task Library . . . . . . . . . . . . . . . . . . . . . . . . . . . 59 3-16 Tivoli desktop: invoking enable metric task . . . . . . . . . . . . . . . . . . . . . . 59 3-17 Tivoli desktop: execute task window . . . . . . . . . . . . . . . . . . . . . . . . . . . 60 3-18 Tivoli desktop: task parameter window . . . . . . . . . . . . . . . . . . . . . . . . . 61 3-19 Tivoli desktop: task output window . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61 3-20 Create Profile Manager window. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65 3-21 Tivoli Desktop Subscribers window . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66 3-22 Tivoli Desktop Profile manager window . . . . . . . . . . . . . . . . . . . . . . . . . 67 3-23 Tivoli Desktop Logging window . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68 3-24 Tivoli Desktop Monitoring Profile window . . . . . . . . . . . . . . . . . . . . . . . 69 3-25 Tivoli Desktop Distribute Profiles window . . . . . . . . . . . . . . . . . . . . . . . 70 3-26 Web Health Console preferences window . . . . . . . . . . . . . . . . . . . . . . . 71 3-27 Tivoli Desktop Operation pop-up menu . . . . . . . . . . . . . . . . . . . . . . . . . 73 3-28 Tivoli Desktop Check Status output window . . . . . . . . . . . . . . . . . . . . . 73 3-29 Web Health Console: signon window . . . . . . . . . . . . . . . . . . . . . . . . . . 75 3-30 Web Health Console resource model list view. . . . . . . . . . . . . . . . . . . . 76 3-31 Web Health Console application server status view . . . . . . . . . . . . . . . 77 3-32 Web Health Console status historical data . . . . . . . . . . . . . . . . . . . . . . 78 3-33 Web Health Console EJBs indications view . . . . . . . . . . . . . . . . . . . . . 79 3-34 Web Health Console EJB performance historical data view . . . . . . . . . 80 3-35 Web Health Console EJBs indications view (2) . . . . . . . . . . . . . . . . . . . 81 3-36 Web Health Console Trader EJB request rate. . . . . . . . . . . . . . . . . . . . 82 3-37 Web Health Console JVM resource model historical data view. . . . . . . 85 3-38 Web Health Console JVM resource model (2). . . . . . . . . . . . . . . . . . . . 86 3-39 Web Health Console transaction request rate . . . . . . . . . . . . . . . . . . . . 88 3-40 Web Health Console transaction response time . . . . . . . . . . . . . . . . . . 89 3-41 Web Health Console Web applications indications view . . . . . . . . . . . . 90 3-42 Web Health Console servlet request rate . . . . . . . . . . . . . . . . . . . . . . . 91 3-43 Web Health Console servlet response time . . . . . . . . . . . . . . . . . . . . . . 92 3-44 Web Health Console servlet CPU time . . . . . . . . . . . . . . . . . . . . . . . . . 93 4-1 QoS metrics calculation timestamps . . . . . . . . . . . . . . . . . . . . . . . . . . . 99 4-2 QoS listening component . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100 4-3 STI playback component . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102 4-4 Log On window . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103 4-5 Welcome page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104 4-6 Schedule creation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105 4-7 Schedules view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106 4-8 Management Agent install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107 4-9 Management Agent install on MS Windows platform . . . . . . . . . . . . . 108 4-10 Management Agent installation successful . . . . . . . . . . . . . . . . . . . . . 108 4-11 Agents view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109 4-12 Configure Agent Group window . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110 4-13 Deploy QoS component . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113x Tivoli and WebSphere Application Server for z/OS
  12. 12. 4-14 Configure QoS listener. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1154-15 Configure QoS thresholds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1184-16 Choose QoS schedule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1204-17 Choose QoS agent group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1214-18 Work with Listening Policies window . . . . . . . . . . . . . . . . . . . . . . . . . . 1224-19 Deploy component view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1244-20 Download STI recorder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1254-21 STI recorder Installer window . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1264-22 STI recorder successfully installed . . . . . . . . . . . . . . . . . . . . . . . . . . . 1264-23 STI recorder welcome window . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1274-24 STI recorder recording . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1284-25 STI recorder Log On window . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1294-26 STI recorder Saved Successfully window . . . . . . . . . . . . . . . . . . . . . . 1304-27 Transaction recordings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1314-28 Create playback policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1324-29 Playback policy schedule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1334-30 Playback policy name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1344-31 Big Board report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1364-32 Big Board topology report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1374-33 Context menu. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1394-34 Minimum maximum table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1394-35 Big Board STI chart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1404-36 Big Board STI chart (2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1414-37 Context menu for response time line chart . . . . . . . . . . . . . . . . . . . . . 1424-38 Big Board response time line chart . . . . . . . . . . . . . . . . . . . . . . . . . . . 1434-39 Overall transaction over time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1444-40 Transactions with Subtransactions window . . . . . . . . . . . . . . . . . . . . . 1454-41 Subtransactions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1464-42 Slowest transactions table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1474-43 Availability graph . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1484-44 Availability graph detail . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1484-45 Page analyzer viewer report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1504-46 Page analyzer viewer item properties . . . . . . . . . . . . . . . . . . . . . . . . . 1514-47 Page analyzer viewer details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1524-48 Table view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1534-49 Component events report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1545-1 WebSphere automation structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1585-2 Allocating policy database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1605-3 Policy database list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1615-4 Allocating Policy DB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1625-5 Selecting a model policy database . . . . . . . . . . . . . . . . . . . . . . . . . . . 1635-6 Model policy database is selected . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1635-7 Policy database main menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164 Figures xi
