Re: AT-TLS ? Very Basic Questions

[Tom Brennan]

I tried "Let's Encrypt" https://letsencrypt.org/ once for some web site 
names I have on a Linux server under my desk.  I can't remember why I 
didn't like it, but I ended up making my own CA cert to sign my https 
certificates, and then got the few people using the sites to import my 
CA into their browser.  Cheating a bit but it works great for isolated use.


But yes, if things like certificates could be all piled into one 
application and handled by one person in a company, things would get 
easier.  The first time I dealt with a certificate on the mainframe was 
for IBM's ITIM system which (the developer mentioned) had just switched 
to use OpenSSL.  We had multiple meetings with project leaders and 
others just to get a paid-for certificate in place (2 year expiration), 
when we probably could have created something self-signed with a 30 year 
expiration if we knew better :)


On 6/30/2020 10:23 PM, kekronbekron wrote:

I believe that's the idea.
Now with zERT being available, more encrypted workload types will get surfaced; 
will probably lead to adding more application/transport types being added under 
AT-TLS's capability.
Just speculation anyway..

What'll be interesting is if AT-TLS evolves to support mTLS (and the dynamic 
cert generation, renewal involved in it) for all the east-west traffic in 
new-age workload.
Starting with a "port" of Let's Encrypt for Z.
Don't know if any of these make sense, just a wild wishlist.

- KB

‐‐‐ Original Message ‐‐‐
On Wednesday, July 1, 2020 10:16 AM, Tom Brennan  
wrote:


Thanks KB... I think I got my basic question answered, which is that
one thing AT-TLS was designed for is to encrypt data for TCP/IP programs
that weren't originally written with encryption. In addition, it sounds
like even programs that can do their own encryption (i.e. TN3270) can
also use AT-TLS. If so, that's a smart plan - putting encryption
processing in one bucket with one set of controls, and one spot to
update when TLS1.x comes along.

But if I'm wrong with any of the general notes above, please correct me.

On 6/30/2020 9:16 PM, kekronbekron wrote:


Tom, check this out - https://www.youtube.com/watch?v=YKEzX70moOQ
I also got 200 hits for 'AT-TLS' after logging in to share.org; you might want 
to do the same to see which of those are the most useful to you.

-   KB

‐‐‐ Original Message ‐‐‐
On Tuesday, June 30, 2020 10:27 PM, Tom Brennan t...@tombrennansoftware.com 
wrote:


I've tried to skim some of the AT-TLS doc, and even attended an IBM
webinar last week, but I'm still missing what I imagine are important
background points. Maybe someone here can explain things, but don't
worry too much about it.
Client and server programs like SSH/SSHD call programs such as OpenSSL
to handle the encryption handshake and processing. So when you set
those up, there is no AT-TLS needed for encryption. Same with the
TN3270 server and client, as long as you set that up with keys and
parameters on the host side, and settings on the client side.
I'm thinking because of the name "Application Transparent" that AT-TLS
was made for programs that DON'T have their own logic to call OpenSSL
(or whatever) to do their own encryption. Let's use clear-text FTP as
an example. So somehow, AT-TLS hooks into the processing and provides
an encrypted "tunnel", kind of like VPN does, but only for that one
application. Does that sound correct?
If so, then the encryption is "transparent" to the FTP server code and
FTP does not need to be changed, which I think is the whole idea here.
Yet we now have an encrypted session. Does that sound correct?
Then if so, what happens on the FTP client side? I certainly can't use
the Windows FTP command, for example, because it's not setup for any
kind of encryption. That's kind of my big question here.
On 6/30/2020 1:44 AM, Lionel B Dyck wrote:


Sweet - thank you
Lionel B. Dyck <
Website: https://www.lbdsoftware.com
"Worry more about your character than your reputation. Character is what you are, 
reputation merely what others think you are." - John Wooden
-Original Message-
From: IBM Mainframe Discussion List IBM-MAIN@LISTSERV.UA.EDU On Behalf Of 
kekronbekron
Sent: Tuesday, June 30, 2020 2:34 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: AT-TLS ?
Hi LBD!,
Check these out-
http://www-03.ibm.com/support/techdocs/atsmastr.nsf/WebIndex/PRS5416
http://www-03.ibm.com/support/techdocs/atsmastr.nsf/WebIndex/PRS5415
http://www-03.ibm.com/support/techdocs/atsmastr.nsf/WebIndex/PRS5414

-   KB

‐‐‐ Original Message ‐‐‐
On Monday, June 29, 2020 3:56 AM, Lionel B Dyck lbd...@gmail.com wrote:


Anyone have any pointers for configuring AT-TLS on z/OS?
Lionel B. Dyck <
Website: https://www.lbdsoftware.com https://www.lbdsoftware.com
"Worry more about your character than your reputation. Character is
what you are, reputation merely what others think you are." - John
Wooden
For IBM-MAIN subscribe / signoff / archive access instructions, send
email to 

Re: AT-TLS ? Very Basic Questions

[kekronbekron]

I believe that's the idea.
Now with zERT being available, more encrypted workload types will get surfaced; 
will probably lead to adding more application/transport types being added under 
AT-TLS's capability.
Just speculation anyway..

What'll be interesting is if AT-TLS evolves to support mTLS (and the dynamic 
cert generation, renewal involved in it) for all the east-west traffic in 
new-age workload.
Starting with a "port" of Let's Encrypt for Z.
Don't know if any of these make sense, just a wild wishlist.

- KB

‐‐‐ Original Message ‐‐‐
On Wednesday, July 1, 2020 10:16 AM, Tom Brennan  
wrote:

> Thanks KB... I think I got my basic question answered, which is that
> one thing AT-TLS was designed for is to encrypt data for TCP/IP programs
> that weren't originally written with encryption. In addition, it sounds
> like even programs that can do their own encryption (i.e. TN3270) can
> also use AT-TLS. If so, that's a smart plan - putting encryption
> processing in one bucket with one set of controls, and one spot to
> update when TLS1.x comes along.
>
> But if I'm wrong with any of the general notes above, please correct me.
>
> On 6/30/2020 9:16 PM, kekronbekron wrote:
>
> > Tom, check this out - https://www.youtube.com/watch?v=YKEzX70moOQ
> > I also got 200 hits for 'AT-TLS' after logging in to share.org; you might 
> > want to do the same to see which of those are the most useful to you.
> >
> > -   KB
> >
> > ‐‐‐ Original Message ‐‐‐
> > On Tuesday, June 30, 2020 10:27 PM, Tom Brennan t...@tombrennansoftware.com 
> > wrote:
> >
> > > I've tried to skim some of the AT-TLS doc, and even attended an IBM
> > > webinar last week, but I'm still missing what I imagine are important
> > > background points. Maybe someone here can explain things, but don't
> > > worry too much about it.
> > > Client and server programs like SSH/SSHD call programs such as OpenSSL
> > > to handle the encryption handshake and processing. So when you set
> > > those up, there is no AT-TLS needed for encryption. Same with the
> > > TN3270 server and client, as long as you set that up with keys and
> > > parameters on the host side, and settings on the client side.
> > > I'm thinking because of the name "Application Transparent" that AT-TLS
> > > was made for programs that DON'T have their own logic to call OpenSSL
> > > (or whatever) to do their own encryption. Let's use clear-text FTP as
> > > an example. So somehow, AT-TLS hooks into the processing and provides
> > > an encrypted "tunnel", kind of like VPN does, but only for that one
> > > application. Does that sound correct?
> > > If so, then the encryption is "transparent" to the FTP server code and
> > > FTP does not need to be changed, which I think is the whole idea here.
> > > Yet we now have an encrypted session. Does that sound correct?
> > > Then if so, what happens on the FTP client side? I certainly can't use
> > > the Windows FTP command, for example, because it's not setup for any
> > > kind of encryption. That's kind of my big question here.
> > > On 6/30/2020 1:44 AM, Lionel B Dyck wrote:
> > >
> > > > Sweet - thank you
> > > > Lionel B. Dyck <
> > > > Website: https://www.lbdsoftware.com
> > > > "Worry more about your character than your reputation. Character is 
> > > > what you are, reputation merely what others think you are." - John 
> > > > Wooden
> > > > -Original Message-
> > > > From: IBM Mainframe Discussion List IBM-MAIN@LISTSERV.UA.EDU On Behalf 
> > > > Of kekronbekron
> > > > Sent: Tuesday, June 30, 2020 2:34 AM
> > > > To: IBM-MAIN@LISTSERV.UA.EDU
> > > > Subject: Re: AT-TLS ?
> > > > Hi LBD!,
> > > > Check these out-
> > > > http://www-03.ibm.com/support/techdocs/atsmastr.nsf/WebIndex/PRS5416
> > > > http://www-03.ibm.com/support/techdocs/atsmastr.nsf/WebIndex/PRS5415
> > > > http://www-03.ibm.com/support/techdocs/atsmastr.nsf/WebIndex/PRS5414
> > > >
> > > > -   KB
> > > >
> > > > ‐‐‐ Original Message ‐‐‐
> > > > On Monday, June 29, 2020 3:56 AM, Lionel B Dyck lbd...@gmail.com wrote:
> > > >
> > > > > Anyone have any pointers for configuring AT-TLS on z/OS?
> > > > > Lionel B. Dyck <
> > > > > Website: https://www.lbdsoftware.com https://www.lbdsoftware.com
> > > > > "Worry more about your character than your reputation. Character is
> > > > > what you are, reputation merely what others think you are." - John
> > > > > Wooden
> > > > > For IBM-MAIN subscribe / signoff / archive access instructions, send
> > > > > email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
> > > >
> > > > For IBM-MAIN subscribe / signoff / archive access instructions, send 
> > > > email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
> > > > For IBM-MAIN subscribe / signoff / archive access instructions,
> > > > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
> > >
> > > --
> > > For IBM-MAIN subscribe / signoff / archive access instructions,
> > > send email to lists...@listserv.ua.edu 

Re: AT-TLS ? Very Basic Questions

[Tom Brennan]

Thanks KB...  I think I got my basic question answered, which is that 
one thing AT-TLS was designed for is to encrypt data for TCP/IP programs 
that weren't originally written with encryption.  In addition, it sounds 
like even programs that can do their own encryption (i.e. TN3270) can 
also use AT-TLS.  If so, that's a smart plan - putting encryption 
processing in one bucket with one set of controls, and one spot to 
update when TLS1.x comes along.


But if I'm wrong with any of the general notes above, please correct me.

On 6/30/2020 9:16 PM, kekronbekron wrote:

Tom, check this out - https://www.youtube.com/watch?v=YKEzX70moOQ

I also got 200 hits for 'AT-TLS' after logging in to share.org; you might want 
to do the same to see which of those are the most useful to you.

- KB

‐‐‐ Original Message ‐‐‐
On Tuesday, June 30, 2020 10:27 PM, Tom Brennan  
wrote:


I've tried to skim some of the AT-TLS doc, and even attended an IBM
webinar last week, but I'm still missing what I imagine are important
background points. Maybe someone here can explain things, but don't
worry too much about it.

Client and server programs like SSH/SSHD call programs such as OpenSSL
to handle the encryption handshake and processing. So when you set
those up, there is no AT-TLS needed for encryption. Same with the
TN3270 server and client, as long as you set that up with keys and
parameters on the host side, and settings on the client side.

I'm thinking because of the name "Application Transparent" that AT-TLS
was made for programs that DON'T have their own logic to call OpenSSL
(or whatever) to do their own encryption. Let's use clear-text FTP as
an example. So somehow, AT-TLS hooks into the processing and provides
an encrypted "tunnel", kind of like VPN does, but only for that one
application. Does that sound correct?

If so, then the encryption is "transparent" to the FTP server code and
FTP does not need to be changed, which I think is the whole idea here.
Yet we now have an encrypted session. Does that sound correct?

Then if so, what happens on the FTP client side? I certainly can't use
the Windows FTP command, for example, because it's not setup for any
kind of encryption. That's kind of my big question here.

On 6/30/2020 1:44 AM, Lionel B Dyck wrote:


Sweet - thank you
Lionel B. Dyck <
Website: https://www.lbdsoftware.com
"Worry more about your character than your reputation. Character is what you are, 
reputation merely what others think you are." - John Wooden
-Original Message-
From: IBM Mainframe Discussion List IBM-MAIN@LISTSERV.UA.EDU On Behalf Of 
kekronbekron
Sent: Tuesday, June 30, 2020 2:34 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: AT-TLS ?
Hi LBD!,
Check these out-
http://www-03.ibm.com/support/techdocs/atsmastr.nsf/WebIndex/PRS5416
http://www-03.ibm.com/support/techdocs/atsmastr.nsf/WebIndex/PRS5415
http://www-03.ibm.com/support/techdocs/atsmastr.nsf/WebIndex/PRS5414

-   KB

‐‐‐ Original Message ‐‐‐
On Monday, June 29, 2020 3:56 AM, Lionel B Dyck lbd...@gmail.com wrote:


Anyone have any pointers for configuring AT-TLS on z/OS?
Lionel B. Dyck <
Website: https://www.lbdsoftware.com https://www.lbdsoftware.com
"Worry more about your character than your reputation. Character is
what you are, reputation merely what others think you are." - John
Wooden

For IBM-MAIN subscribe / signoff / archive access instructions, send
email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN


For IBM-MAIN subscribe / signoff / archive access instructions, send email to 
lists...@listserv.ua.edu with the message: INFO IBM-MAIN

For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN


--

For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN




--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: AT-TLS ? Very Basic Questions

[kekronbekron]

Tom, check this out - https://www.youtube.com/watch?v=YKEzX70moOQ

I also got 200 hits for 'AT-TLS' after logging in to share.org; you might want 
to do the same to see which of those are the most useful to you.

