It's terrific that Dovetailed is making this offer, and it's terrific to have Tomcat available and supported on z/OS.
If the particular appeal of Tomcat is "it's free," you've got at least a couple alternatives that also are: 1. If you already have CICS Transaction Server Version 5.x, then you already have CICS Liberty at no additional charge, with IBM Support if you're running a supported CICS release. This "flavor" of Liberty features extensive z/OS and CICS exploitation which you can choose to use or not use, selectively. 2. If you don't already have CICS TS Version 5.x, you can still download and run Open Liberty on z/OS (and on other platforms): https://openliberty.io Open Liberty is explicitly, routinely IBM tested on z/OS, but it does not *particularly* exploit z/OS unique features. Open Liberty support is optionally available from IBM for a fee. It depends on what you're trying to accomplish, really. For example, if you're a software vendor or distributor and need a Java Enterprise Edition runtime for your product, but if you cannot assume that your end customer has a CICS TS or WebSphere Application Server for z/OS license (or even z/OS necessarily), then shipping your product assuming an Open Liberty base, with the option to install it on CICS Liberty or WebSphere Liberty, is likely a really terrific approach all around. Or, if you specifically need or prefer Tomcat, OK, that option is available, too. Then Dovetailed has you covered if/when you need support. They don't live on bread alone, and bread is not free either. I'll point out again that every z/OS licensee -- even the ones without RACF (the z/OS Security Server license) -- has the IBM Directory Server for z/OS. This is a fully IBM supported LDAP server, and one of its configurable features is that it supports authentication with your chosen SAF-enabled security manager. So if your Java application "speaks" LDAP, it can also automatically "speak" RACF (or ACF2 or TopSecret) via the IBM Directory Server for z/OS. That's regardless of runtime or even platform. On the other hand, especially (but not only) if you want a directly SAF-enabled JEE runtime, it's really best to pay *someone* something for ongoing support, if you care about maintaining at least reasonable security anyway. Tomcat had a now well publicized security vulnerability that was open for about 13 years called "Ghostcat." That's not good, but it's really not good if you don't have a support vendor by your side to close such vulnerabilities promptly in your chosen environments. Anyway, bottom line: keep Kirk (and Katherine, Karen, and Klaus) fed, OK? Support is worth paying for if you depend on the software, and you usually do. - - - - - - - - - - Timothy Sipples I.T. Architect Executive Digital Asset & Other Industry Solutions IBM Z & LinuxONE - - - - - - - - - - E-Mail: sipp...@sg.ibm.com ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