  13. 13. 5-8 Adding a sample WebSphere policy . . . . . . . . . . . . . . . . . . . . . . . . . . 165 5-9 Enterprise definition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166 5-10 DESCRIPTION screen for enterprise . . . . . . . . . . . . . . . . . . . . . . . . . 166 5-11 Opening GRP entry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167 5-12 Defining WTSCPLX1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168 5-13 Group definition screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169 5-14 Defining SYSPLEX policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169 5-15 System list screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170 5-16 System still in use error . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170 5-17 Defining a new system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171 5-18 System POLICY setting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172 5-19 System information screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173 5-20 NetView information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174 5-21 Automation environment setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175 5-22 Systems for Group dialog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176 5-23 Defining a new system defaults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176 5-24 Policy Selection screen for System Defaults . . . . . . . . . . . . . . . . . . . . 177 5-25 Environment policy setting for system default . . . . . . . . . . . . . . . . . . . 177 5-26 Defining a new focal point . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178 5-27 Defining a FORWARDing policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178 5-28 Defining a GATEWAY policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179 5-29 Defining SAF ENVIRONMENT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179 5-30 Defining a new backup focal point . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180 5-31 Defining a FORWARDing policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180 5-32 Defining a GATEWAY policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181 5-33 Defining SAF ENVIRONMENT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181 5-34 Defining Automatic operator GATOPER . . . . . . . . . . . . . . . . . . . . . . . 182 5-35 Defining OPERATORS policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182 5-36 Defining OPERATORS policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183 5-37 Associating network and system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183 5-38 Selecting all NetView automated operators . . . . . . . . . . . . . . . . . . . . . 184 5-39 Structure of primary address spaces . . . . . . . . . . . . . . . . . . . . . . . . . . 185 5-40 J2EE application server group structure . . . . . . . . . . . . . . . . . . . . . . . 186 5-41 LDAP and Web Server application group definitions . . . . . . . . . . . . . . 186 5-42 TIO_CLASS entry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187 5-43 Policy selection for TIO_CLASS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188 5-44 Shutdown policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189 5-45 SHUTNORM policy for normal shutdown . . . . . . . . . . . . . . . . . . . . . . 190 5-46 Automation policy for specific application . . . . . . . . . . . . . . . . . . . . . . 191 5-47 Defining TIODMN. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192 5-48 Subsystem startup processing for TIODMN . . . . . . . . . . . . . . . . . . . . 193 5-49 Defining pre-startup commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194 5-50 Defining the final command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195xii Tivoli and WebSphere Application Server for z/OS
  14. 14. 5-51 Linking TIODMN to TIO_CLASS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1965-52 Defining TIOIR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1965-53 Application Automation Definition for TIOIR . . . . . . . . . . . . . . . . . . . . 1975-54 Defining parent relationship . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1985-55 Application environment stopped . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1985-56 Defining response for message BBOU0199E for TIOIR . . . . . . . . . . . 1995-57 Defining TIONM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2005-58 Copying definition from TIOIR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2015-59 Relationship of TIOTRAD to TIO_DAEMON . . . . . . . . . . . . . . . . . . . . 2025-60 Response to message BBOU0199E for TIOTRAD . . . . . . . . . . . . . . . 2035-61 Definition of TIOLDAP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2045-62 Definition of TIOWTR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2055-63 Startup policy for TIOWTR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2065-64 Turning off tracing before shutdown . . . . . . . . . . . . . . . . . . . . . . . . . . 2065-65 Definition of WEBTIV . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2075-66 Relationship of WEBTIV to TCPIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2085-67 Application Group list dialog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2095-68 Definition for TIO_PLEX. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2095-69 Completed application group list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2115-70 Policy Selection for WTSCPLX1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2125-71 Application group selection for WTSCPLX1 . . . . . . . . . . . . . . . . . . . . 2135-72 Setting application groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2135-73 Application group selection for SC61 . . . . . . . . . . . . . . . . . . . . . . . . . . 2145-74 Control file processing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2215-75 Building a policy database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2225-76 Building the whole system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2235-77 TIOTRAD status. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2265-78 TIO_DAEMON status. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2275-79 Listing TIO_DAEMON using the INGLIST command . . . . . . . . . . . . . 2275-80 Detailed command dialog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2285-81 Verify resources to stop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2295-82 Completion of stop request . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2295-83 Result of the INGVOTE command . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2305-84 Stopping J2EE servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2305-85 All stop request satisfied . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2336-1 IBM Tivoli Access Manager secure domain components . . . . . . . . . . 2386-2 IBM Tivoli Access Manager: z/OS LDAP native authent. architecture. 2406-3 SPUFI interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2446-4 LDAP browser connection setup TDBM back end . . . . . . . . . . . . . . . . 2476-5 LDAP browser TDBM back end . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2486-6 LDAP browser connection setup SDBM back end. . . . . . . . . . . . . . . . 2486-7 LDAP browser SDBM back end . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2496-8 IBM Tivoli Access Manager setup menu . . . . . . . . . . . . . . . . . . . . . . . 253 Figures xiii