- KB

‐‐‐ Original Message ‐‐‐
On Tuesday, June 30, 2020 10:27 PM, Tom Brennan  
wrote:

> I've tried to skim some of the AT-TLS doc, and even attended an IBM
> webinar last week, but I'm still missing what I imagine are important
> background points. Maybe someone here can explain things, but don't
> worry too much about it.
>
> Client and server programs like SSH/SSHD call programs such as OpenSSL
> to handle the encryption handshake and processing. So when you set
> those up, there is no AT-TLS needed for encryption. Same with the
> TN3270 server and client, as long as you set that up with keys and
> parameters on the host side, and settings on the client side.
>
> I'm thinking because of the name "Application Transparent" that AT-TLS
> was made for programs that DON'T have their own logic to call OpenSSL
> (or whatever) to do their own encryption. Let's use clear-text FTP as
> an example. So somehow, AT-TLS hooks into the processing and provides
> an encrypted "tunnel", kind of like VPN does, but only for that one
> application. Does that sound correct?
>
> If so, then the encryption is "transparent" to the FTP server code and
> FTP does not need to be changed, which I think is the whole idea here.
> Yet we now have an encrypted session. Does that sound correct?
>
> Then if so, what happens on the FTP client side? I certainly can't use
> the Windows FTP command, for example, because it's not setup for any
> kind of encryption. That's kind of my big question here.
>
> On 6/30/2020 1:44 AM, Lionel B Dyck wrote:
>
> > Sweet - thank you
> > Lionel B. Dyck <
> > Website: https://www.lbdsoftware.com
> > "Worry more about your character than your reputation. Character is what 
> > you are, reputation merely what others think you are." - John Wooden
> > -Original Message-
> > From: IBM Mainframe Discussion List IBM-MAIN@LISTSERV.UA.EDU On Behalf Of 
> > kekronbekron
> > Sent: Tuesday, June 30, 2020 2:34 AM
> > To: IBM-MAIN@LISTSERV.UA.EDU
> > Subject: Re: AT-TLS ?
> > Hi LBD!,
> > Check these out-
> > http://www-03.ibm.com/support/techdocs/atsmastr.nsf/WebIndex/PRS5416
> > http://www-03.ibm.com/support/techdocs/atsmastr.nsf/WebIndex/PRS5415
> > http://www-03.ibm.com/support/techdocs/atsmastr.nsf/WebIndex/PRS5414
> >
> > -   KB
> >
> > ‐‐‐ Original Message ‐‐‐
> > On Monday, June 29, 2020 3:56 AM, Lionel B Dyck lbd...@gmail.com wrote:
> >
> > > Anyone have any pointers for configuring AT-TLS on z/OS?
> > > Lionel B. Dyck <
> > > Website: https://www.lbdsoftware.com https://www.lbdsoftware.com
> > > "Worry more about your character than your reputation. Character is
> > > what you are, reputation merely what others think you are." - John
> > > Wooden
> > >
> > > For IBM-MAIN subscribe / signoff / archive access instructions, send
> > > email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
> >
> > For IBM-MAIN subscribe / signoff / archive access instructions, send email 
> > to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
> >
> > For IBM-MAIN subscribe / signoff / archive access instructions,
> > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>
> --
>
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Mid-2021 Withdrawal of IBM z14 & LinuxONE Emperor II Features

[Timothy Sipples]

IBM announced that certain IBM z14 (Machine Type 3906) and IBM LinuxONE 
Emperor II features will no longer be available effective June 30, 2021:

https://www.ibm.com/downloads/cas/US-ENUS920-113-CA/name/US-ENUS920-113-CA.PDF

Note that's 2021, i.e. next year as I write this. This future withdrawal 
relates to the features that require physical shipment of components.

This withdrawal notice does NOT affect IBM z14 ZR1 and IBM LinuxONE 
Rockhopper II models.

- - - - - - - - - -
Timothy Sipples
I.T. Architect Executive
Digital Asset & Other Industry Solutions
IBM Z & LinuxONE
- - - - - - - - - -
E-Mail: sipp...@sg.ibm.com

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

IBM z/OS Statement of Direction re: Containers

[Timothy Sipples]

I draw your attention to this Statement of Direction that IBM published on 
June 23, 2020:

https://www.ibm.com/downloads/cas/US-ENUS220-033-CA/name/US-ENUS220-033-CA.PDF

Please also refer to IBM Announcement Letter 219-233 (mostly already 
fulfilled).

- - - - - - - - - -
Timothy Sipples
I.T. Architect Executive
Digital Asset & Other Industry Solutions
IBM Z & LinuxONE
- - - - - - - - - -
E-Mail: sipp...@sg.ibm.com

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: SMS Data Class attribute Extended

[Seymour J Metz]

> IEC143I 213-B8 - An OPEN was attempted against an extended-format data set 
> with a DCB that specified EXCP. EXCP is not supported for extended-format 
> data sets.

That message text is in error. EXCP is supported, but you must have an 
appropriate DCBE.


--
Shmuel (Seymour J.) Metz
http://mason.gmu.edu/~smetz3


From: IBM Mainframe Discussion List [IBM-MAIN@LISTSERV.UA.EDU] on behalf of 
PINION, RICHARD W. [rpin...@firsthorizon.com]
Sent: Tuesday, June 30, 2020 3:53 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: SMS Data Class attribute Extended

We are attempting, on our QA LPAR, to use the SMS DC attributes,

Data Set Name Type  . . . . . : EXTENDED
  If Extended . . . . . . . . : PREFERRED
  Extended Addressability . . : YES

for all of our sequential data sets.  Of several hundred/thousands of dataset 
allocations, during the test
period, we ran into 4 ABENDS, 3 S213-94 and 1 S213-B8.  Which is pretty good, 
in my opinion.

IEC143I 213-94 - An OPEN macro instruction was attempted against an 
extended-format data set, but the access method is not BSAM or QSAM, or is BDAM 
load mode.

IEC143I 213-B8 - An OPEN was attempted against an extended-format data set with 
a DCB that specified EXCP. EXCP is not supported for extended-format data sets.

I would like to examine our SMF 14/15 records from our production LPAR to 
identify other potential problem
datasets.  I have an ancient user written assembler program, 1980's, that 
reports on SMF 14/15 records.  One
of the reported columns is MACREF, which has a test for EXCP processing.  If it 
was EXCP processing, the record
is reported with an "E" for that column.  I'm able to see all 14/15 activity 
that has activity for EXCP processing.
However, I noticed that SORT and ICEGENER use EXCP processing.   We didn't have 
any ABENDS with SORT
or ICEGENER.

Two questions,   1)  In addition to my ancient assembler program, can anyone 
recommend a free reporting tool,
that we could use to identify datasets not eligible for EXT format, and 2) Why 
does SORT/ICEGENER work against
EXT type datasets with EXCP process?

Confidentiality notice:
This e-mail message, including any attachments, may contain legally privileged 
and/or confidential information. If you are not the intended recipient(s), or 
the employee or agent responsible for delivery of this message to the intended 
recipient(s), you are hereby notified that any dissemination, distribution, or 
copying of this e-mail message is strictly prohibited. If you have received 
this message in error, please immediately notify the sender and delete this 
e-mail message from your computer.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: [EXTERNAL] Re: AT-TLS ? Very Basic Questions

[Allan Staller]

AT-TLS Operates at the transport layer of the OSI model.
SFTP (open SSH,...) operates at the session layer of the OSI model.

BTW, TLS has been supported "forever" by FTP, etc. The problem is, with TLS, 
the application needs to be modified to make TLS calls in the session layer. 
With AT-TLS, session layer TLS calls are moved to the transport layer and 
eliminated from the session layer. 
No application changes are needed.

HTH,

-Original Message-
From: IBM Mainframe Discussion List  On Behalf Of Tom 
Brennan
Sent: Tuesday, June 30, 2020 4:22 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: [EXTERNAL] Re: AT-TLS ? Very Basic Questions

[CAUTION: This Email is from outside the Organization. Unless you trust the 
sender, Don’t click links or open attachments as it may be a Phishing email, 
which can steal your Information and compromise your Computer.]

Thanks Allan.  In TCP/IP programs I've written in C (both mainframe and 
non-mainframe), I've used connect(), send(), recv() and similar C functions for 
clear-text communication.  So I think that would be called the "logical layer".

And I'm assuming the "physical layer" would be at the point where software is 
talking to an OSA card.  In this case that would be the TCPIP address space, 
since my program doesn't talk directly to hardware.

That would mean AT-TLS comes into play via the TCPIP task, doing the encryption 
at that point, while my clear-text program has no idea and doesn't care.  
Certificates and other encryption parameters would be handled by AT-TLS at that 
point.

That's the picture I have so far.

Now in my own program if I called OpenSSL functions like SSL_connect() or 
SSL_read(), then encryption would be done at the logical layer, and my own 
program would then be responsible for certificates.  AT-TLS would not be 
needed, well, unless an auditor doesn't trust my SSL code.  That actually could 
be a consideration even for things like SFTP I guess - there's your first flame 
:)

On 6/30/2020 1:42 PM, Allan Staller wrote:
> Hopefully this will provide the clarity needed.
>
> AT-TLS works at the physical layer.
> FTPS and SFTP work at the logical layer
>
> Although not mutually exclusive, If you are doing one, the other is 
> unnecessary.
>
> Start the flame wars! Shields up. Condition Red! AT-TLS vs. SFTP!
>
> -Original Message-
> From: IBM Mainframe Discussion List  On 
> Behalf Of Tom Brennan
> Sent: Tuesday, June 30, 2020 12:19 PM
> To: IBM-MAIN@LISTSERV.UA.EDU
> Subject: Re: [EXTERNAL] Re: AT-TLS ? Very Basic Questions
>
> [CAUTION: This Email is from outside the Organization. Unless you 
> trust the sender, Don’t click links or open attachments as it may be a 
> Phishing email, which can steal your Information and compromise your 
> Computer.]
>
> Do you know if either of those require AT-TLS?  When I installed and 
> configured SSHD last (a couple of years ago) it did its own encryption.
> I never worked with anything called FTPS.
>
> On 6/30/2020 10:12 AM, Marshall Stone wrote:
>> There are 2 types of FTP in use today on most mainframes.
>>
>> SFTP  - which uses Open/SSH (SSHAGNT as client and SSHD as a server) 
>> and the encryption/authentication is generally provided by the use of 
>> RSA/DSA public/private key pairs. The public keys are exchanged and 
>> stored in known_hosts files (if acting as client) or authorized_keys 
>> file (if acting as server) - Uses Server PORT 22 and ephemeral ports
>>
>> FTPS - completely different mechanism the AT/TLS functions are 
>> provided by ICSF and policy agent (PAGENT) - You must configure an 
>> FTPS TLS rule to allow the connection and the partner side also will 
>> require a similar rule. The encryption/authentication come from the 
>> PAGENT rule and the use of x.509 certificates.  These are exchanged 
>> between partners and loaded onto the RACF keyring. The PAGNET rule 
>> points back to the keyring. - Uses Server PORT 990 by an old implicit 
>> default most sites use a different port and connect clients with 
>> ephemeral port ranges. FTPS handles MVS datasets better if possible 
>> use FTPS for MF to MF and use SFTP for MF to Other
>> platforms(MS,UNIX,etc)
>>
>> MS
>>
>> -Original Message-
>> From: IBM Mainframe Discussion List  On 
>> Behalf Of Tom Brennan
>> Sent: Tuesday, June 30, 2020 12:58 PM
>> To: IBM-MAIN@LISTSERV.UA.EDU
>> Subject: [EXTERNAL] Re: AT-TLS ? Very Basic Questions
>>
>> I've tried to skim some of the AT-TLS doc, and even attended an IBM webinar 
>> last week, but I'm still missing what I imagine are important background 
>> points.  Maybe someone here can explain things, but don't worry too much 
>> about it.
>>
>> Client and server programs like SSH/SSHD call programs such as 
>> OpenSSL to handle the encryption handshake and processing.  So when 
>> you set those up, there is no AT-TLS needed for encryption.  Same 
>> with the
>> TN3270 server and client, as long as you set that up with keys and 
>> parameters on the host side, and 

Re: [EXTERNAL] Re: AT-TLS ? Very Basic Questions

[Tom Brennan]

Thanks Allan.  In TCP/IP programs I've written in C (both mainframe and 
non-mainframe), I've used connect(), send(), recv() and similar C 
functions for clear-text communication.  So I think that would be called 
the "logical layer".


And I'm assuming the "physical layer" would be at the point where 
software is talking to an OSA card.  In this case that would be the 
TCPIP address space, since my program doesn't talk directly to hardware.


That would mean AT-TLS comes into play via the TCPIP task, doing the 
encryption at that point, while my clear-text program has no idea and 
doesn't care.  Certificates and other encryption parameters would be 
handled by AT-TLS at that point.


That's the picture I have so far.

Now in my own program if I called OpenSSL functions like SSL_connect() 
or SSL_read(), then encryption would be done at the logical layer, and 
my own program would then be responsible for certificates.  AT-TLS would 
not be needed, well, unless an auditor doesn't trust my SSL code.  That 
actually could be a consideration even for things like SFTP I guess - 
there's your first flame :)


On 6/30/2020 1:42 PM, Allan Staller wrote:

Hopefully this will provide the clarity needed.

AT-TLS works at the physical layer.
FTPS and SFTP work at the logical layer

Although not mutually exclusive, If you are doing one, the other is unnecessary.

Start the flame wars! Shields up. Condition Red! AT-TLS vs. SFTP!

-Original Message-
From: IBM Mainframe Discussion List  On Behalf Of Tom 
Brennan
Sent: Tuesday, June 30, 2020 12:19 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: [EXTERNAL] Re: AT-TLS ? Very Basic Questions

[CAUTION: This Email is from outside the Organization. Unless you trust the 
sender, Don’t click links or open attachments as it may be a Phishing email, 
which can steal your Information and compromise your Computer.]

Do you know if either of those require AT-TLS?  When I installed and configured 
SSHD last (a couple of years ago) it did its own encryption.
I never worked with anything called FTPS.

On 6/30/2020 10:12 AM, Marshall Stone wrote:

There are 2 types of FTP in use today on most mainframes.

SFTP  - which uses Open/SSH (SSHAGNT as client and SSHD as a server)
and the encryption/authentication is generally provided by the use of
RSA/DSA public/private key pairs. The public keys are exchanged and
stored in known_hosts files (if acting as client) or authorized_keys
file (if acting as server) - Uses Server PORT 22 and ephemeral ports

FTPS - completely different mechanism the AT/TLS functions are
provided by ICSF and policy agent (PAGENT) - You must configure an
FTPS TLS rule to allow the connection and the partner side also will
require a similar rule. The encryption/authentication come from the
PAGENT rule and the use of x.509 certificates.  These are exchanged
between partners and loaded onto the RACF keyring. The PAGNET rule
points back to the keyring. - Uses Server PORT 990 by an old implicit
default most sites use a different port and connect clients with
ephemeral port ranges. FTPS handles MVS datasets better if possible
use FTPS for MF to MF and use SFTP for MF to Other
platforms(MS,UNIX,etc)

MS

-Original Message-
From: IBM Mainframe Discussion List  On
Behalf Of Tom Brennan
Sent: Tuesday, June 30, 2020 12:58 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: [EXTERNAL] Re: AT-TLS ? Very Basic Questions

I've tried to skim some of the AT-TLS doc, and even attended an IBM webinar 
last week, but I'm still missing what I imagine are important background 
points.  Maybe someone here can explain things, but don't worry too much about 
it.

Client and server programs like SSH/SSHD call programs such as OpenSSL
to handle the encryption handshake and processing.  So when you set
those up, there is no AT-TLS needed for encryption.  Same with the
TN3270 server and client, as long as you set that up with keys and parameters 
on the host side, and settings on the client side.

I'm thinking because of the name "Application Transparent" that AT-TLS was made for 
programs that DON'T have their own logic to call OpenSSL (or whatever) to do their own encryption.  
Let's use clear-text FTP as an example.  So somehow, AT-TLS hooks into the processing and provides 
an encrypted "tunnel", kind of like VPN does, but only for that one application.  Does 
that sound correct?

If so, then the encryption is "transparent" to the FTP server code and FTP does 
not need to be changed, which I think is the whole idea here.
Yet we now have an encrypted session.  Does that sound correct?

Then if so, what happens on the FTP client side?  I certainly can't use the 
Windows FTP command, for example, because it's not setup for any kind of 
encryption.  That's kind of my big question here.

On 6/30/2020 1:44 AM, Lionel B Dyck wrote:

Sweet - thank you


Lionel B. Dyck <
Website:
https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww

Re: Question

[Brian France]

Our initial login is two factor to NCPASS, then to TPX. All of our 
TN3270 connections use PAGENT.


On 6/30/2020 5:09 PM, Steve Beaver wrote:

Is anyone using CA-TPX, CL/SuperSession, Etc  and enabled PAGENT?

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN


--
Brian W. France
Systems Administrator (Mainframe)
Pennsylvania State University
Penn State IT - Infrastructure/SYSARC
Rm 25 Shields Bldg., University Park, Pa. 16802
814-863-4739
b...@psu.edu

There's no such thing as The Cloud - it's just someone else's computer...

"To make an apple pie from scratch, you must first invent the universe."

Carl Sagan

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Question

[Steve Beaver]

Is anyone using CA-TPX, CL/SuperSession, Etc  and enabled PAGENT?

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: [EXTERNAL] Re: AT-TLS ? Very Basic Questions

[Allan Staller]

Hopefully this will provide the clarity needed.

AT-TLS works at the physical layer.
FTPS and SFTP work at the logical layer

Although not mutually exclusive, If you are doing one, the other is unnecessary.

Start the flame wars! Shields up. Condition Red! AT-TLS vs. SFTP!

-Original Message-
From: IBM Mainframe Discussion List  On Behalf Of Tom 
Brennan
Sent: Tuesday, June 30, 2020 12:19 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: [EXTERNAL] Re: AT-TLS ? Very Basic Questions

[CAUTION: This Email is from outside the Organization. Unless you trust the 
sender, Don’t click links or open attachments as it may be a Phishing email, 
which can steal your Information and compromise your Computer.]

Do you know if either of those require AT-TLS?  When I installed and configured 
SSHD last (a couple of years ago) it did its own encryption.
I never worked with anything called FTPS.

On 6/30/2020 10:12 AM, Marshall Stone wrote:
> There are 2 types of FTP in use today on most mainframes.
>
> SFTP  - which uses Open/SSH (SSHAGNT as client and SSHD as a server)
> and the encryption/authentication is generally provided by the use of
> RSA/DSA public/private key pairs. The public keys are exchanged and
> stored in known_hosts files (if acting as client) or authorized_keys
> file (if acting as server) - Uses Server PORT 22 and ephemeral ports
>
> FTPS - completely different mechanism the AT/TLS functions are
> provided by ICSF and policy agent (PAGENT) - You must configure an
> FTPS TLS rule to allow the connection and the partner side also will
> require a similar rule. The encryption/authentication come from the
> PAGENT rule and the use of x.509 certificates.  These are exchanged
> between partners and loaded onto the RACF keyring. The PAGNET rule
> points back to the keyring. - Uses Server PORT 990 by an old implicit
> default most sites use a different port and connect clients with
> ephemeral port ranges. FTPS handles MVS datasets better if possible
> use FTPS for MF to MF and use SFTP for MF to Other
> platforms(MS,UNIX,etc)
>
> MS
>
> -Original Message-
> From: IBM Mainframe Discussion List  On
> Behalf Of Tom Brennan
> Sent: Tuesday, June 30, 2020 12:58 PM
> To: IBM-MAIN@LISTSERV.UA.EDU
> Subject: [EXTERNAL] Re: AT-TLS ? Very Basic Questions
>
> I've tried to skim some of the AT-TLS doc, and even attended an IBM webinar 
> last week, but I'm still missing what I imagine are important background 
> points.  Maybe someone here can explain things, but don't worry too much 
> about it.
>
> Client and server programs like SSH/SSHD call programs such as OpenSSL
> to handle the encryption handshake and processing.  So when you set
> those up, there is no AT-TLS needed for encryption.  Same with the
> TN3270 server and client, as long as you set that up with keys and parameters 
> on the host side, and settings on the client side.
>
> I'm thinking because of the name "Application Transparent" that AT-TLS was 
> made for programs that DON'T have their own logic to call OpenSSL (or 
> whatever) to do their own encryption.  Let's use clear-text FTP as an 
> example.  So somehow, AT-TLS hooks into the processing and provides an 
> encrypted "tunnel", kind of like VPN does, but only for that one application. 
>  Does that sound correct?
>
> If so, then the encryption is "transparent" to the FTP server code and FTP 
> does not need to be changed, which I think is the whole idea here.
> Yet we now have an encrypted session.  Does that sound correct?
>
> Then if so, what happens on the FTP client side?  I certainly can't use the 
> Windows FTP command, for example, because it's not setup for any kind of 
> encryption.  That's kind of my big question here.
>
> On 6/30/2020 1:44 AM, Lionel B Dyck wrote:
>> Sweet - thank you
>>
>>
>> Lionel B. Dyck <
>> Website:
>> https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww
>> .lbdsoftware.com%2Fdata=02%7C01%7Callan.staller%40HCL.COM%7Cd879
>> db1f36854d47ffc308d81d19bac1%7C189de737c93a4f5a8b686f4ca9941912%7C0%7
>> C0%7C637291343650296855sdata=rYCeChKI6R6cKaQRyHKEfhk3QR%2Fya0rHS
>> %2FSvJedIZJo%3Dreserved=0
>>
>> "Worry more about your character than your reputation.  Character is
>> what you are, reputation merely what others think you are." - John
>> Wooden
>>
>> -Original Message-
>> From: IBM Mainframe Discussion List  On
>> Behalf Of kekronbekron
>> Sent: Tuesday, June 30, 2020 2:34 AM
>> To: IBM-MAIN@LISTSERV.UA.EDU
>> Subject: Re: AT-TLS ?
>>
>> Hi LBD!,
>>
>> Check these out-
>>
>>
>> https://apc01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww-
>> 03.ibm.com%2Fsupport%2Ftechdocs%2Fatsmastr.nsf%2FWebIndex%2FPRS5416
>> mp;data=02%7C01%7Callan.staller%40HCL.COM%7Cd879db1f36854d47ffc308d81
>> d19bac1%7C189de737c93a4f5a8b686f4ca9941912%7C0%7C0%7C6372913436503068
>> 44sdata=9%2BluT%2FKH3wj94fpoHyCHX82zaMk0x2tVSqVkDFjlUQk%3Dr
>> eserved=0
>> https://apc01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww-
>> 

Re: AT-TLS ? Very Basic Questions

[Allan Staller]

 AT-TLS is required for TN3270 (and others 

The above is incorrect. AT-TLS is *NEVER* a requirement.
It is up to the installation to determine whether or not AT-TLS will be used.

-Original Message-
From: IBM Mainframe Discussion List  On Behalf Of 
Jackson, Rob
Sent: Tuesday, June 30, 2020 12:10 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: AT-TLS ? Very Basic Questions

[CAUTION: This Email is from outside the Organization. Unless you trust the 
sender, Don’t click links or open attachments as it may be a Phishing email, 
which can steal your Information and compromise your Computer.]

A note, without addressing your entire post (certainly not my area of 
expertise):  AT-TLS is required for TN3270 (and others) if you want to use TLS 
1.2 and higher.  In your TELNETPARMS for the port, instead of using SECUREPORT, 
you use TTLSPORT, referencing a port specified in a TTLSRule in AT-TLS.

First Horizon Bank
Mainframe Technical Support

-Original Message-
From: IBM Mainframe Discussion List  On Behalf Of Tom 
Brennan
Sent: Tuesday, June 30, 2020 12:58 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: AT-TLS ? Very Basic Questions

[External Email. Exercise caution when clicking links or opening attachments.]

I've tried to skim some of the AT-TLS doc, and even attended an IBM webinar 
last week, but I'm still missing what I imagine are important background 
points.  Maybe someone here can explain things, but don't worry too much about 
it.

Client and server programs like SSH/SSHD call programs such as OpenSSL to 
handle the encryption handshake and processing.  So when you set those up, 
there is no AT-TLS needed for encryption.  Same with the
TN3270 server and client, as long as you set that up with keys and parameters 
on the host side, and settings on the client side.

I'm thinking because of the name "Application Transparent" that AT-TLS was made 
for programs that DON'T have their own logic to call OpenSSL (or whatever) to 
do their own encryption.  Let's use clear-text FTP as an example.  So somehow, 
AT-TLS hooks into the processing and provides an encrypted "tunnel", kind of 
like VPN does, but only for that one application.  Does that sound correct?

If so, then the encryption is "transparent" to the FTP server code and FTP does 
not need to be changed, which I think is the whole idea here.
Yet we now have an encrypted session.  Does that sound correct?

Then if so, what happens on the FTP client side?  I certainly can't use the 
Windows FTP command, for example, because it's not setup for any kind of 
encryption.  That's kind of my big question here.

On 6/30/2020 1:44 AM, Lionel B Dyck wrote:
> Sweet - thank you
>
>
> Lionel B. Dyck <
> Website:
> https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.
> lbdsoftware.com%2Fdata=02%7C01%7Callan.staller%40HCL.COM%7C99280d
> f69a7f440f7b7808d81d18718e%7C189de737c93a4f5a8b686f4ca9941912%7C0%7C0%
> 7C637291338121879218sdata=5nqFVRanvSo1qssQhIXSYEfVhYkVYkyBEbm9E4%
> 2BTfqA%3Dreserved=0
>
> "Worry more about your character than your reputation.  Character is
> what you are, reputation merely what others think you are." - John
> Wooden
>
> -Original Message-
> From: IBM Mainframe Discussion List  On
> Behalf Of kekronbekron
> Sent: Tuesday, June 30, 2020 2:34 AM
> To: IBM-MAIN@LISTSERV.UA.EDU
> Subject: Re: AT-TLS ?
>
> Hi LBD!,
>
> Check these out-
>
>
> https://apc01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww-0
> 3.ibm.com%2Fsupport%2Ftechdocs%2Fatsmastr.nsf%2FWebIndex%2FPRS5416
> ;data=02%7C01%7Callan.staller%40HCL.COM%7C99280df69a7f440f7b7808d81d18
> 718e%7C189de737c93a4f5a8b686f4ca9941912%7C0%7C0%7C637291338121879218
> mp;sdata=L6mKfTNfEkpFoIuP81EHxeZ09JTFc5kHH%2F8uZwYQGHw%3Dreserved
> =0
> https://apc01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww-0
> 3.ibm.com%2Fsupport%2Ftechdocs%2Fatsmastr.nsf%2FWebIndex%2FPRS5415
> ;data=02%7C01%7Callan.staller%40HCL.COM%7C99280df69a7f440f7b7808d81d18
> 718e%7C189de737c93a4f5a8b686f4ca9941912%7C0%7C0%7C637291338121879218
> mp;sdata=ccHKGe0thy6RCiB8j%2BWb2Adx3E9GiAtOyKB2p0O1K4s%3Dreserved
> =0
> https://apc01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww-0
> 3.ibm.com%2Fsupport%2Ftechdocs%2Fatsmastr.nsf%2FWebIndex%2FPRS5414
> ;data=02%7C01%7Callan.staller%40HCL.COM%7C99280df69a7f440f7b7808d81d18
> 718e%7C189de737c93a4f5a8b686f4ca9941912%7C0%7C0%7C637291338121879218
> mp;sdata=xnkVymfVN8Xm0q4fsppLRRxZgQvNvmwII9jeUv6lrOs%3Dreserved=0
>
> - KB
>
> ‐‐‐ Original Message ‐‐‐
> On Monday, June 29, 2020 3:56 AM, Lionel B Dyck  wrote:
>
>> Anyone have any pointers for configuring AT-TLS on z/OS?
>>
>> Lionel B. Dyck <
>> Website:
>> https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww
>> .lbdsoftware.com%2Fdata=02%7C01%7Callan.staller%40HCL.COM%7C9928
>> 0df69a7f440f7b7808d81d18718e%7C189de737c93a4f5a8b686f4ca9941912%7C0%7
>> C0%7C637291338121879218sdata=5nqFVRanvSo1qssQhIXSYEfVhYkVYkyBEbm
>> 9E4%2BTfqA%3Dreserved=0
>> 

Re: AT-TLS ? Very Basic Questions

[Steve Beaver]

AT-TLS has been around for a while.  What is causing problems for tools like 
CL/Supersession, CA-TPX
And such is PAGENT.

Once PAGENT is turned on all bets are off

-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf 
Of Tom Brennan
Sent: Tuesday, June 30, 2020 11:58 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: AT-TLS ? Very Basic Questions

I've tried to skim some of the AT-TLS doc, and even attended an IBM 
webinar last week, but I'm still missing what I imagine are important 
background points.  Maybe someone here can explain things, but don't 
worry too much about it.

Client and server programs like SSH/SSHD call programs such as OpenSSL 
to handle the encryption handshake and processing.  So when you set 
those up, there is no AT-TLS needed for encryption.  Same with the 
TN3270 server and client, as long as you set that up with keys and 
parameters on the host side, and settings on the client side.

I'm thinking because of the name "Application Transparent" that AT-TLS 
was made for programs that DON'T have their own logic to call OpenSSL 
(or whatever) to do their own encryption.  Let's use clear-text FTP as 
an example.  So somehow, AT-TLS hooks into the processing and provides 
an encrypted "tunnel", kind of like VPN does, but only for that one 
application.  Does that sound correct?

If so, then the encryption is "transparent" to the FTP server code and 
FTP does not need to be changed, which I think is the whole idea here. 
Yet we now have an encrypted session.  Does that sound correct?

Then if so, what happens on the FTP client side?  I certainly can't use 
the Windows FTP command, for example, because it's not setup for any 
kind of encryption.  That's kind of my big question here.

On 6/30/2020 1:44 AM, Lionel B Dyck wrote:
> Sweet - thank you
> 
> 
> Lionel B. Dyck <
> Website: https://www.lbdsoftware.com
> 
> "Worry more about your character than your reputation.  Character is what you 
> are, reputation merely what others think you are." - John Wooden
> 
> -Original Message-
> From: IBM Mainframe Discussion List  On Behalf Of 
> kekronbekron
> Sent: Tuesday, June 30, 2020 2:34 AM
> To: IBM-MAIN@LISTSERV.UA.EDU
> Subject: Re: AT-TLS ?
> 
> Hi LBD!,
> 
> Check these out-
> 
> 
> http://www-03.ibm.com/support/techdocs/atsmastr.nsf/WebIndex/PRS5416
> http://www-03.ibm.com/support/techdocs/atsmastr.nsf/WebIndex/PRS5415
> http://www-03.ibm.com/support/techdocs/atsmastr.nsf/WebIndex/PRS5414
> 
> - KB
> 
> ‐‐‐ Original Message ‐‐‐
> On Monday, June 29, 2020 3:56 AM, Lionel B Dyck  wrote:
> 
>> Anyone have any pointers for configuring AT-TLS on z/OS?
>>
>> Lionel B. Dyck <
>> Website: https://www.lbdsoftware.com https://www.lbdsoftware.com
>>
>> "Worry more about your character than your reputation. Character is
>> what you are, reputation merely what others think you are." - John
>> Wooden
>>
>>
>> --
>> --
>> -
>>
>> For IBM-MAIN subscribe / signoff / archive access instructions, send
>> email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
> 
> --
> For IBM-MAIN subscribe / signoff / archive access instructions, send email to 
> lists...@listserv.ua.edu with the message: INFO IBM-MAIN
> 
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
> 
> 

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: z/OS use of "legacy" programming languages

[Seymour J Metz]

> During the time of the 370s, I knew of a company which kept
> a 360 because it could do 1401 emulation in order to run a
> critical program.

So could any S/370 smaller than a 165.


--
Shmuel (Seymour J.) Metz
http://mason.gmu.edu/~smetz3


From: IBM Mainframe Discussion List [IBM-MAIN@LISTSERV.UA.EDU] on behalf of 
Arthur [ibmmain.10.ats...@xoxy.net]
Sent: Tuesday, June 30, 2020 3:38 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: z/OS use of "legacy" programming languages

On 30 Jun 2020 12:18:01 -0700, in bit.listserv.ibm-main
(Message-ID:)
frank.swarbr...@outlook.com (Frank Swarbrick) wrote:

>Some time ago I noticed that z/OS Language Environment has
>support for both "FORTRAN IV" and "VS FORTRAN" (FORTRAN 77
>standard), even though the latest Fortran compiler hasn't
>been enhanced since 1993 (??).  I've been learning modern
>Fortran (standards Fortran 90, 95, 03 and 08) using GNU
>Fortran and actually quite like it, but I can't imagine
>using anything prior to the 1990 standard.  Anyway, I am
>curious if anyone uses Fortran on z/OS in their shop, and
>if so, why?
>
>Is Pascal also still supported/used?  I don't see any
>mention of it in LE documentation.  Are there any other
>"legacy" MVS languages still in use (i.e., ones that
>haven't been updated in the last 30 years...)?  I've seen
>mention of APL2 on MVS, and maybe even Smalltalk?