  15. 15. 6-9 IBM Tivoli Access Manager run-time configuration . . . . . . . . . . . . . . . 254 6-10 IBM Tivoli Access Manager policy Server configuration . . . . . . . . . . . 255 6-11 IBM Tivoli Access Manager authorization server configuration . . . . . . 255 6-12 IBM Tivoli Access Manager web portal manager configuration . . . . . . 256 6-13 IBM Tivoli Access Manager WebSEAL configuration . . . . . . . . . . . . . 257 6-14 IBM Tivoli Access Manager configuration status . . . . . . . . . . . . . . . . . 257 6-15 IBM Tivoli Access Manager Web Console login . . . . . . . . . . . . . . . . . 258 6-16 IBM Tivoli Access Manager Web Console main window . . . . . . . . . . . 259 6-17 IBM Tivoli Access Manager: WebSEAL & LDAP native authentication 260 6-18 IBM Tivoli Access Manager Create Junction window . . . . . . . . . . . . . 262 6-19 MS Internet Explorer Enter Network Password window . . . . . . . . . . . 263 6-20 Trade2 window going through the IBM Tivoli Access Manager junction264 6-21 The pkmspasswd utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 265 6-22 IBM Tivoli Access Manager Web Console create user window . . . . . . 266 6-23 IBM Tivoli Access Manager password change . . . . . . . . . . . . . . . . . . 269 6-24 IBM Tivoli Access Manager changing password window . . . . . . . . . . 270 6-25 Single sign-on: IBM Tivoli Access Manager & WebSphere for z/OS . . 271 6-26 SWIPE application EJBCaller servlet: part 1 of 2 . . . . . . . . . . . . . . . . 274 6-27 SWIPE application EJBCaller servlet: part 2 of 2 . . . . . . . . . . . . . . . . 275 6-28 SWIPE basic authentication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 280 6-29 SWIPE basic authentication output sample . . . . . . . . . . . . . . . . . . . . . 281 6-30 SWIPE through WebSEAL EJBCaller servlet . . . . . . . . . . . . . . . . . . . 283 6-31 SWIPE through WebSEAL protected EJBCaller servlet . . . . . . . . . . . 284 6-32 Trust Association Interceptor SMEUI . . . . . . . . . . . . . . . . . . . . . . . . . . 290 6-33 Trust Association Interceptor SMEUI (2) . . . . . . . . . . . . . . . . . . . . . . . 291 6-34 SWIPE through WebSEAL with TAI. . . . . . . . . . . . . . . . . . . . . . . . . . . 293 A-1 The Tivoli Management Framework concept . . . . . . . . . . . . . . . . . . . . 296 A-2 Three-tiered architecture of the TMR . . . . . . . . . . . . . . . . . . . . . . . . . . 298 A-3 Tivoli desktop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299 B-1 NetView 3270 main menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 305 B-2 Alert display screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 306 C-1 SMEUI logon window . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 309 C-2 SMEUI Server instance window. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 311 C-3 SMEUI J2EE resources window . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 312 C-4 SMEUI reference and resource resolution window . . . . . . . . . . . . . . . 314 C-5 SMEUI conversation activation context menu . . . . . . . . . . . . . . . . . . . 315xiv Tivoli and WebSphere Application Server for z/OS
  16. 16. Tables 4-1 IBM Tivoli Monitoring for Transaction Performance . . . . . . . . . . . . . . . . 96 5-1 Summary of WebSphere application groups . . . . . . . . . . . . . . . . . . . . 184 5-2 Defining TIOTRAD and TIOTRED . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201 5-3 Base processes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214 5-4 Additional relationships between application groups . . . . . . . . . . . . . . 215© Copyright IBM Corp. 2004. All rights reserved. xv
  17. 17. xvi Tivoli and WebSphere Application Server for z/OS
  18. 18. NoticesThis information was developed for products and services offered in the U.S.A.IBM may not offer the products, services, or features discussed in this document in other countries. Consultyour local IBM representative for information on the products and services currently available in your area.Any reference to an IBM product, program, or service is not intended to state or imply that only that IBMproduct, program, or service may be used. Any functionally equivalent product, program, or service thatdoes not infringe any IBM intellectual property right may be used instead. However, it is the usersresponsibility to evaluate and verify the operation of any non-IBM product, program, or service.IBM may have patents or pending patent applications covering subject matter described in this document.The furnishing of this document does not give you any license to these patents. You can send licenseinquiries, in writing, to:IBM Director of Licensing, IBM Corporation, North Castle Drive Armonk, NY 10504-1785 U.S.A.The following paragraph does not apply to the United Kingdom or any other country where such provisionsare inconsistent with local law: INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDESTHIS PUBLICATION "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED,INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF NON-INFRINGEMENT,MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Some states do not allow disclaimerof express or implied warranties in certain transactions, therefore, this statement may not apply to you.This information could include technical inaccuracies or typographical errors. Changes are periodically madeto the information herein; these changes will be incorporated in new editions of the publication. IBM maymake improvements and/or changes in the product(s) and/or the program(s) described in this publication atany time without notice.Any references in this information to non-IBM Web sites are provided for convenience only and do not in anymanner serve as an endorsement of those Web sites. The materials at those Web sites are not part of thematerials for this IBM product and use of those Web sites is at your own risk.IBM may use or distribute any of the information you supply in any way it believes appropriate withoutincurring any obligation