I'm going to answer what I take as the tone of your
questions, rather than the specifics.

In a production environment, once a program has been
written and debugged, when it has been working fine for
years, you don't want to touch it, if at all possible.
Unless it needs updating, you just keep running it,
regardless of what language it was written in.

I someone wants to recompile a FORTRAN IV program with a
modern compiler, that person is taking the responsibility
for its future behavior, and that its behavior will match
what it was before. That person is also taking
responsibility for making sure that the source for the
program is actually the source that was compiled decades
ago, when there may be no one left from that programming
team. And think of the hours to be lost in creating tests,
running them, and going through all of the quality-control
paperwork involved; and if it's only in order to recompile
with a modern compiler, all that work and time is just to
end with the same functionality you already had.

During the time of the 370s, I knew of a company which kept
a 360 because it could do 1401 emulation in order to run a
critical program. While I have no actual knowledge, I have
little doubt that there are companies running old FORTRAN
code, RPG, COBOL Report Writer, and pretty much anything
else you can think of.

Downward compatibility means you can say, "If it ain't
broke, don't fix it."

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: GRSRNL Example

[Norman Hollander]

I don't have a need to re-invent the Bible, so Sam's word (has always been) is 
good for me... 

zN

 

-Original Message-
From: IBM Mainframe Discussion List  On Behalf Of Tom 
Conley
Sent: Tuesday, June 30, 2020 12:39 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: GRSRNL Example

 

On 6/30/2020 1:52 PM, Knutson, Samuel wrote:

> GRS User Experiences Converting all Reserves Plus Best Practice Tips 

> and Tricks

>   
> https://www.share.org/p/do/sd/topic=50=3961

> 

> Circa 2008 but mostly still relevant.

> 

> Thanks, Sam

> 

 

Sam's session is THE BIBLE on converting GRS reserves.  I used it in all my GRS 
sites.

 

Regards,

Tom Conley

 

--

For IBM-MAIN subscribe / signoff / archive access instructions, send email to  
 lists...@listserv.ua.edu with the message: 
INFO IBM-MAIN

 


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

SMS Data Class attribute Extended

[PINION, RICHARD W.]

We are attempting, on our QA LPAR, to use the SMS DC attributes,

Data Set Name Type  . . . . . : EXTENDED
  If Extended . . . . . . . . : PREFERRED
  Extended Addressability . . : YES

for all of our sequential data sets.  Of several hundred/thousands of dataset 
allocations, during the test
period, we ran into 4 ABENDS, 3 S213-94 and 1 S213-B8.  Which is pretty good, 
in my opinion.

IEC143I 213-94 - An OPEN macro instruction was attempted against an 
extended-format data set, but the access method is not BSAM or QSAM, or is BDAM 
load mode.

IEC143I 213-B8 - An OPEN was attempted against an extended-format data set with 
a DCB that specified EXCP. EXCP is not supported for extended-format data sets.

I would like to examine our SMF 14/15 records from our production LPAR to 
identify other potential problem
datasets.  I have an ancient user written assembler program, 1980's, that 
reports on SMF 14/15 records.  One
of the reported columns is MACREF, which has a test for EXCP processing.  If it 
was EXCP processing, the record
is reported with an "E" for that column.  I'm able to see all 14/15 activity 
that has activity for EXCP processing.
However, I noticed that SORT and ICEGENER use EXCP processing.   We didn't have 
any ABENDS with SORT
or ICEGENER.

Two questions,   1)  In addition to my ancient assembler program, can anyone 
recommend a free reporting tool,
that we could use to identify datasets not eligible for EXT format, and 2) Why 
does SORT/ICEGENER work against
EXT type datasets with EXCP process?

Confidentiality notice: 
This e-mail message, including any attachments, may contain legally privileged 
and/or confidential information. If you are not the intended recipient(s), or 
the employee or agent responsible for delivery of this message to the intended 
recipient(s), you are hereby notified that any dissemination, distribution, or 
copying of this e-mail message is strictly prohibited. If you have received 
this message in error, please immediately notify the sender and delete this 
e-mail message from your computer.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: z/OS use of "legacy" programming languages

[Arthur]

On 30 Jun 2020 12:18:01 -0700, in bit.listserv.ibm-main 
(Message-ID:) 
frank.swarbr...@outlook.com (Frank Swarbrick) wrote:


Some time ago I noticed that z/OS Language Environment has 
support for both "FORTRAN IV" and "VS FORTRAN" (FORTRAN 77 
standard), even though the latest Fortran compiler hasn't 
been enhanced since 1993 (??).  I've been learning modern 
Fortran (standards Fortran 90, 95, 03 and 08) using GNU 
Fortran and actually quite like it, but I can't imagine 
using anything prior to the 1990 standard.  Anyway, I am 
curious if anyone uses Fortran on z/OS in their shop, and 
if so, why?


Is Pascal also still supported/used?  I don't see any 
mention of it in LE documentation.  Are there any other 
"legacy" MVS languages still in use (i.e., ones that 
haven't been updated in the last 30 years...)?  I've seen 
mention of APL2 on MVS, and maybe even Smalltalk?


I'm going to answer what I take as the tone of your 
questions, rather than the specifics.


In a production environment, once a program has been 
written and debugged, when it has been working fine for 
years, you don't want to touch it, if at all possible. 
Unless it needs updating, you just keep running it, 
regardless of what language it was written in.


I someone wants to recompile a FORTRAN IV program with a 
modern compiler, that person is taking the responsibility 
for its future behavior, and that its behavior will match 
what it was before. That person is also taking 
responsibility for making sure that the source for the 
program is actually the source that was compiled decades 
ago, when there may be no one left from that programming 
team. And think of the hours to be lost in creating tests, 
running them, and going through all of the quality-control 
paperwork involved; and if it's only in order to recompile 
with a modern compiler, all that work and time is just to 
end with the same functionality you already had.


During the time of the 370s, I knew of a company which kept 
a 360 because it could do 1401 emulation in order to run a 
critical program. While I have no actual knowledge, I have 
little doubt that there are companies running old FORTRAN 
code, RPG, COBOL Report Writer, and pretty much anything 
else you can think of.


Downward compatibility means you can say, "If it ain't 
broke, don't fix it."  


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: GRSRNL Example

[Tom Conley]

On 6/30/2020 1:52 PM, Knutson, Samuel wrote:

GRS User Experiences Converting all Reserves Plus Best Practice Tips and Tricks
https://www.share.org/p/do/sd/topic=50=3961

Circa 2008 but mostly still relevant.

Thanks, Sam



Sam's session is THE BIBLE on converting GRS reserves.  I used it in all 
my GRS sites.


Regards,
Tom Conley

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: GRSRNL Example

[Norman Hollander]

Everything old is new again...  Hope y’all are well!  Thanks Sam. 


Sent from my iPad.   I take no responsibility for autocorrect...

On Jun 30, 2020, at 10:52 AM, Knutson, Samuel  
wrote:

GRS User Experiences Converting all Reserves Plus Best Practice Tips and Tricks
https://www.share.org/p/do/sd/topic=50=3961

Circa 2008 but mostly still relevant.

Thanks, Sam

-Original Message-
From: IBM Mainframe Discussion List  On Behalf Of 
Norman Hollander
Sent: Monday, June 29, 2020 1:54 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: GRSRNL Example

Been a while since I've done this.  Anyone have a good example of a GRSRNL for 
a Sysplex?  DASD only shared among the Sysplex members.
TIA!
zN
The contents of this e-mail are intended for the named addressee only. It 
contains information that may be confidential. Unless you are the named 
addressee or an authorized designee, you may not copy or use it, or disclose it 
to anyone else. If you received it in error please notify us immediately and 
then destroy it

--
For IBM-MAIN subscribe / signoff / archive access instructions, send email to 
lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions, send email to 
lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Fwd: IBM Alumni Directory

[Gabe Goldberg]

I'm just the messenger...

 Forwarded Message 
Subject:IBM Alumni Directory
Date:   Tue, 30 Jun 2020 15:59:22 + (UTC)
From:   Bob McGrath 
To: i...@agentsadvanceinc.com



Spending time updating the online IBM Alumni Directory while trying to 
shelter in place.


Could you check your info by going to the web site (www.IBMalumni.com 
), add or change and submit the data, or let 
me know by email (ibmalu...@aol.com) if it is accurate as well as any 
other additions, changes or corrections you can provide.


If you can include information about other alumni, it would make the 
directory more accurate and useful.


I enter all the data personally to avoid hackers and pranksters from 
messing with the web site info.


There are more than 26,500 alumni listed. (10,260 deceased).

Many thanks.

Bob McGrath

DPD & WTC (1953-1970)



--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

z/OS use of "legacy" programming languages

[Frank Swarbrick]

Some time ago I noticed that z/OS Language Environment has support for both 
"FORTRAN IV" and "VS FORTRAN" (FORTRAN 77 standard), even though the latest 
Fortran compiler hasn't been enhanced since 1993 (??).  I've been learning 
modern Fortran (standards Fortran 90, 95, 03 and 08) using GNU Fortran and 
actually quite like it, but I can't imagine using anything prior to the 1990 
standard.  Anyway, I am curious if anyone uses Fortran on z/OS in their shop, 
and if so, why?

Is Pascal also still supported/used?  I don't see any mention of it in LE 
documentation.  Are there any other "legacy" MVS languages still in use (i.e., 
ones that haven't been updated in the last 30 years...)?  I've seen mention of 
APL2 on MVS, and maybe even Smalltalk?

Just wondering!

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: GRSRNL Example

[Knutson, Samuel]

GRS User Experiences Converting all Reserves Plus Best Practice Tips and Tricks
https://www.share.org/p/do/sd/topic=50=3961

Circa 2008 but mostly still relevant.

Thanks, Sam

-Original Message-
From: IBM Mainframe Discussion List  On Behalf Of 
Norman Hollander
Sent: Monday, June 29, 2020 1:54 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: GRSRNL Example

Been a while since I've done this.  Anyone have a good example of a GRSRNL for 
a Sysplex?  DASD only shared among the Sysplex members.
TIA!
zN
The contents of this e-mail are intended for the named addressee only. It 
contains information that may be confidential. Unless you are the named 
addressee or an authorized designee, you may not copy or use it, or disclose it 
to anyone else. If you received it in error please notify us immediately and 
then destroy it

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: AT-TLS ? Very Basic Questions

[Mike Hochee]

Some years ago this publication helped me come to a basic understanding of 
AT-TLS (apologies if already shared)...   
https://www.ibm.com/support/pages/leveraging-zos-communications-server-application-transparent-transport-layer-security-tls-lower-cost-and-more-rapid-tls-deployment
 
HTH
Mike 
-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf 
Of Paul Gilmartin
Sent: Tuesday, June 30, 2020 1:34 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: AT-TLS ? Very Basic Questions

Caution! This message was sent from outside your organization.

On Tue, 30 Jun 2020 09:57:48 -0700, Tom Brennan wrote:
>...
>Then if so, what happens on the FTP client side?  I certainly can't use 
>the Windows FTP command, for example, because it's not setup for any 
>kind of encryption.  That's kind of my big question here.
>
I believe that (sometimes) there's a proxy involved.  Beyond that, only GIYF:
https://www.google.com/search?q=at-tls+proxy+ftp
which links to:
ftp://ftp.www.ibm.com/s390/zos/racf/pdf/secure_zos_ftp.pdf

-- gil

--
For IBM-MAIN subscribe / signoff / archive access instructions, send email to 
lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: AT-TLS ? Very Basic Questions

[Don Poitras]

In article  you 
wrote:
> I've tried to skim some of the AT-TLS doc, and even attended an IBM 
> webinar last week, but I'm still missing what I imagine are important 
> background points.  Maybe someone here can explain things, but don't 
> worry too much about it.

> Client and server programs like SSH/SSHD call programs such as OpenSSL 
> to handle the encryption handshake and processing.  So when you set 
> those up, there is no AT-TLS needed for encryption.  Same with the 
> TN3270 server and client, as long as you set that up with keys and 
> parameters on the host side, and settings on the client side.

> I'm thinking because of the name "Application Transparent" that AT-TLS 
> was made for programs that DON'T have their own logic to call OpenSSL 
> (or whatever) to do their own encryption.  Let's use clear-text FTP as 
> an example.  So somehow, AT-TLS hooks into the processing and provides 
> an encrypted "tunnel", kind of like VPN does, but only for that one 
> application.  Does that sound correct?

> If so, then the encryption is "transparent" to the FTP server code and 
> FTP does not need to be changed, which I think is the whole idea here. 
> Yet we now have an encrypted session.  Does that sound correct?

> Then if so, what happens on the FTP client side?  I certainly can't use 
> the Windows FTP command, for example, because it's not setup for any 
> kind of encryption.  That's kind of my big question here.

I can't see that anyone answered your last question. Yes, the default Windows
FTP doesn't support encryption. There are third-party FTPS client programs you 
can purchase that do so. Or your could run lftp on the Windows Ubuntu shell.

-- 
Don Poitras - SAS Development  -  SAS Institute Inc. - SAS Campus Drive
sas...@sas.com   (919) 531-5637Cary, NC 27513

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: AT-TLS ? Very Basic Questions

[Jackson, Rob]

Ah, maybe he was going on this or something similar, and it got garbled in 
translation:

https://www.ibm.com/support/pages/zos-communications-server-tls-needed-implement-tls-v12

First Horizon Bank
Mainframe Technical Support

-Original Message-
From: IBM Mainframe Discussion List  On Behalf Of 
Jackson, Rob
Sent: Tuesday, June 30, 2020 1:31 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: [Originated Externally]Re: AT-TLS ? Very Basic Questions

[External Email. Exercise caution when clicking links or opening attachments.]

My turn to say interesting!  I didn't look it up; just going on what the Comm 
guy assured me.  We're still on 2.2 (shortly on to 2.4), so maybe that makes a 
difference.

First Horizon Bank
Mainframe Technical Support

-Original Message-
From: IBM Mainframe Discussion List  On Behalf Of 
Lennie Dymoke-Bradshaw
Sent: Tuesday, June 30, 2020 1:18 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: AT-TLS ? Very Basic Questions

[External Email. Exercise caution when clicking links or opening attachments.]

I have TLS 1.2 working in my TN3270 server without AT-TLS.
This is on z/OS 2.3

Lennie Dymoke-Bradshaw
Consultant working on contract for
BMC Mainframe Services by RSM Partners
‘Dance like no one is watching. Encrypt like everyone is.’

-Original Message-
From: IBM Mainframe Discussion List  On Behalf Of 
Jackson, Rob
Sent: 30 June 2020 18:10
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: [IBM-MAIN] AT-TLS ? Very Basic Questions

A note, without addressing your entire post (certainly not my area of 
expertise):  AT-TLS is required for TN3270 (and others) if you want to use TLS 
1.2 and higher.  In your TELNETPARMS for the port, instead of using SECUREPORT, 
you use TTLSPORT, referencing a port specified in a TTLSRule in AT-TLS.

First Horizon Bank
Mainframe Technical Support

-Original Message-
From: IBM Mainframe Discussion List  On Behalf Of Tom 
Brennan
Sent: Tuesday, June 30, 2020 12:58 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: AT-TLS ? Very Basic Questions

[External Email. Exercise caution when clicking links or opening attachments.]

I've tried to skim some of the AT-TLS doc, and even attended an IBM webinar 
last week, but I'm still missing what I imagine are important background 
points.  Maybe someone here can explain things, but don't worry too much about 
it.

Client and server programs like SSH/SSHD call programs such as OpenSSL to 
handle the encryption handshake and processing.  So when you set those up, 
there is no AT-TLS needed for encryption.  Same with the
TN3270 server and client, as long as you set that up with keys and parameters 
on the host side, and settings on the client side.

I'm thinking because of the name "Application Transparent" that AT-TLS was made 
for programs that DON'T have their own logic to call OpenSSL (or whatever) to 
do their own encryption.  Let's use clear-text FTP as an example.  So somehow, 
AT-TLS hooks into the processing and provides an encrypted "tunnel", kind of 
like VPN does, but only for that one application.  Does that sound correct?

If so, then the encryption is "transparent" to the FTP server code and FTP does 
not need to be changed, which I think is the whole idea here.
Yet we now have an encrypted session.  Does that sound correct?

Then if so, what happens on the FTP client side?  I certainly can't use the 
Windows FTP command, for example, because it's not setup for any kind of 
encryption.  That's kind of my big question here.

On 6/30/2020 1:44 AM, Lionel B Dyck wrote:
> Sweet - thank you
>
>
> Lionel B. Dyck <
> Website: https://www.lbdsoftware.com
>
> "Worry more about your character than your reputation.  Character is 
> what you are, reputation merely what others think you are." - John 
> Wooden
>
> -Original Message-
> From: IBM Mainframe Discussion List  On 
> Behalf Of kekronbekron
> Sent: Tuesday, June 30, 2020 2:34 AM
> To: IBM-MAIN@LISTSERV.UA.EDU
> Subject: Re: AT-TLS ?
>
> Hi LBD!,
>
> Check these out-
>
>
> http://www-03.ibm.com/support/techdocs/atsmastr.nsf/WebIndex/PRS5416
> http://www-03.ibm.com/support/techdocs/atsmastr.nsf/WebIndex/PRS5415
> http://www-03.ibm.com/support/techdocs/atsmastr.nsf/WebIndex/PRS5414
>
> - KB
>
> ‐‐‐ Original Message ‐‐‐
> On Monday, June 29, 2020 3:56 AM, Lionel B Dyck  wrote:
>
>> Anyone have any pointers for configuring AT-TLS on z/OS?
>>
>> Lionel B. Dyck <
>> Website: https://www.lbdsoftware.com https://www.lbdsoftware.com
>>
>> "Worry more about your character than your reputation. Character is 
>> what you are, reputation merely what others think you are." - John 
>> Wooden
>>
>>
>> -
>> -
>> -
>> -
>> -
>>
>> For IBM-MAIN subscribe / signoff / archive access instructions, send 
>> email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>
> 

Re: AT-TLS ? Very Basic Questions

[Paul Gilmartin]

On Tue, 30 Jun 2020 09:57:48 -0700, Tom Brennan wrote:
>...
>Then if so, what happens on the FTP client side?  I certainly can't use
>the Windows FTP command, for example, because it's not setup for any
>kind of encryption.  That's kind of my big question here.
>
I believe that (sometimes) there's a proxy involved.  Beyond that, only GIYF:
https://www.google.com/search?q=at-tls+proxy+ftp
which links to:
ftp://ftp.www.ibm.com/s390/zos/racf/pdf/secure_zos_ftp.pdf

-- gil

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: AT-TLS ? Very Basic Questions

[Jackson, Rob]

My turn to say interesting!  I didn't look it up; just going on what the Comm 
guy assured me.  We're still on 2.2 (shortly on to 2.4), so maybe that makes a 
difference.

First Horizon Bank
Mainframe Technical Support

-Original Message-
From: IBM Mainframe Discussion List  On Behalf Of 
Lennie Dymoke-Bradshaw
Sent: Tuesday, June 30, 2020 1:18 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: AT-TLS ? Very Basic Questions

[External Email. Exercise caution when clicking links or opening attachments.]

I have TLS 1.2 working in my TN3270 server without AT-TLS.
This is on z/OS 2.3

Lennie Dymoke-Bradshaw
Consultant working on contract for
BMC Mainframe Services by RSM Partners
‘Dance like no one is watching. Encrypt like everyone is.’

-Original Message-
From: IBM Mainframe Discussion List  On Behalf Of 
Jackson, Rob
Sent: 30 June 2020 18:10
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: [IBM-MAIN] AT-TLS ? Very Basic Questions

A note, without addressing your entire post (certainly not my area of 
expertise):  AT-TLS is required for TN3270 (and others) if you want to use TLS 
1.2 and higher.  In your TELNETPARMS for the port, instead of using SECUREPORT, 
you use TTLSPORT, referencing a port specified in a TTLSRule in AT-TLS.

First Horizon Bank
Mainframe Technical Support

-Original Message-
From: IBM Mainframe Discussion List  On Behalf Of Tom 
Brennan
Sent: Tuesday, June 30, 2020 12:58 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: AT-TLS ? Very Basic Questions

[External Email. Exercise caution when clicking links or opening attachments.]

I've tried to skim some of the AT-TLS doc, and even attended an IBM webinar 
last week, but I'm still missing what I imagine are important background 
points.  Maybe someone here can explain things, but don't worry too much about 
it.

Client and server programs like SSH/SSHD call programs such as OpenSSL to 
handle the encryption handshake and processing.  So when you set those up, 
there is no AT-TLS needed for encryption.  Same with the
TN3270 server and client, as long as you set that up with keys and parameters 
on the host side, and settings on the client side.

I'm thinking because of the name "Application Transparent" that AT-TLS was made 
for programs that DON'T have their own logic to call OpenSSL (or whatever) to 
do their own encryption.  Let's use clear-text FTP as an example.  So somehow, 
AT-TLS hooks into the processing and provides an encrypted "tunnel", kind of 
like VPN does, but only for that one application.  Does that sound correct?

If so, then the encryption is "transparent" to the FTP server code and FTP does 
not need to be changed, which I think is the whole idea here.
Yet we now have an encrypted session.  Does that sound correct?

Then if so, what happens on the FTP client side?  I certainly can't use the 
Windows FTP command, for example, because it's not setup for any kind of 
encryption.  That's kind of my big question here.

On 6/30/2020 1:44 AM, Lionel B Dyck wrote:
> Sweet - thank you
>
>
> Lionel B. Dyck <
> Website: https://www.lbdsoftware.com
>
> "Worry more about your character than your reputation.  Character is 
> what you are, reputation merely what others think you are." - John 
> Wooden
>
> -Original Message-
> From: IBM Mainframe Discussion List  On 
> Behalf Of kekronbekron
> Sent: Tuesday, June 30, 2020 2:34 AM
> To: IBM-MAIN@LISTSERV.UA.EDU
> Subject: Re: AT-TLS ?
>
> Hi LBD!,
>
> Check these out-
>
>
> http://www-03.ibm.com/support/techdocs/atsmastr.nsf/WebIndex/PRS5416
> http://www-03.ibm.com/support/techdocs/atsmastr.nsf/WebIndex/PRS5415
> http://www-03.ibm.com/support/techdocs/atsmastr.nsf/WebIndex/PRS5414
>
> - KB
>
> ‐‐‐ Original Message ‐‐‐
> On Monday, June 29, 2020 3:56 AM, Lionel B Dyck  wrote:
>
>> Anyone have any pointers for configuring AT-TLS on z/OS?
>>
>> Lionel B. Dyck <
>> Website: https://www.lbdsoftware.com https://www.lbdsoftware.com
>>
>> "Worry more about your character than your reputation. Character is 
>> what you are, reputation merely what others think you are." - John 
>> Wooden
>>
>>
>> -
>> -
>> -
>> -
>> -
>>
>> For IBM-MAIN subscribe / signoff / archive access instructions, send 
>> email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions, send 
> email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions, send 
> email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>
>

--
For IBM-MAIN subscribe / signoff / archive access instructions, send email to 

Re: [EXTERNAL] Re: AT-TLS ? Very Basic Questions

[Marshall Stone]

Anything SFTP on Open/SSH will never use AT-TLS

FTPS - Is IBM's FTP program not using PORT 21 and running in secured mode, 
setup to force authentication and use AT/TLS for encryption

MS
-Original Message-
From: IBM Mainframe Discussion List  On Behalf Of Tom 
Brennan
Sent: Tuesday, June 30, 2020 1:19 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: [EXTERNAL] Re: AT-TLS ? Very Basic Questions

Do you know if either of those require AT-TLS?  When I installed and configured 
SSHD last (a couple of years ago) it did its own encryption. 
I never worked with anything called FTPS.

On 6/30/2020 10:12 AM, Marshall Stone wrote:
> There are 2 types of FTP in use today on most mainframes.
> 
> SFTP  - which uses Open/SSH (SSHAGNT as client and SSHD as a server) 
> and the encryption/authentication is generally provided by the use of 
> RSA/DSA public/private key pairs. The public keys are exchanged and 
> stored in known_hosts files (if acting as client) or authorized_keys 
> file (if acting as server) - Uses Server PORT 22 and ephemeral ports
> 
> FTPS - completely different mechanism the AT/TLS functions are 
> provided by ICSF and policy agent (PAGENT) - You must configure an 
> FTPS TLS rule to allow the connection and the partner side also will 
> require a similar rule. The encryption/authentication come from the 
> PAGENT rule and the use of x.509 certificates.  These are exchanged 
> between partners and loaded onto the RACF keyring. The PAGNET rule 
> points back to the keyring. - Uses Server PORT 990 by an old implicit 
> default most sites use a different port and connect clients with 
> ephemeral port ranges. FTPS handles MVS datasets better if possible 
> use FTPS for MF to MF and use SFTP for MF to Other 
> platforms(MS,UNIX,etc)
> 
> MS
> 
> -Original Message-
> From: IBM Mainframe Discussion List  On 
> Behalf Of Tom Brennan
> Sent: Tuesday, June 30, 2020 12:58 PM
> To: IBM-MAIN@LISTSERV.UA.EDU
> Subject: [EXTERNAL] Re: AT-TLS ? Very Basic Questions
> 
> I've tried to skim some of the AT-TLS doc, and even attended an IBM webinar 
> last week, but I'm still missing what I imagine are important background 
> points.  Maybe someone here can explain things, but don't worry too much 
> about it.
> 
> Client and server programs like SSH/SSHD call programs such as OpenSSL 
> to handle the encryption handshake and processing.  So when you set 
> those up, there is no AT-TLS needed for encryption.  Same with the
> TN3270 server and client, as long as you set that up with keys and parameters 
> on the host side, and settings on the client side.
> 
> I'm thinking because of the name "Application Transparent" that AT-TLS was 
> made for programs that DON'T have their own logic to call OpenSSL (or 
> whatever) to do their own encryption.  Let's use clear-text FTP as an 
> example.  So somehow, AT-TLS hooks into the processing and provides an 
> encrypted "tunnel", kind of like VPN does, but only for that one application. 
>  Does that sound correct?
> 
> If so, then the encryption is "transparent" to the FTP server code and FTP 
> does not need to be changed, which I think is the whole idea here.
> Yet we now have an encrypted session.  Does that sound correct?
> 
> Then if so, what happens on the FTP client side?  I certainly can't use the 
> Windows FTP command, for example, because it's not setup for any kind of 
> encryption.  That's kind of my big question here.
> 
> On 6/30/2020 1:44 AM, Lionel B Dyck wrote:
>> Sweet - thank you
>>
>>
>> Lionel B. Dyck <
>> Website: https://www.lbdsoftware.com
>>
>> "Worry more about your character than your reputation.  Character is 
>> what you are, reputation merely what others think you are." - John 
>> Wooden
>>
>> -Original Message-
>> From: IBM Mainframe Discussion List  On 
>> Behalf Of kekronbekron
>> Sent: Tuesday, June 30, 2020 2:34 AM
>> To: IBM-MAIN@LISTSERV.UA.EDU
>> Subject: Re: AT-TLS ?
>>
>> Hi LBD!,
>>
>> Check these out-
>>
>>
>> http://www-03.ibm.com/support/techdocs/atsmastr.nsf/WebIndex/PRS5416
>> http://www-03.ibm.com/support/techdocs/atsmastr.nsf/WebIndex/PRS5415
>> http://www-03.ibm.com/support/techdocs/atsmastr.nsf/WebIndex/PRS5414
>>
>> - KB
>>
>> ‐‐‐ Original Message ‐‐‐
>> On Monday, June 29, 2020 3:56 AM, Lionel B Dyck  wrote:
>>
>>> Anyone have any pointers for configuring AT-TLS on z/OS?
>>>
>>> Lionel B. Dyck <
>>> Website: https://www.lbdsoftware.com https://www.lbdsoftware.com
>>>
>>> "Worry more about your character than your reputation. Character is 
>>> what you are, reputation merely what others think you are." - John 
>>> Wooden
>>>
>>>
>>> 
>>> -
>>> -
>>> 
>>> -
>>> -
>>> -
>>>
>>> For IBM-MAIN subscribe / signoff / archive access instructions, send 
>>> email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>>
>> 

Re: [EXTERNAL] Re: AT-TLS ? Very Basic Questions

[Tom Brennan]

Do you know if either of those require AT-TLS?  When I installed and 
configured SSHD last (a couple of years ago) it did its own encryption. 
I never worked with anything called FTPS.


On 6/30/2020 10:12 AM, Marshall Stone wrote:

There are 2 types of FTP in use today on most mainframes.

SFTP  - which uses Open/SSH (SSHAGNT as client and SSHD as a server) and the 
encryption/authentication is generally provided by the use of RSA/DSA 
public/private key pairs. The public keys are exchanged and stored in 
known_hosts files (if acting as client) or authorized_keys file (if acting as 
server) - Uses Server PORT 22 and ephemeral ports

FTPS - completely different mechanism the AT/TLS functions are provided by ICSF 
and policy agent (PAGENT) - You must configure an FTPS TLS rule to allow the 
connection and the partner side also will require a similar rule. The 
encryption/authentication come from the PAGENT rule and the use of x.509 
certificates.  These are exchanged between partners and loaded onto the RACF 
keyring. The PAGNET rule points back to the keyring. - Uses Server PORT 990 by 
an old implicit default most sites use a different port and connect clients 
with ephemeral port ranges. FTPS handles MVS datasets better if possible use 
FTPS for MF to MF and use SFTP for MF to Other platforms(MS,UNIX,etc)

MS

-Original Message-
From: IBM Mainframe Discussion List  On Behalf Of Tom 
Brennan
Sent: Tuesday, June 30, 2020 12:58 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: [EXTERNAL] Re: AT-TLS ? Very Basic Questions

I've tried to skim some of the AT-TLS doc, and even attended an IBM webinar 
last week, but I'm still missing what I imagine are important background 
points.  Maybe someone here can explain things, but don't worry too much about 
it.

Client and server programs like SSH/SSHD call programs such as OpenSSL to 
handle the encryption handshake and processing.  So when you set those up, 
there is no AT-TLS needed for encryption.  Same with the
TN3270 server and client, as long as you set that up with keys and parameters 
on the host side, and settings on the client side.