to you.Information concerning non-IBM products was obtained from the suppliers of those products, their publishedannouncements or other publicly available sources. IBM has not tested those products and cannot confirmthe accuracy of performance, compatibility or any other claims related to non-IBM products. Questions onthe capabilities of non-IBM products should be addressed to the suppliers of those products.This information contains examples of data and reports used in daily business operations. To illustrate themas completely as possible, the examples include the names of individuals, companies, brands, and products.All of these names are fictitious and any similarity to the names and addresses used by an actual businessenterprise is entirely coincidental.COPYRIGHT LICENSE:This information contains sample application programs in source language, which illustrates programmingtechniques on various operating platforms. You may copy, modify, and distribute these sample programs inany form without payment to IBM, for the purposes of developing, using, marketing or distributing applicationprograms conforming to the application programming interface for the operating platform for which thesample programs are written. These examples have not been thoroughly tested under all conditions. IBM,therefore, cannot guarantee or imply reliability, serviceability, or function of these programs. You may copy,modify, and distribute these sample programs in any form without payment to IBM for the purposes ofdeveloping, using, marketing, or distributing application programs conforming to IBMs applicationprogramming interfaces.© Copyright IBM Corp. 2004. All rights reserved. xvii
  19. 19. TrademarksThe following terms are trademarks of the International Business Machines Corporation in the United States,other countries, or both: ibm.com® ™ Redbooks (logo) ™ z/OS® IBM® RACF® zSeries® IMS™ RMF™ CICS® Lotus® Tivoli Enterprise™ Database 2™ MVS™ Tivoli Enterprise Console® Domino™ NetView® Tivoli® DB2 Universal Database™ OS/390® VTAM® DB2® Redbooks™ WebSphere®The following terms are trademarks of the International Business Machines Corporation and the RationalSoftware Corporation, in the United States, other countries, or both: Rational®The following terms are trademarks of other companies:Microsoft, Windows, and the Windows logo are trademarks of Microsoft Corporation in the United States,other countries, or both.Java and all Java-based trademarks and logos are trademarks or registered trademarks of SunMicrosystems, Inc. in the United States, other countries, or both.UNIX is a registered trademark of The Open Group in the United States and other countries.Other company, product, and service names may be trademarks or service marks of others.xviii Tivoli and WebSphere Application Server for z/OS
  20. 20. Preface IBM® WebSphere® Application Server has grown to be a successful application server platform. With IBM WebSphere Application Server on z/OS®, the preferred application server platform gains the benefits of capacity and robustness from the mainframe legacy. It also gains access to data and transactions residing on z/OS subsystems such as DB2® and CICS®. In essence, the nature of the operating environment of WebSphere on z/OS is quite different from its distributed counterpart. UNIX® System Services, although similar to a UNIX-like environment, has fundamental differences, such as workload management from z/OS Workload Manager, processes controlled by JES engine, and so on. The aim of this IBM Redbook is to show and discuss the usage of various IBM/Tivoli® products that help manage the IBM WebSphere Application Server on z/OS. The discussion consists of: Managing the performance of WebSphere resources using IBM Tivoli Monitoring (ITM) for Web Infrastructure Monitoring Web transaction performance using the IBM Tivoli Monitoring for Transaction Performance Ensuring high availability of WebSphere systems in a SYSPLEX environment using IBM System Automation Managing access using IBM Tivoli Access Manager for e-business together with z/OS Security Server We discuss concepts, implementation, and sample scenarios, and how these products can be used to manage IBM WebSphere Application Server on z/OS.The team that wrote this redbook This redbook was produced by a team of specialists from around the world working at the International Technical Support Organization, Austin Center.© Copyright IBM Corp. 2004. All rights reserved. xix
  21. 21. Budi Darmawan is a Project Leader at the International Technical Support Organization, Austin Center. He writes extensively and teaches IBM classes worldwide in all areas of Tivoli systems management products. Before joining the ITSO four years ago, Budi worked in IBM Indonesia Integrated Technology Services as lead implementer and solution architect. His expertise is in general Tivoli systems management, z/OS system programming, and database administration. He currently specialize in Business Service Management and availability management. Foulques de Valence is a WebSphere for z/OS Specialist with IBM Global Services. Currently based in Paris, France, he works at the French customer Technical Support Center within the CICS and WebSphere for z/OS team. In previous years, he provided customer support on Lotus® Domino™ for OS/390® and UNIX System Services. Prior to IBM, Foulques served as the IT Manager of a small manufacturing company in the San Francisco bay area. He received his Masters degree in Computer Science and Engineering from Ensimag in France. He furthered his education at the State University of New York at Buffalo, and at Stanford University USA. Daniela Chersoni is an IT Systems Management Specialist with IBM Global Services Strategic Outsourcing Italy. She has worked on mainframe systems VM, MVS™, z/OS and networking since 1982. She has several years experience with IBM System Automation for OS/390 and IBM Tivoli NetView® for OS/390. She works in IGS Vimercate (Italy), at the Server System Operation (SSO) organization within the Infrastructure Platform & Tivoli team. Her areas of expertise include systems management and support for outsourcing clients. Thanks to the following people for their contributions to this project: Axel Buecker and Wade Wallace International Technical Support Organization, Austin Center Rich Conway and Bob Haimowitz International Technical Support Organization, Poughkeepsie Center Scott Henley IBM Australia, Tivoli Software. Mari Heiser IBM USxx Tivoli and WebSphere Application Server for z/OS