I'm thinking because of the name "Application Transparent" that AT-TLS was made for 
programs that DON'T have their own logic to call OpenSSL (or whatever) to do their own encryption.  
Let's use clear-text FTP as an example.  So somehow, AT-TLS hooks into the processing and provides 
an encrypted "tunnel", kind of like VPN does, but only for that one application.  Does 
that sound correct?

If so, then the encryption is "transparent" to the FTP server code and FTP does 
not need to be changed, which I think is the whole idea here.
Yet we now have an encrypted session.  Does that sound correct?

Then if so, what happens on the FTP client side?  I certainly can't use the 
Windows FTP command, for example, because it's not setup for any kind of 
encryption.  That's kind of my big question here.

On 6/30/2020 1:44 AM, Lionel B Dyck wrote:

Sweet - thank you


Lionel B. Dyck <
Website: https://www.lbdsoftware.com

"Worry more about your character than your reputation.  Character is
what you are, reputation merely what others think you are." - John
Wooden

-Original Message-
From: IBM Mainframe Discussion List  On
Behalf Of kekronbekron
Sent: Tuesday, June 30, 2020 2:34 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: AT-TLS ?

Hi LBD!,

Check these out-


http://www-03.ibm.com/support/techdocs/atsmastr.nsf/WebIndex/PRS5416
http://www-03.ibm.com/support/techdocs/atsmastr.nsf/WebIndex/PRS5415
http://www-03.ibm.com/support/techdocs/atsmastr.nsf/WebIndex/PRS5414

- KB

‐‐‐ Original Message ‐‐‐
On Monday, June 29, 2020 3:56 AM, Lionel B Dyck  wrote:


Anyone have any pointers for configuring AT-TLS on z/OS?

Lionel B. Dyck <
Website: https://www.lbdsoftware.com https://www.lbdsoftware.com

"Worry more about your character than your reputation. Character is
what you are, reputation merely what others think you are." - John
Wooden


-
-
-
-
-

For IBM-MAIN subscribe / signoff / archive access instructions, send
email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN


--
For IBM-MAIN subscribe / signoff / archive access instructions, send
email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions, send
email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN




--
For IBM-MAIN subscribe / signoff / archive access instructions, send email to 
lists...@listserv.ua.edu with the message: INFO IBM-MAIN

This message (including any attachments) is intended only for the use of the 
individual or entity 

Re: AT-TLS ? Very Basic Questions

[Lennie Dymoke-Bradshaw]

I have TLS 1.2 working in my TN3270 server without AT-TLS.
This is on z/OS 2.3

Lennie Dymoke-Bradshaw
Consultant working on contract for
BMC Mainframe Services by RSM Partners
‘Dance like no one is watching. Encrypt like everyone is.’

-Original Message-
From: IBM Mainframe Discussion List  On Behalf Of 
Jackson, Rob
Sent: 30 June 2020 18:10
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: [IBM-MAIN] AT-TLS ? Very Basic Questions

A note, without addressing your entire post (certainly not my area of 
expertise):  AT-TLS is required for TN3270 (and others) if you want to use TLS 
1.2 and higher.  In your TELNETPARMS for the port, instead of using SECUREPORT, 
you use TTLSPORT, referencing a port specified in a TTLSRule in AT-TLS.

First Horizon Bank
Mainframe Technical Support

-Original Message-
From: IBM Mainframe Discussion List  On Behalf Of Tom 
Brennan
Sent: Tuesday, June 30, 2020 12:58 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: AT-TLS ? Very Basic Questions

[External Email. Exercise caution when clicking links or opening attachments.]

I've tried to skim some of the AT-TLS doc, and even attended an IBM webinar 
last week, but I'm still missing what I imagine are important background 
points.  Maybe someone here can explain things, but don't worry too much about 
it.

Client and server programs like SSH/SSHD call programs such as OpenSSL to 
handle the encryption handshake and processing.  So when you set those up, 
there is no AT-TLS needed for encryption.  Same with the
TN3270 server and client, as long as you set that up with keys and parameters 
on the host side, and settings on the client side.

I'm thinking because of the name "Application Transparent" that AT-TLS was made 
for programs that DON'T have their own logic to call OpenSSL (or whatever) to 
do their own encryption.  Let's use clear-text FTP as an example.  So somehow, 
AT-TLS hooks into the processing and provides an encrypted "tunnel", kind of 
like VPN does, but only for that one application.  Does that sound correct?

If so, then the encryption is "transparent" to the FTP server code and FTP does 
not need to be changed, which I think is the whole idea here.
Yet we now have an encrypted session.  Does that sound correct?

Then if so, what happens on the FTP client side?  I certainly can't use the 
Windows FTP command, for example, because it's not setup for any kind of 
encryption.  That's kind of my big question here.

On 6/30/2020 1:44 AM, Lionel B Dyck wrote:
> Sweet - thank you
>
>
> Lionel B. Dyck <
> Website: https://www.lbdsoftware.com
>
> "Worry more about your character than your reputation.  Character is 
> what you are, reputation merely what others think you are." - John 
> Wooden
>
> -Original Message-
> From: IBM Mainframe Discussion List  On 
> Behalf Of kekronbekron
> Sent: Tuesday, June 30, 2020 2:34 AM
> To: IBM-MAIN@LISTSERV.UA.EDU
> Subject: Re: AT-TLS ?
>
> Hi LBD!,
>
> Check these out-
>
>
> http://www-03.ibm.com/support/techdocs/atsmastr.nsf/WebIndex/PRS5416
> http://www-03.ibm.com/support/techdocs/atsmastr.nsf/WebIndex/PRS5415
> http://www-03.ibm.com/support/techdocs/atsmastr.nsf/WebIndex/PRS5414
>
> - KB
>
> ‐‐‐ Original Message ‐‐‐
> On Monday, June 29, 2020 3:56 AM, Lionel B Dyck  wrote:
>
>> Anyone have any pointers for configuring AT-TLS on z/OS?
>>
>> Lionel B. Dyck <
>> Website: https://www.lbdsoftware.com https://www.lbdsoftware.com
>>
>> "Worry more about your character than your reputation. Character is 
>> what you are, reputation merely what others think you are." - John 
>> Wooden
>>
>>
>> -
>> -
>> -
>> -
>> -
>>
>> For IBM-MAIN subscribe / signoff / archive access instructions, send 
>> email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions, send 
> email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions, send 
> email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>
>

--
For IBM-MAIN subscribe / signoff / archive access instructions, send email to 
lists...@listserv.ua.edu with the message: INFO IBM-MAIN Confidentiality 
notice: 
This e-mail message, including any attachments, may contain legally privileged 
and/or confidential information. If you are not the intended recipient(s), or 
the employee or agent responsible for delivery of this message to the intended 
recipient(s), you are hereby notified that any dissemination, distribution, or 
copying of this e-mail message is strictly prohibited. If you have received 
this message in error, please 

Re: AT-TLS ? Very Basic Questions

[Tom Brennan]

Interesting!  I've set up the TN3270 parms on the mainframe for SSL/TLS 
but that was before TLS1.2


On 6/30/2020 10:09 AM, Jackson, Rob wrote:

A note, without addressing your entire post (certainly not my area of 
expertise):  AT-TLS is required for TN3270 (and others) if you want to use TLS 
1.2 and higher.  In your TELNETPARMS for the port, instead of using SECUREPORT, 
you use TTLSPORT, referencing a port specified in a TTLSRule in AT-TLS.

First Horizon Bank
Mainframe Technical Support

-Original Message-
From: IBM Mainframe Discussion List  On Behalf Of Tom 
Brennan
Sent: Tuesday, June 30, 2020 12:58 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: AT-TLS ? Very Basic Questions

[External Email. Exercise caution when clicking links or opening attachments.]

I've tried to skim some of the AT-TLS doc, and even attended an IBM webinar 
last week, but I'm still missing what I imagine are important background 
points.  Maybe someone here can explain things, but don't worry too much about 
it.

Client and server programs like SSH/SSHD call programs such as OpenSSL to 
handle the encryption handshake and processing.  So when you set those up, 
there is no AT-TLS needed for encryption.  Same with the
TN3270 server and client, as long as you set that up with keys and parameters 
on the host side, and settings on the client side.

I'm thinking because of the name "Application Transparent" that AT-TLS was made for 
programs that DON'T have their own logic to call OpenSSL (or whatever) to do their own encryption.  
Let's use clear-text FTP as an example.  So somehow, AT-TLS hooks into the processing and provides 
an encrypted "tunnel", kind of like VPN does, but only for that one application.  Does 
that sound correct?

If so, then the encryption is "transparent" to the FTP server code and FTP does 
not need to be changed, which I think is the whole idea here.
Yet we now have an encrypted session.  Does that sound correct?

Then if so, what happens on the FTP client side?  I certainly can't use the 
Windows FTP command, for example, because it's not setup for any kind of 
encryption.  That's kind of my big question here.

On 6/30/2020 1:44 AM, Lionel B Dyck wrote:

Sweet - thank you


Lionel B. Dyck <
Website: https://www.lbdsoftware.com

"Worry more about your character than your reputation.  Character is
what you are, reputation merely what others think you are." - John
Wooden

-Original Message-
From: IBM Mainframe Discussion List  On
Behalf Of kekronbekron
Sent: Tuesday, June 30, 2020 2:34 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: AT-TLS ?

Hi LBD!,

Check these out-


http://www-03.ibm.com/support/techdocs/atsmastr.nsf/WebIndex/PRS5416
http://www-03.ibm.com/support/techdocs/atsmastr.nsf/WebIndex/PRS5415
http://www-03.ibm.com/support/techdocs/atsmastr.nsf/WebIndex/PRS5414

- KB

‐‐‐ Original Message ‐‐‐
On Monday, June 29, 2020 3:56 AM, Lionel B Dyck  wrote:


Anyone have any pointers for configuring AT-TLS on z/OS?

Lionel B. Dyck <
Website: https://www.lbdsoftware.com https://www.lbdsoftware.com

"Worry more about your character than your reputation. Character is
what you are, reputation merely what others think you are." - John
Wooden


-
-
-
-
-

For IBM-MAIN subscribe / signoff / archive access instructions, send
email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN


--
For IBM-MAIN subscribe / signoff / archive access instructions, send
email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions, send
email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN




--
For IBM-MAIN subscribe / signoff / archive access instructions, send email to 
lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Confidentiality notice:
This e-mail message, including any attachments, may contain legally privileged 
and/or confidential information. If you are not the intended recipient(s), or 
the employee or agent responsible for delivery of this message to the intended 
recipient(s), you are hereby notified that any dissemination, distribution, or 
copying of this e-mail message is strictly prohibited. If you have received 
this message in error, please immediately notify the sender and delete this 
e-mail message from your computer.


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN



--
For IBM-MAIN subscribe / signoff / archive access 

Re: [EXTERNAL] Re: AT-TLS ? Very Basic Questions

[Marshall Stone]

There are 2 types of FTP in use today on most mainframes.

SFTP  - which uses Open/SSH (SSHAGNT as client and SSHD as a server) and the 
encryption/authentication is generally provided by the use of RSA/DSA 
public/private key pairs. The public keys are exchanged and stored in 
known_hosts files (if acting as client) or authorized_keys file (if acting as 
server) - Uses Server PORT 22 and ephemeral ports

FTPS - completely different mechanism the AT/TLS functions are provided by ICSF 
and policy agent (PAGENT) - You must configure an FTPS TLS rule to allow the 
connection and the partner side also will require a similar rule. The 
encryption/authentication come from the PAGENT rule and the use of x.509 
certificates.  These are exchanged between partners and loaded onto the RACF 
keyring. The PAGNET rule points back to the keyring. - Uses Server PORT 990 by 
an old implicit default most sites use a different port and connect clients 
with ephemeral port ranges. FTPS handles MVS datasets better if possible use 
FTPS for MF to MF and use SFTP for MF to Other platforms(MS,UNIX,etc)

MS

-Original Message-
From: IBM Mainframe Discussion List  On Behalf Of Tom 
Brennan
Sent: Tuesday, June 30, 2020 12:58 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: [EXTERNAL] Re: AT-TLS ? Very Basic Questions

I've tried to skim some of the AT-TLS doc, and even attended an IBM webinar 
last week, but I'm still missing what I imagine are important background 
points.  Maybe someone here can explain things, but don't worry too much about 
it.

Client and server programs like SSH/SSHD call programs such as OpenSSL to 
handle the encryption handshake and processing.  So when you set those up, 
there is no AT-TLS needed for encryption.  Same with the
TN3270 server and client, as long as you set that up with keys and parameters 
on the host side, and settings on the client side.

I'm thinking because of the name "Application Transparent" that AT-TLS was made 
for programs that DON'T have their own logic to call OpenSSL (or whatever) to 
do their own encryption.  Let's use clear-text FTP as an example.  So somehow, 
AT-TLS hooks into the processing and provides an encrypted "tunnel", kind of 
like VPN does, but only for that one application.  Does that sound correct?

If so, then the encryption is "transparent" to the FTP server code and FTP does 
not need to be changed, which I think is the whole idea here.
Yet we now have an encrypted session.  Does that sound correct?

Then if so, what happens on the FTP client side?  I certainly can't use the 
Windows FTP command, for example, because it's not setup for any kind of 
encryption.  That's kind of my big question here.

On 6/30/2020 1:44 AM, Lionel B Dyck wrote:
> Sweet - thank you
>
>
> Lionel B. Dyck <
> Website: https://www.lbdsoftware.com
>
> "Worry more about your character than your reputation.  Character is
> what you are, reputation merely what others think you are." - John
> Wooden
>
> -Original Message-
> From: IBM Mainframe Discussion List  On
> Behalf Of kekronbekron
> Sent: Tuesday, June 30, 2020 2:34 AM
> To: IBM-MAIN@LISTSERV.UA.EDU
> Subject: Re: AT-TLS ?
>
> Hi LBD!,
>
> Check these out-
>
>
> http://www-03.ibm.com/support/techdocs/atsmastr.nsf/WebIndex/PRS5416
> http://www-03.ibm.com/support/techdocs/atsmastr.nsf/WebIndex/PRS5415
> http://www-03.ibm.com/support/techdocs/atsmastr.nsf/WebIndex/PRS5414
>
> - KB
>
> ‐‐‐ Original Message ‐‐‐
> On Monday, June 29, 2020 3:56 AM, Lionel B Dyck  wrote:
>
>> Anyone have any pointers for configuring AT-TLS on z/OS?
>>
>> Lionel B. Dyck <
>> Website: https://www.lbdsoftware.com https://www.lbdsoftware.com
>>
>> "Worry more about your character than your reputation. Character is
>> what you are, reputation merely what others think you are." - John
>> Wooden
>>
>>
>> -
>> -
>> -
>> -
>> -
>>
>> For IBM-MAIN subscribe / signoff / archive access instructions, send
>> email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions, send
> email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions, send
> email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>
>

--
For IBM-MAIN subscribe / signoff / archive access instructions, send email to 
lists...@listserv.ua.edu with the message: INFO IBM-MAIN

This message (including any attachments) is intended only for the use of the 
individual or entity to which it is addressed and may contain information that 
is non-public, proprietary, privileged, confidential, and 

Re: AT-TLS ? Very Basic Questions

[Jackson, Rob]

A note, without addressing your entire post (certainly not my area of 
expertise):  AT-TLS is required for TN3270 (and others) if you want to use TLS 
1.2 and higher.  In your TELNETPARMS for the port, instead of using SECUREPORT, 
you use TTLSPORT, referencing a port specified in a TTLSRule in AT-TLS.