  22. 22. Become a published author Join us for a two- to six-week residency program! Help write an IBM Redbook dealing with specific products or solutions, while getting hands-on experience with leading-edge technologies. Youll team with IBM technical professionals, Business Partners and/or customers. Your efforts will help increase product acceptance and customer satisfaction. As a bonus, youll develop a network of contacts in IBM development labs, and increase your productivity and marketability. Find out more about the residency program, browse the residency index, and apply online at: ibm.com/redbooks/residencies.htmlComments welcome Your comments are important to us! We want our Redbooks™ to be as helpful as possible. Send us your comments about this or other Redbooks in one of the following ways: Use the online Contact us review redbook form found at: ibm.com/redbooks Send your comments in an Internet note to: redbook@us.ibm.com Mail your comments to: IBM Corporation, International Technical Support Organization Dept. 0SJB Building 003 Internal Zip 2834 11400 Burnet Road Austin, Texas 78758-3493 Preface xxi
  23. 23. xxii Tivoli and WebSphere Application Server for z/OS
  24. 24. 1 Chapter 1. Introduction This chapter introduces the redbook and provides an overview of our environment, product versions that are used, and the organization of this redbook. The discussion in this chapter is divided into: 1.1, “Managing WebSphere Application Server for z/OS” on page 2 contains a discussion on the issues around managing WebSphere Application Server for z/OS. 1.2, “IBM automation blueprint” on page 2 explains the management context in the IBM Automation blueprint as part of the IBM OnDemand initiative. 1.3, “Our operating environment” on page 4 shows our operating environment. 1.4, “Document organization” on page 6 lists the chapters in this Redbooks and an overview of its content.© Copyright IBM Corp. 2004. All rights reserved. 1
  25. 25. 1.1 Managing WebSphere Application Server for z/OS As enterprises move to Web-enable most applications they have, some applications with strong mainframe ties tend to stay in the mainframe. IBM WebSphere Application Server for z/OS is a very popular choice as the agent of change for legacy applications. IBM WebSphere Application Server for z/OS has strong back-end ties with legacy z/OS subsystems, such as CICS and DB2. It also interfaces well with WebSphere MQ for z/OS for enabling message queueing applications. The complexity of managing new subsystems that are becoming more critical over time and technology that is (mostly) unfamiliar to the z/OS system programming team introduces a significant friction in adopting IBM WebSphere Application Server for z/OS. Systems management of IBM WebSphere Application Server for z/OS should be approached in a holistic view. There are more management issue than just performance monitoring. This redbook will describe the approach that Tivoli has taken to managing performance, security, and operation of IBM WebSphere Application Server for z/OS. The redbook discusses implementation and usage of IBM/Tivoli tools to manage IBM WebSphere Application Server for z/OS.1.2 IBM automation blueprint The IBM Tivoli solution is the basis for providing automation for the overall system management of the OnDemand world. Automation is critical for businesses to achieve resiliency, efficiency, responsiveness, and flexibility. The IBM automation platform provides the structure of the automation components for providing on demand automation capability. The IBM automation blueprint is shown in Figure 1-1 on page 3.2 Tivoli and WebSphere Application Server for z/OS
  26. 26. Business Service Management Policy Based Orchestration Availability Assurance Optimization Provisioning Virtualization Software Resources System ResourcesFigure 1-1 IBM automation blueprintThe IBM automation blueprint is a game-changing plan for reducing thecomplexity of technology, allowing more focus on the business goals, andallowing the application of resources to business objectives rather than themanagement of technology. The blueprint enables enterprises to implementautomation in an evolutionary fashion that acknowledges the heterogeneousnature of the infrastructure.At the bottom of the blueprint is the foundation: the Software and SystemResources with native automation capabilities required for higher levelautomation functions. Many of these resources may be virtualized to the othercapabilities. Here, the key point is that in order to achieve the highest levels of ondemand automation, resources need to be virtualized so that they can bedynamically provisioned as business policies require.Above the resources are the key automation capabilities: Availability helps ensure that systems are available 24x7. Reliance on security keeps your systems protected from threats and provides the functions for a great user experience in accessing applications and data they need – while keeping out unwelcome users. Chapter 1. Introduction 3
  27. 27. Optimization provides tools to make the most of the resources you have – so that they are running at peak performance and efficiency and providing you with the maximum return on your investment. Provisioning focuses on the self-configuring, dynamic allocation of individual elements of your IT infrastructure so that Identities or Storage or Servers are provisioned as business needs dictate. The next layer, Policy-based Orchestration, helps customers automatically control all the capabilities of the four areas we just discussed so that the entire IT infrastructure is responding dynamically to changing conditions according to defined business policies. This orchestration builds on the best practices of the customer’s collective IT experience, and helps to ensure that complex deployments are achieved with speed and quality on demand. Finally, Business-driven Service Management capabilities provide the tools you need to manage service levels, meter system usage and bill customers for that usage, as well as model, integrate, connect, monitor, and manage your business processes end-to-end for complete linkage of IT and business processes. Being able to view IT resources in context of business systems is a unique capability that we need. The management tools that we discuss in this redbook primarily involve providing an Availability and Assurance (Security) solution for IBM WebSphere Application Server for z/OS. Operation support and provisioning in z/OS are available from the operating systems functions, such as Workload Manager and other subsystems, such as IBM Tivoli Workload Manager, which are not discussed in this redbook.1.3 Our operating environment This redbook project was written at the IBM International Technical Support Organization (ITSO) in Austin center, with mainframe z/OS systems residing in the ITSO Poughkeepsie center. We used a SYSPLEX environment called WTSCPLX1 with system SC61 and SC62. The managed systems run IBM WebSphere Application Server for z/OS Version 4.0.1. The management application that we discuss and used in this redbook are: IBM Tivoli Monitoring for Web Infrastructure Version 5.1.1, which allows monitoring of IBM WebSphere Application Server for z/OS internal metrics to ensure that no bottleneck exists4 Tivoli and WebSphere Application Server for z/OS
  28. 28. IBM Tivoli Monitoring for Transaction Performance Version 5.2, which allows multiple agents to be placed around the network to see the performance profile of transactions to the application server IBM System Automation for z/OS Version 2.2, which provides message automation, automatic controlled startup, shutdown automation, address space cleanup, and recovery (restart or reallocate) IBM Tivoli Access Manager for e-business Version 4.1, which allows coarse or granular security definitions for access authorization and authentication through RACF® and Web-enabled attributes. Our overall systems management environment is shown in Figure 1-2. z/OS SC61 IBMTIV2 LDAP Server CICS DB2 Policy Server Web Portal Mgr Authentication Server WebSphere Application IBM HTTP Server Server for z/OS Web Seal SC61N IBM Tivoli NetView for z/OS IBM System Automation for z/OS management agents z/OS SC62 CICS DB2 management agents WebSphere Application IBM HTTP Server Server for z/OS management agents SC62N IBM Tivoli NetView for z/OS IBM System Automation for z/OS tmtp-linux Tivoli internet management IBMTIV1 server (TIMS) ITM for WebSphere Application Server TBSM task server TMR Server Gateway EndpointFigure 1-2 Overall management environment In Figure 1-2, the different patterns signify the different products that we use. Chapter 1. Introduction 5
  29. 29. Additional products that we use are: On z/OS: – z/OS Version 1.4 – IBM Tivoli NetView for z/OS Version 5 – IBM Database 2™ for z/OS Version – CICS Transaction Server Version 1.3 – IBM HTTP Server for z/OS – IBM WebSphere Application Server for z/OS Version 4.0.1 On distributed platform – Tivoli Management Framework Version 4.1 – IBM Tivoli Monitoring Version 5.1.1 – IBM Tivoli Monitoring Component Services Version 5.1 – IBM Tivoli Business Systems Manager Version 2.1.1 – DB2 Universal Database™ Version 7.11.4 Document organization The document consists of the following chapters: Chapter 1, “Introduction” on page 1, this chapter, explains the general objective of the book, and introduces the environment that we operate. Chapter 2, “Our WebSphere Application Server for z/OS environment” on page 9 describes the setup of our WebSphere environment and the application that we installed in it. Chapter 3, “IBM Tivoli Monitoring for Web Infrastructure: the inside-out viewpoint” on page 41 explains the implementation for IBM Tivoli Monitoring for Web Infrastructure: WebSphere Application Server and also provides some illustration of scenarios. Chapter 4, “ITM for Transaction Performance: the outside-in view” on page 95 explains the implementation of the IBM Tivoli Monitoring for Transaction Performance and also provides some illustration of scenarios. Chapter 5, “System Automation for z/OS: automation & high availability” on page 155 outlines the IBM System Automation for z/OS concepts and implementation for managing WebSphere Application Server for z/OS. Chapter 6, “IBM Tivoli Access Manager: securing WebSphere for z/OS” on page 235 shows the sample implementation of an integrated Web security6 Tivoli and WebSphere Application Server for z/OS
  30. 30. implementation using the IBM Tivoli Access Manager for e-business withauthorization to IBM Security Server for z/OS (formerly RACF).Appendixes that discusses a range of topics that do not fit well into thecontent of the book, such as:– Appendix A, “Tivoli Management Framework: a short overview” on page 295 provides an overview of Tivoli Management Framework.– Appendix B, “IBM Tivoli NetView for z/OS: a short overview” on page 303 gives a short description of IBM Tivoli NetView for z/OS.– Appendix C, “The SMEUI: overview and concepts” on page 307 explains basic concepts of the System Management Environment User Interface for managing WebSphere Application Server for z/OS Version 4.– Appendix D, “LDAP z/OS native authentication for TAM files” on page 317 provides listing of files that we use for native authentication with IBM Tivoli Access Manager. Chapter 1. Introduction 7
  31. 31. 8 Tivoli and WebSphere Application Server for z/OS
  32. 32. 2 Chapter 2. Our WebSphere Application Server for z/OS environment This chapter discusses the setup of our test WebSphere Application Server for z/OS environment. This goes from the setup of the WebSphere z/OS HTTP plug-in for HTTP servers, to the deployment of sample Web Applications like Trade2 or Trader, to the configuration of connectors like the CICS Transaction Gateway. We cover the following topics: 2.2, “IBM HTTP server and WebSphere z/OS HTTP plug-in” on page 12 2.3, “WebSphere Application Server for z/OS and DB2” on page 15 2.4, “WebSphere Application Server for z/OS and CICS” on page 22 2.5, “WebSphere Studio Workload Simulator for z/OS” on page 33© Copyright IBM Corp. 2004. All rights reserved. 9
  33. 33. 2.1 WebSphere Application Server for z/OS environment Our operating environment consists of two z/OS logical partitions in a SYSPLEX. Each partition runs a HTTP server, a WebSphere Application Server for z/OS runtime and J2EE servers instances, a CICS region, and a DB2 database. This architecture is not the recommended architecture as far as security is concerned. In a real-life e-business architecture, HTTP servers should be separated from the applications servers with firewalls ensuring that only HTTP flow coming from designated HTTP servers reach the zSeries server. In this book, we would like to focus on the WebSphere Application Server for z/OS, hence we use the HTTP server on z/OS to avoid networks considerations and delays between HTTP servers and WebSphere Applications Servers for z/OS. This architecture is appropriate for testing, developing, or benchmarking Web applications. The two WebSphere Application Servers for z/OS runtimes are in the host cluster configuration. This means that the WebSphere for z/OS SYSPLEX configuration appears to be a single system to systems and application programs outside of the SYSPLEX even though there may be two or more physical systems within the SYSPLEX. The benefits of such a configuration include: You can balance the workload across multiple systems, thus providing better performance management for your applications. As your workload grows, you can add new systems to meet demand, thus providing a scalable solution to your processing needs. By replicating the runtime and associated business application servers, you provide the necessary system redundancy to assure availability for your users. Thus, in the event of a failure on one system, you have other systems available for work. You can upgrade WebSphere for z/OS from one release or service level to another without interrupting service to your users. To send requests from the HTTP servers to the WebSphere Application Servers, the WebSphere for z/OS HTTP plug-in is being used. This plug-in is provided by WebSphere for z/OS. Equivalent plug-ins for other platforms are also provided and the plug-in configuration file is the same on all platforms so that you can easily switch from using IBM HTTP servers for z/OS to HTTP servers on distributed platforms like Apache. Once you have WebSphere for z/OS and your Web server and plug-in properly configured, you can route requests from your browser, through the Web server and plug-in, to one of the WebSphere for z/OS J2EE server instances defined in the ServerGroup element in the plugin-cfg.xml file. New requests will get sprayed across these server instances, but once a session is established, requests will get routed back to the correct HTTP(S)10 Tivoli and WebSphere Application Server for z/OS