First Horizon Bank
Mainframe Technical Support

-Original Message-
From: IBM Mainframe Discussion List  On Behalf Of Tom 
Brennan
Sent: Tuesday, June 30, 2020 12:58 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: AT-TLS ? Very Basic Questions

[External Email. Exercise caution when clicking links or opening attachments.]

I've tried to skim some of the AT-TLS doc, and even attended an IBM webinar 
last week, but I'm still missing what I imagine are important background 
points.  Maybe someone here can explain things, but don't worry too much about 
it.

Client and server programs like SSH/SSHD call programs such as OpenSSL to 
handle the encryption handshake and processing.  So when you set those up, 
there is no AT-TLS needed for encryption.  Same with the
TN3270 server and client, as long as you set that up with keys and parameters 
on the host side, and settings on the client side.

I'm thinking because of the name "Application Transparent" that AT-TLS was made 
for programs that DON'T have their own logic to call OpenSSL (or whatever) to 
do their own encryption.  Let's use clear-text FTP as an example.  So somehow, 
AT-TLS hooks into the processing and provides an encrypted "tunnel", kind of 
like VPN does, but only for that one application.  Does that sound correct?

If so, then the encryption is "transparent" to the FTP server code and FTP does 
not need to be changed, which I think is the whole idea here.
Yet we now have an encrypted session.  Does that sound correct?

Then if so, what happens on the FTP client side?  I certainly can't use the 
Windows FTP command, for example, because it's not setup for any kind of 
encryption.  That's kind of my big question here.

On 6/30/2020 1:44 AM, Lionel B Dyck wrote:
> Sweet - thank you
>
>
> Lionel B. Dyck <
> Website: https://www.lbdsoftware.com
>
> "Worry more about your character than your reputation.  Character is 
> what you are, reputation merely what others think you are." - John 
> Wooden
>
> -Original Message-
> From: IBM Mainframe Discussion List  On 
> Behalf Of kekronbekron
> Sent: Tuesday, June 30, 2020 2:34 AM
> To: IBM-MAIN@LISTSERV.UA.EDU
> Subject: Re: AT-TLS ?
>
> Hi LBD!,
>
> Check these out-
>
>
> http://www-03.ibm.com/support/techdocs/atsmastr.nsf/WebIndex/PRS5416
> http://www-03.ibm.com/support/techdocs/atsmastr.nsf/WebIndex/PRS5415
> http://www-03.ibm.com/support/techdocs/atsmastr.nsf/WebIndex/PRS5414
>
> - KB
>
> ‐‐‐ Original Message ‐‐‐
> On Monday, June 29, 2020 3:56 AM, Lionel B Dyck  wrote:
>
>> Anyone have any pointers for configuring AT-TLS on z/OS?
>>
>> Lionel B. Dyck <
>> Website: https://www.lbdsoftware.com https://www.lbdsoftware.com
>>
>> "Worry more about your character than your reputation. Character is 
>> what you are, reputation merely what others think you are." - John 
>> Wooden
>>
>>
>> -
>> -
>> -
>> -
>> -
>>
>> For IBM-MAIN subscribe / signoff / archive access instructions, send 
>> email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions, send 
> email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions, send 
> email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>
>

--
For IBM-MAIN subscribe / signoff / archive access instructions, send email to 
lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Confidentiality notice: 
This e-mail message, including any attachments, may contain legally privileged 
and/or confidential information. If you are not the intended recipient(s), or 
the employee or agent responsible for delivery of this message to the intended 
recipient(s), you are hereby notified that any dissemination, distribution, or 
copying of this e-mail message is strictly prohibited. If you have received 
this message in error, please immediately notify the sender and delete this 
e-mail message from your computer.


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: AT-TLS ? Very Basic Questions

[Tom Brennan]

I've tried to skim some of the AT-TLS doc, and even attended an IBM 
webinar last week, but I'm still missing what I imagine are important 
background points.  Maybe someone here can explain things, but don't 
worry too much about it.


Client and server programs like SSH/SSHD call programs such as OpenSSL 
to handle the encryption handshake and processing.  So when you set 
those up, there is no AT-TLS needed for encryption.  Same with the 
TN3270 server and client, as long as you set that up with keys and 
parameters on the host side, and settings on the client side.


I'm thinking because of the name "Application Transparent" that AT-TLS 
was made for programs that DON'T have their own logic to call OpenSSL 
(or whatever) to do their own encryption.  Let's use clear-text FTP as 
an example.  So somehow, AT-TLS hooks into the processing and provides 
an encrypted "tunnel", kind of like VPN does, but only for that one 
application.  Does that sound correct?


If so, then the encryption is "transparent" to the FTP server code and 
FTP does not need to be changed, which I think is the whole idea here. 
Yet we now have an encrypted session.  Does that sound correct?


Then if so, what happens on the FTP client side?  I certainly can't use 
the Windows FTP command, for example, because it's not setup for any 
kind of encryption.  That's kind of my big question here.


On 6/30/2020 1:44 AM, Lionel B Dyck wrote:

Sweet - thank you


Lionel B. Dyck <
Website: https://www.lbdsoftware.com

"Worry more about your character than your reputation.  Character is what you are, 
reputation merely what others think you are." - John Wooden

-Original Message-
From: IBM Mainframe Discussion List  On Behalf Of 
kekronbekron
Sent: Tuesday, June 30, 2020 2:34 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: AT-TLS ?

Hi LBD!,

Check these out-


http://www-03.ibm.com/support/techdocs/atsmastr.nsf/WebIndex/PRS5416
http://www-03.ibm.com/support/techdocs/atsmastr.nsf/WebIndex/PRS5415
http://www-03.ibm.com/support/techdocs/atsmastr.nsf/WebIndex/PRS5414

- KB

‐‐‐ Original Message ‐‐‐
On Monday, June 29, 2020 3:56 AM, Lionel B Dyck  wrote:


Anyone have any pointers for configuring AT-TLS on z/OS?

Lionel B. Dyck <
Website: https://www.lbdsoftware.com https://www.lbdsoftware.com

"Worry more about your character than your reputation. Character is
what you are, reputation merely what others think you are." - John
Wooden


--
--
-

For IBM-MAIN subscribe / signoff / archive access instructions, send
email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN


--
For IBM-MAIN subscribe / signoff / archive access instructions, send email to 
lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN




--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Migrate z/OS DASD volumes from Mainframe to Hercules Environment

[Jasi Grewal]

Hi Mike and Joe,

This is to inform you that they have it working now and we suspect that it 
might have been the process in transmitting DASD volume to Hercules that was 
causing issues but the good thing is that is working.

Your continous support and responses are very much appreciated, Friends.

Thank You and Wishes you Beautiful day.
Regards,
Jasi.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Migrate z/OS DASD volumes from Mainframe to Hercules Environment

[Mike Schwab]

What version of Hercules?  Only a few latest versions support a volume that big.

On Tue, Jun 30, 2020 at 2:41 PM Jasi Grewal  wrote:
>
> Hi Mike and Joe,
>
> Sorry about not providing model but is Model 27 rescue volume and I created 1 
> Rescue z/OS v2r3 System.
> I will get my IBM friends to look for tapeconv.jcl on z/OS IBM System and 
> then use that instead of using IBM zVM DDR+Terse.
>
> Your continous support and responses are very much appreciated, Friends.
>
> Thank You in advance,
> Regards,
> Jasi.
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN



-- 
Mike A Schwab, Springfield IL USA
Where do Forest Rangers go to get away from it all?

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Migrate z/OS DASD volumes from Mainframe to Hercules Environment

[Jasi Grewal]

Hi Mike and Joe,

Sorry about not providing model but is Model 27 rescue volume and I created 1 
Rescue z/OS v2r3 System.
I will get my IBM friends to look for tapeconv.jcl on z/OS IBM System and then 
use that instead of using IBM zVM DDR+Terse.

Your continous support and responses are very much appreciated, Friends.

Thank You in advance,
Regards,
Jasi.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Migrate z/OS DASD volumes from Mainframe to Hercules Environment

[Joe Monk]

what model DASD?

Joe

On Tue, Jun 30, 2020 at 9:00 AM Jasi Grewal  wrote:

> Thank You Mike for response and am an IBM Retiree and continues to work
> with IBMers.
> I am requesting IBMers to verify the Licensing and the message we are
> getting is that it cannot find PLPA dataset and yet the same IPL v2r3
> volser was able to IPL v2r3 System successfully under the IBM Mainframe
> host system.
>
> Thanks again,
> Jasi.
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Migrate z/OS DASD volumes from Mainframe to Hercules Environment

[Mike Schwab]

Can you download a rescue IPL volume to define the dataset?  Or
download an idled Paging pack with this on it and add to
configuration?  Being in use may have made the copy bad.

On Tue, Jun 30, 2020 at 2:00 PM Jasi Grewal  wrote:
>
> Thank You Mike for response and am an IBM Retiree and continues to work with 
> IBMers.
> I am requesting IBMers to verify the Licensing and the message we are getting 
> is that it cannot find PLPA dataset and yet the same IPL v2r3 volser was able 
> to IPL v2r3 System successfully under the IBM Mainframe host system.
>
> Thanks again,
> Jasi.
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN



-- 
Mike A Schwab, Springfield IL USA
Where do Forest Rangers go to get away from it all?

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Migrate z/OS DASD volumes from Mainframe to Hercules Environment

[Jasi Grewal]

Thank You Mike for response and am an IBM Retiree and continues to work with 
IBMers.
I am requesting IBMers to verify the Licensing and the message we are getting 
is that it cannot find PLPA dataset and yet the same IPL v2r3 volser was able 
to IPL v2r3 System successfully under the IBM Mainframe host system. 

Thanks again,
Jasi.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Migrate z/OS DASD volumes from Mainframe to Hercules Environment

[Joe Monk]

Call from the IBM Lawyers in  3... 2... 1...

Joe

On Tue, Jun 30, 2020 at 5:35 AM Jasi Grewal  wrote:

> Hi,
>
> I am sorry I am just learning Hercules Systems and trying to migrate one
> of my z/OS DASD Systems from Mainframe to Hercules Environment.
> I have z/VM running on Hercules but when I tries to IPL z/OS it seems that
> there is a corruption and that is most probably cause of wrong process.
>
> I believe that there must be some method to migrate the z/OS DASD from
> Mainframe to Hercules.
> I used z/VM DDR+Terse to migrate zOS Dasd but I don't think that is the
> correct process.
> Is there a Documentation in how to migrate z/OS Systems to Hercules? That
> would be appreciated.
>
> Any guidance would be appreciated.
> Thank you in advance,
> Regards,
>
> Jasi Grewal.
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: USS "pwd" returns nothing? Maybe file system created wrong?

[Mike Schwab]

Are you using CKD or CCKD64 volumes?  CCKD has a 4GB limit and CKD has
to have a multi file setup.

On Tue, Jun 30, 2020 at 9:29 AM Michael Knigge  wrote:
>
> All,
>
> have you ever came accross something like that?
>
> I can change into an directory, „ls“ works but „pwd“ returns…. Nothing?!?   
> When I’m in this particular directory a „cd ..“ returns „EDC5122I 
> Input/output error.“
>
>
> I’m pretty new to this „USS administration“ (I’m administering a z/OS running 
> with an z/PDT)… So let me tell what I’ve done – I might have done something 
> really wrong….
>
>
> I need some space in USS so I’ve created some new fresh volumes (3390-9) for 
> my zPDT and formatted them.
>
> INIT UNITADDRESS(0AE0) NOVERIFY VOLID(USS010) -
>STORAGEGROUP -
>VTOC(3,0,50) -
>INDEX(1,0,30)
>
> Now I have some volumes each with 10010 free CYLs.
>
> Then I’ve created a Data Set for the ZFS file system:
>
> DEFINE CLUSTER -
>(NAME (USSSET.DAT.ZFS) -
>VOLUMES (USS002 USS003 USS004 USS005  -
> USS006 USS007 USS008 USS009) -
>LINEAR CYL(1 1) SHAREOPTIONS(3))
>
> The idea was that when the file system needs to be enlarged this is done 
> automatically (let z/OS allocate an additional extend of 1 CYLs from one 
> of the dedicated volumes). I know that every extend neary uses the full 
> volume – this is okay for me in this case…
>
> Okay, then I’ve created the file system:
>
> FORMAT EXEC PGM=IOEAGFMT,REGION=0M,
>  PARM=(' -aggregate USSSET.DAT.ZFS -compat -perms 775 ')
>
>
> Mounted… everything all right…. I saw that just one of the volumes was 
> „used“. So I filled the mounted file system and saw that after some time the 
> log messages
>
> IOEZ00312I Dynamic growth of aggregate USSSET.DAT.ZFS in progress, (by user 
> ADCDZ).
> IOEZ00309I Aggregate USSSET.DAT.ZFS successfully dynamically grown (by user 
> ADCDZ).
>
>
> So for me I guess everything worked as expected… But now…. This „pwd anomaly“ 
> ….. Did I something wrong? Any idea how to get thigs working as expected?
>
>
> Thank you,
> Michael
>
>
> Michael Knigge
> Software Engineer
>
> SET GmbH
> Rühmkorffstraße 5
> 30163 Hannover
>
> Telefon: +49 511 330 998 23
> Fax: +49 511 330 998 65
> michael.kni...@set.de
> https://www.set.de
>
> Handelsregister: Amtsgericht Hannover HRB 52778
> Geschäftsführer: Dr.-Ing. Tobias Baum, Arthur Brack, Hendrik Leder
>
>
> Mit freundlichen Grüßen
>
> Michael Knigge
>
>
>
> SET GmbH
> Rühmkorffstraße 5
> 30163 Hannover
>
> Telefon: +49 511 330 998 23
> Fax: +49 511 330 998 65
> michael.kni...@set.de
> www.set.de
>
> Handelsregister: Amtsgericht Hannover HRB 52778
> Geschäftsführer: Tobias Baum, Arthur Brack, Hendrik Leder
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN



-- 
Mike A Schwab, Springfield IL USA
Where do Forest Rangers go to get away from it all?

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Migrate z/OS DASD volumes from Mainframe to Hercules Environment

[Mike Schwab]

If you are only testing on Hercules and will continue to run
production on IBM z series hardware, I believe IBM doesn't care.  But
the SOFTWARE does check the hardware levels and you have to include a
particular configuration statement for a recent Z operating system to
run on Hercules.  But if you post the exact message we can help you
figure out the problem you are actually experiencing.

On Tue, Jun 30, 2020 at 10:54 AM Binyamin Dissen
 wrote:
>
> Have you complied with the licensing requirements?
>
> On Tue, 30 Jun 2020 05:25:23 -0500 Jasi Grewal  wrote:
>
> :>I am sorry I am just learning Hercules Systems and trying to migrate one of 
> my z/OS DASD Systems from Mainframe to Hercules Environment.
> :>I have z/VM running on Hercules but when I tries to IPL z/OS it seems that 
> there is a corruption and that is most probably cause of wrong process.
>
> :>I believe that there must be some method to migrate the z/OS DASD from 
> Mainframe to Hercules.
> :>I used z/VM DDR+Terse to migrate zOS Dasd but I don't think that is the 
> correct process.
> :>Is there a Documentation in how to migrate z/OS Systems to Hercules? That 
> would be appreciated.
>
> :>Any guidance would be appreciated.
> :>Thank you in advance,
> :>Regards,
>
> :>Jasi Grewal.
>
> --
> Binyamin Dissen 
> http://www.dissensoftware.com
>
> Director, Dissen Software, Bar & Grill - Israel
>
>
> Should you use the mailblocks package and expect a response from me,
> you should preauthorize the dissensoftware.com domain.
>
> I very rarely bother responding to challenge/response systems,
> especially those from irresponsible companies.
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN



-- 
Mike A Schwab, Springfield IL USA
Where do Forest Rangers go to get away from it all?