  34. 34. transport handler based on the CloneID the WebSphere for z/OS Web containerassigned to the original request. If one J2EE server instance is down, the plug-inautomatically re-routes requests to other J2EE server instances available.Figure 2-1 shows our WebSphere Application Server for z/OS environment. HTTP Requests z/OS z/OS SC61 SC62 HTTP Server WebSphere z/OS plugin Trade 2 J2EE Trader J2EE Trade 2 J2EE Trader J2EE Server Server Server Server CTG CTG WebSphere for z/OS WebSphere for z/OS CICS CICS DB2 DB2Figure 2-1 WebSphere Application Server for z/OS environmentWe chose Trade2 and Trader as sample applications deployed in our J2EEapplication servers. Trade2 is deployed in one J2EE server and Trader isdeployed in another J2EE server. Trade2 models an online brokerage application providing Web-based services such as login, buy, sell, get quote, and more. It uses a servlet to drive a session EJB that calls a data bean, which executes a JDBC call to DB2, then returns data to a JSP that generates the HTML. This Web application is mainly used for benchmarking purposes. It provides a useful servlet called TradeScenarioServlet that randomly calls one of the Trade2 functions. This way, repeatedly calling the same servlet simulates using all the brokerage application functions. Trader is a stock trading application that allows a user to buy and sell shares in numerous companies. Trader is a CICS business logic program, and in our case, a WebSphere Application Server for z/OS presentation logic program. Chapter 2. Our WebSphere Application Server for z/OS environment 11
  35. 35. This application requires the CICS Transaction Gateway in local mode to communicate with the CICS Transaction Server.2.2 IBM HTTP server and WebSphere z/OS HTTP plug-in In our operating environment, we decided to use the z/OS HTTP plug-in available with WebSphere service level W401500. This plug-in allows connections through the HTTP(S) Transport Handler between a WebSphere for z/OS Web container and the IBM HTTP server for z/OS and OS/390. Similar plug-ins for Web servers running on a non-z/OS platform are also available to allow connections with WebSphere for z/OS. You can read the complete list of supported Web servers and platforms in the documentation for the new WebSphere HTTP plug-in for z/OS introduced with APAR PQ68250, available on the WebSphere for z/OS support Web site: http://www.ibm.com/software/webservers/appserv/zos_os390/support/ On the HTTP server side, only the httpd.conf file needs to be customized. The location of this UNIX System Services file can be found in the JCL of your IBM HTTP Server by looking at the procedure parameters. Example 2-1 shows the directives we added to our httpd.conf file.Example 2-1 Sample httpd.conf file directivesServerInit /WebSphere/WebServerPlugIn/bin/ihs390WASPlugin_http.so:init_exit /web/tiv1/was401_plugin-cfg.xmlService /PolicyIVP/* /WebSphere/WebServerPlugIn/bin/ihs390WASPlugin_http.so:service_exitService /WebSphereSamples/* /WebSphere/WebServerPlugIn/bin/ihs390WASPlugin_http.so:service_exitService /TraderWeb/* /WebSphere/WebServerPlugIn/bin/ihs390WASPlugin_http.so:service_exitServerTerm /WebSphere/WebServerPlugIn/bin/ihs390WASPlugin_http.so:term_exit For printing purposes, the ServerInit directive is displayed on two lines. These directives must all stay on one line. The ServerInit and ServerTerm directives relate to the WebSphere z/OS HTTP plug-in only. These tell the HTTP server how to start and stop the plug-in during startup and shutdown of the HTTP server. The Service directives relate to the Web Application that run on WebSphere Application Server for z/OS. You need one Service directive per Web application. The Service directive specifies the high-level URI for the Web application. Keep in my mind that any high-level translation rule like: Pass /* /web/pub/*12 Tivoli and WebSphere Application Server for z/OS
  36. 36. should be placed after the WebSphere directives. If placed before, theWebSphere directive may not be taken into account.On the WebSphere z/OS HTTP plug-in side, one must create the plugin-cfg.xmlfile. The path to this file and the file name must match the information provided inthe third part of the ServerInit directive in the httpd.conf file. This file tells theplug-in how to redirect requests from virtual hosts with certain URIs to the rightapplication servers. Example 2-2 shows the content of our plugin-cfg.xml file.Example 2-2 Sample plugin-cfg.xml file<?xml version="1.0"?> <Config> <Log LogLevel="Warn" Name="/tmp/was401_plugin.trace"/> <VirtualHostGroup Name="default_host"> <VirtualHost Name="*:6100"/> </VirtualHostGroup> <ServerGroup Name="PolicyIVP_Servers"> <Server Name="Server_PolicyIVP_SC61"> <Transport Hostname="wtsc61" Port="8080" Protocol="http"/> </Server> <Server Name="Server_PolicyIVP_SC62"> <Transport Hostname="wtsc62" Port="8085" Protocol="http"/> </Server> </ServerGroup> <ServerGroup Name="Trade2_Servers"> <Server Name="Server_Trade2_SC61"> <Transport Hostname="wtsc61" Port="8081" Protocol="http"/> </Server> <Server Name="Server_Trade2_SC62"> <Transport Hostname="wtsc62" Port="8086" Protocol="http"/> </Server> </ServerGroup> <ServerGroup Name="Trader_Servers"> <Server Name="Server_Trader_SC61"> <Transport Hostname="wtsc61" Port="8082" Protocol="http"/> </Server> <Server Name="Server_Trader_SC62"> <Transport Hostname="wtsc62" Port="8087" Protocol="http"/> </Server> </ServerGroup> <UriGroup Name="PolicyIVP_UriGroup"> <Uri Name="/PolicyIVP/*"/> </UriGroup> <UriGroup Name="Trade2_UriGroup"> <Uri Name="/WebSphereSamples/*"/> </UriGroup> <UriGroup Name="Trader_UriGroup"> <Uri Name="/TraderWeb/*"/> Chapter 2. Our WebSphere Application Server for z/OS environment 13
  37. 37. </UriGroup> <Route ServerGroup="PolicyIVP_Servers" UriGroup="PolicyIVP_UriGroup" VirtualHostGroup="default_host"/> <Route ServerGroup="Trade2_Servers" UriGroup="Trade2_UriGroup" VirtualHostGroup="default_host"/> <Route ServerGroup="Trader_Servers" UriGroup="Trader_UriGroup" VirtualHostGroup="default_host"/> </Config> You can check that your WebSphere z/OS HTTP plug-in is properly configured and sending HTTP requests to the PolicyIVP IVP application server. For this purpose, make sure that your IVP application server is started, then use a browser to open the following URL: http://<http_server_hostname>:<port>/PolicyIVP/cebit.html If this operation is successful, you should see a window like Figure 2-2.Figure 2-2 WebSphere Application for z/OS PolicyIVP window14 Tivoli and WebSphere Application Server for z/OS
  38. 38. 2.3 WebSphere Application Server for z/OS and DB2 In order to observe the behavior of WebSphere Application Server interacting with DB2, we choose to use the Trade2 sample application. Trade2 is a popular sample application mainly used for benchmarking purposes. Figure 2-3 shows Trade2 components and flow. WebSphere for z/OS Trade2 J2EE server Web container EJB container Trade2 Trade2 Trade2 Account servlets servlets servlets entity EJB Portfolio Trade entity EJB HTTP Access session client Beans Trade2 EJB Quote database entity EJB Trade2 Trade2 Trade2 servlets Buy servlets JSPs entity EJB Figure 2-3 Trade2 components and flow We choose to install the Trade2 application in a separate J2EE server so that we do not interfere with any other already deployed application and so that we can monitor Web applications independently. For example, when deploying a Web application, when the conversation is activated, the J2EE server that runs this application needs to be restarted. For availability concerns, you may not want other Web applications to share the same J2EE server so that they would not need to be stopped.2.3.1 Creating a new J2EE server Creating a new J2EE server with WebSphere Application Server for z/OS requires five steps: 1. Define a new J2EE server with the SMEUI. If you are a first time SMEUI user, refer to Appendix C, “The SMEUI: overview and concepts” on page 307 to know where to download it and to understand its main concepts. In this step you must create a J2EE Server and a J2EE Server Instance as well. You can use the BBOASR2 IVP server as an example. We suggest you to use the same identities as the identities defined for BBOASR2 so that you simplify your RACF customization. Chapter 2. Our WebSphere Application Server for z/OS environment 15
  39. 39. Tip: If you want to use the HTTP transport handler included in Service Level W401500, do not forget to add the server instance environment variable BBOC_HTTP_PORT associated with the port number you want to activate. 2. Add a new Workload Manager (WLM) application environment. Use the WLM administration ISPF dialog from TSO. The main menu from WLM administration menu is shown in Figure 2-4. EsssssssssssssssssssssssssssssssssssssssssssssN e Choose Service Definition e e e e Select one of the following options. e e __ 1. Read saved definition e e 2. Extract definition from WLM e e couple data set e e 3. Create new definition e e e e F1=Help F2=Split F5=KeysHelp e e F9=Swap F12=Cancel e DsssssssssssssssssssssssssssssssssssssssssssssM ENTER to continue Figure 2-4 WLM administration main menu We choose menu option 2 to extract the definition from the WLM couple data set, choose option 9 to manage the application environment, and choose option 1 to create a new application environment, as shown in Figure 2-5 on page 17.16 Tivoli and WebSphere Application Server for z/OS
  40. 40. Application-Environment Notes Options Help -------------------------------------------------------------------------- Create an Application Environment Command ===> ______________________________________________________________ Application Environment . . . TIOTRAD_________________________ Required Description . . . . . . . . . Application environment TIOTRAD Subsystem Type . . . . . . . . CB__ Required Procedure Name . . . . . . . . TIOTRADS Start Parameters . . . . . . . IWMSSNM=&IWMSSNM________________________ ________________________________________ ___________________________________ Limit on starting server address spaces for a subsystem instance: 1 1. No limit 2. Single address space per system 3. Single address space per sysplexFigure 2-5 Creating a new WLM application environment3. Set up the UNIX System Services configuration files There are four configuration files for each J2EE server inside <WebSphere home>/CB390/controlinfo/envfile/<plex name>/<instance name>: current.env, jvm.properties, webcontainer.conf, and trace.dat. The current.env file is generated by the SMEUI and does not need any customization here. jvm.properties, webcontainer.conf, and trace.dat can be taken from the IVP server directory and customized so that the <instancename> is correct and so that the host name is right inside the webcontainer.conf file. Attention: If you use the z/OS HTTP plug-in to redirect requests from the IBM HTTP server to the HTTP transport handler, then you have to specify (for the host.<virtual_hostname>.alias directive in the webcontainer.conf file) the host name with the port number and the host name without the port number. For example: host.default_host.alias=wtsc61.ibm.com:8081, wtsc61.ibm.com4. Set up your RACF security. Example 2-3 on page 18 shows the RACF commands that we issued. This can be embedded in a JCL or issued from a TSO session. We are using the default user IDs from the IVP process for the users that granted access. Chapter 2. Our WebSphere Application Server for z/OS environment 17
  41. 41. Example 2-3 Sample RACF security setup RDEFINE SERVER CB.*.TIOTRAD UACC(NONE) PERMIT CB.*.TIOTRAD CLASS(SERVER) ID(CBASRU2) ACC(READ) RDEFINE CBIND CB.BIND.TIOTRAD UACC(READ) PERMIT CB.BIND.TIOTRAD CLASS(CBIND) ID(CBCTL1) ACCESS(CONTROL) RDEFINE CBIND CB.TIOTRAD UACC(READ) RDEFINE STARTED TIOTRAD.* STDATA(USER(CBACRU2) GROUP(CBCTL1) RDEFINE STARTED TIOTRADS.* STDATA(USER(CBASRU2) GROUP(CBASR2) SETROPTS RACLIST(CBIND, SERVER, STARTED) GENERIC(SERVER, STARTED) REFRESH In Example 2-3, the following profiles are defined: – SERVER class for CB.*.TIOTRAD. The SERVER class profile enables a server region to get exclusive access to the request queue in WLM created by the control region. A server region needs to be able to select and dequeue requests from the WLM queue created by the associated server control region. The profile is called CB.<server_instance_name>.<server_name>. The server region should have READ access, while everyone else no access. – The CBIND class profiles are used by WebSphere to control which clients can access a particular WebSphere Application Server for z/OS runtime or application server. A profile is defined in the CBIND class, which indicates which users can request access to application services related to this control region. RACF profile format is CB.BIND.<server_name>. Everyone should be able to READ this profile, while the control region needs a CONTROL access. – A second profile is defined in the CBIND class, which indicates which users can request access to application components that run in server regions related to this control region. RACF profile format is CB.<server_name>. Ordinarily, this profile has a Universal access of READ. – STARTED class for assigning user ID to started tasks TIOTRAD and TIOTRADS. 5. Create the procedures to start the application server control region and server region. Once again, we strongly recommend using the IVP server procedures as an example. Example 2-4 on page 19 shows a sample procedure JCL for the control region.18 Tivoli and WebSphere Application Server for z/OS

×