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Installing Java

[Allan Staller]

Each ptf  of JAVA is a full replacement. You only need the "last" PTF.
Next time you order maintenance or code, specify "eliminate supersedes" when 
placing you order.

BTW, this means any modifications to the java source provided will need to be 
reinstalled each time JAVA is updated.
BTDTGTS

HTH,

-Original Message-
From: IBM Mainframe Discussion List  On Behalf Of 
Gadi Ben-Avi
Sent: Tuesday, June 30, 2020 2:15 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Installing Java

[CAUTION: This Email is from outside the Organization. Unless you trust the 
sender, Don’t click links or open attachments as it may be a Phishing email, 
which can steal your Information and compromise your Computer.]

Hi,
When I ordered z/OS v2.4, I only ordered the 64 bit version of Java.
When we tried to start PFA, it failed. A quick search showed that PFA requires 
the 31 bit version of java.
I ordered it using shopzseries.
The resulting package was over 13GB.
It looks like I have the base version and over 50 PTF's that upgrade it to the 
current version.

Can I prevent SMP/E from installing all of those versions, and just install the 
final fix?
From past experience I know that each PTF is a full replacement of the who java 
SDK.

Gadi


--
For IBM-MAIN subscribe / signoff / archive access instructions, send email to 
lists...@listserv.ua.edu with the message: INFO IBM-MAIN
::DISCLAIMER::

The contents of this e-mail and any attachment(s) are confidential and intended 
for the named recipient(s) only. E-mail transmission is not guaranteed to be 
secure or error-free as information could be intercepted, corrupted, lost, 
destroyed, arrive late or incomplete, or may contain viruses in transmission. 
The e mail and its contents (with or without referred errors) shall therefore 
not attach any liability on the originator or HCL or its affiliates. Views or 
opinions, if any, presented in this email are solely those of the author and 
may not necessarily reflect the views or opinions of HCL or its affiliates. Any 
form of reproduction, dissemination, copying, disclosure, modification, 
distribution and / or publication of this message without the prior written 
consent of authorized representative of HCL is strictly prohibited. If you have 
received this email in error please delete it and notify the sender 
immediately. Before opening any email and/or attachments, please check them for 
viruses and other defects.


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Migrate z/OS DASD volumes from Mainframe to Hercules Environment

[Seymour J Metz]

There is currently no legal way. Now if IBM ever offers a z/OS license for use 
under Hercules, ...

Meanwhile, can you IPL OS/VS2 R3.8?


--
Shmuel (Seymour J.) Metz
http://mason.gmu.edu/~smetz3


From: IBM Mainframe Discussion List [IBM-MAIN@LISTSERV.UA.EDU] on behalf of 
Jasi Grewal [ja...@hotmail.com]
Sent: Tuesday, June 30, 2020 6:25 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Migrate z/OS DASD volumes from Mainframe to Hercules Environment

Hi,

I am sorry I am just learning Hercules Systems and trying to migrate one of my 
z/OS DASD Systems from Mainframe to Hercules Environment.
I have z/VM running on Hercules but when I tries to IPL z/OS it seems that 
there is a corruption and that is most probably cause of wrong process.

I believe that there must be some method to migrate the z/OS DASD from 
Mainframe to Hercules.
I used z/VM DDR+Terse to migrate zOS Dasd but I don't think that is the correct 
process.
Is there a Documentation in how to migrate z/OS Systems to Hercules? That would 
be appreciated.

Any guidance would be appreciated.
Thank you in advance,
Regards,

Jasi Grewal.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: USS "pwd" returns nothing? Maybe file system created wrong?

[Michael Babcock]

You are creating a 10,000 cylinder data set.  Is it defined as extended
format?I also seem to recall that you had to define something in z/VM
for a volume when running z/PDT.

On Tue, Jun 30, 2020 at 4:29 AM Michael Knigge 
wrote:

> All,
>
> have you ever came accross something like that?
>
> I can change into an directory, „ls“ works but „pwd“ returns…. Nothing?!?
>  When I’m in this particular directory a „cd ..“ returns „EDC5122I
> Input/output error.“
>
>
> I’m pretty new to this „USS administration“ (I’m administering a z/OS
> running with an z/PDT)… So let me tell what I’ve done – I might have done
> something really wrong….
>
>
> I need some space in USS so I’ve created some new fresh volumes (3390-9)
> for my zPDT and formatted them.
>
> INIT UNITADDRESS(0AE0) NOVERIFY VOLID(USS010) -
>STORAGEGROUP -
>VTOC(3,0,50) -
>INDEX(1,0,30)
>
> Now I have some volumes each with 10010 free CYLs.
>
> Then I’ve created a Data Set for the ZFS file system:
>
> DEFINE CLUSTER -
>(NAME (USSSET.DAT.ZFS) -
>VOLUMES (USS002 USS003 USS004 USS005  -
> USS006 USS007 USS008 USS009) -
>LINEAR CYL(1 1) SHAREOPTIONS(3))
>
> The idea was that when the file system needs to be enlarged this is done
> automatically (let z/OS allocate an additional extend of 1 CYLs from
> one of the dedicated volumes). I know that every extend neary uses the full
> volume – this is okay for me in this case…
>
> Okay, then I’ve created the file system:
>
> FORMAT EXEC PGM=IOEAGFMT,REGION=0M,
>  PARM=(' -aggregate USSSET.DAT.ZFS -compat -perms 775 ')
>
>
> Mounted… everything all right…. I saw that just one of the volumes was
> „used“. So I filled the mounted file system and saw that after some time
> the log messages
>
> IOEZ00312I Dynamic growth of aggregate USSSET.DAT.ZFS in progress, (by
> user ADCDZ).
> IOEZ00309I Aggregate USSSET.DAT.ZFS successfully dynamically grown (by
> user ADCDZ).
>
>
> So for me I guess everything worked as expected… But now…. This „pwd
> anomaly“ ….. Did I something wrong? Any idea how to get thigs working as
> expected?
>
>
> Thank you,
> Michael
>
>
> Michael Knigge
> Software Engineer
>
> SET GmbH
> Rühmkorffstraße 5
> 30163 Hannover
>
> Telefon: +49 511 330 998 23
> Fax: +49 511 330 998 65
> michael.kni...@set.de
> https://www.set.de
>
> Handelsregister: Amtsgericht Hannover HRB 52778
> ​Geschäftsführer: Dr.-Ing. Tobias Baum, Arthur Brack, Hendrik Leder
>
>
> Mit freundlichen Grüßen
>
> Michael Knigge
>
>
>
> SET GmbH
> Rühmkorffstraße 5
> 30163 Hannover
>
> Telefon: +49 511 330 998 23
> Fax: +49 511 330 998 65
> michael.kni...@set.de
> www.set.de
>
> Handelsregister: Amtsgericht Hannover HRB 52778
> ​Geschäftsführer: Tobias Baum, Arthur Brack, Hendrik Leder
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>
-- 
Michael Babcock
OneMain Financial
z/OS Systems Programmer, Lead

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Virtual SHARE Ageenda

[Seymour J Metz]

In TSS/360, VPAM datasets can have both sequential and index sequential 
members; you can read and write withing a member either sequentially or by key, 
including inserting a new record between existing members. VIPAM is a 
colloquial term for a VPAM dataset containing VIS members. From the 
documentation:

 Three special Data Management Access methods -- the virtual Access
 Methods (VAM)-- have been provided with TSS. They are specifically
 designed for a time-sharing environment and are used to read and write
 data to and from direct access storage devices. For all three of the
 VAM access methods, the data set management (for example, formatting)
 is performed in virtual storage -- using virtual addresses that are
 part of the user's virtual storage address space -- although physical
 device management (e.g., I/O) is performed by system programs in
 resident storage.  Each access method provides access and processing
 capabilities for data sets organized in a specific manner.

  * sequentially (Virtual Sequential Access Method -- VSAM)

  * indexed sequential (Virtual Indexed Sequential Access Method --
VISAM)

  * partitioned (Virtual Partitioned Access Method -- VPAM)

 In TSS, data sets organized for processing by one of the virtual
 access Methods are generally referred to as VAM data sets.

and

 Partitioned Organization
  A data set with partitioned organization has elements, or
  members, that are other data sets; these elements are in either
  sequential or indexed organization.



--
Shmuel (Seymour J.) Metz
http://mason.gmu.edu/~smetz3


From: IBM Mainframe Discussion List [IBM-MAIN@LISTSERV.UA.EDU] on behalf of 
Clark Morris [cfmt...@uniserve.com]
Sent: Monday, June 29, 2020 11:15 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Virtual SHARE Ageenda

[Default] On 29 Jun 2020 18:05:01 -0700, in bit.listserv.ibm-main
sme...@gmu.edu (Seymour J Metz) wrote:

>Re FBA, they did it for other systems, and TSS/360 used page formatted volumes 
>for everything except compatibility volumes, so from a technical perspective 
>it's a no brainer, although direct use of SCSI DASD might make more sense 
>these days. Politically, it's a thorny issue. I'd love to see them extend VSAM 
>to the level of TSS while they're at it, e.g., VIPAM.

What is the logical difference between VPAM (found it in a TSS360
description) and PDSE except PDSE is an add-on (my opinion of the
decision maker who decreed that PDSE or at least a read-only subset
didn't need to be available for SYS1.PARMLIB, SYS1.NUCLEUS and
SYS1.LPALIB is complete contempt)?

Clark Morris

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Migrate z/OS DASD volumes from Mainframe to Hercules Environment

[Binyamin Dissen]

Have you complied with the licensing requirements?

On Tue, 30 Jun 2020 05:25:23 -0500 Jasi Grewal  wrote:

:>I am sorry I am just learning Hercules Systems and trying to migrate one of 
my z/OS DASD Systems from Mainframe to Hercules Environment.
:>I have z/VM running on Hercules but when I tries to IPL z/OS it seems that 
there is a corruption and that is most probably cause of wrong process.

:>I believe that there must be some method to migrate the z/OS DASD from 
Mainframe to Hercules.
:>I used z/VM DDR+Terse to migrate zOS Dasd but I don't think that is the 
correct process.
:>Is there a Documentation in how to migrate z/OS Systems to Hercules? That 
would be appreciated.

:>Any guidance would be appreciated.
:>Thank you in advance,
:>Regards,

:>Jasi Grewal.

--
Binyamin Dissen 
http://www.dissensoftware.com

Director, Dissen Software, Bar & Grill - Israel


Should you use the mailblocks package and expect a response from me,
you should preauthorize the dissensoftware.com domain.

I very rarely bother responding to challenge/response systems,
especially those from irresponsible companies.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Migrate z/OS DASD volumes from Mainframe to Hercules Environment

[Jasi Grewal]

Hi, 

I am sorry I am just learning Hercules Systems and trying to migrate one of my 
z/OS DASD Systems from Mainframe to Hercules Environment.
I have z/VM running on Hercules but when I tries to IPL z/OS it seems that 
there is a corruption and that is most probably cause of wrong process.

I believe that there must be some method to migrate the z/OS DASD from 
Mainframe to Hercules.
I used z/VM DDR+Terse to migrate zOS Dasd but I don't think that is the correct 
process.
Is there a Documentation in how to migrate z/OS Systems to Hercules? That would 
be appreciated.

Any guidance would be appreciated.
Thank you in advance,
Regards,

Jasi Grewal.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Installing Java

[Seymour J Metz]

If the Java service is packaged correctly then SMP will only install the most 
recent PTF that you request. However, it will also install the FUNCTION.  That 
will not cause duplicate elements.


--
Shmuel (Seymour J.) Metz
http://mason.gmu.edu/~smetz3


From: IBM Mainframe Discussion List [IBM-MAIN@LISTSERV.UA.EDU] on behalf of 
Gadi Ben-Avi [gad...@malam.com]
Sent: Tuesday, June 30, 2020 3:14 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Installing Java

Hi,
When I ordered z/OS v2.4, I only ordered the 64 bit version of Java.
When we tried to start PFA, it failed. A quick search showed that PFA requires 
the 31 bit version of java.
I ordered it using shopzseries.
The resulting package was over 13GB.
It looks like I have the base version and over 50 PTF's that upgrade it to the 
current version.

Can I prevent SMP/E from installing all of those versions, and just install the 
final fix?
>From past experience I know that each PTF is a full replacement of the who 
>java SDK.

Gadi


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: USS "pwd" returns nothing? Maybe file system created wrong?

[Seymour J Metz]

It's impossible to tell from the information you've given. Pleas cut and paste 
the entire transaction, from the prompt through the response. There is an error 
code in the message that you need to look up.


--
Shmuel (Seymour J.) Metz
http://mason.gmu.edu/~smetz3


From: IBM Mainframe Discussion List [IBM-MAIN@LISTSERV.UA.EDU] on behalf of 
Michael Knigge [michael.kni...@set.de]
Sent: Tuesday, June 30, 2020 5:29 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: USS "pwd" returns nothing? Maybe file system created wrong?

All,

have you ever came accross something like that?

I can change into an directory, „ls“ works but „pwd“ returns…. Nothing?!?   
When I’m in this particular directory a „cd ..“ returns „EDC5122I Input/output 
error.“


I’m pretty new to this „USS administration“ (I’m administering a z/OS running 
with an z/PDT)… So let me tell what I’ve done – I might have done something 
really wrong….


I need some space in USS so I’ve created some new fresh volumes (3390-9) for my 
zPDT and formatted them.

INIT UNITADDRESS(0AE0) NOVERIFY VOLID(USS010) -
   STORAGEGROUP -
   VTOC(3,0,50) -
   INDEX(1,0,30)

Now I have some volumes each with 10010 free CYLs.

Then I’ve created a Data Set for the ZFS file system:

DEFINE CLUSTER -
   (NAME (USSSET.DAT.ZFS) -
   VOLUMES (USS002 USS003 USS004 USS005  -
USS006 USS007 USS008 USS009) -
   LINEAR CYL(1 1) SHAREOPTIONS(3))

The idea was that when the file system needs to be enlarged this is done 
automatically (let z/OS allocate an additional extend of 1 CYLs from one of 
the dedicated volumes). I know that every extend neary uses the full volume – 
this is okay for me in this case…

Okay, then I’ve created the file system:

FORMAT EXEC PGM=IOEAGFMT,REGION=0M,
 PARM=(' -aggregate USSSET.DAT.ZFS -compat -perms 775 ')


Mounted… everything all right…. I saw that just one of the volumes was „used“. 
So I filled the mounted file system and saw that after some time the log 
messages

IOEZ00312I Dynamic growth of aggregate USSSET.DAT.ZFS in progress, (by user 
ADCDZ).
IOEZ00309I Aggregate USSSET.DAT.ZFS successfully dynamically grown (by user 
ADCDZ).


So for me I guess everything worked as expected… But now…. This „pwd anomaly“ 
….. Did I something wrong? Any idea how to get thigs working as expected?


Thank you,
Michael


Michael Knigge
Software Engineer

SET GmbH
Rühmkorffstraße 5
30163 Hannover

Telefon: +49 511 330 998 23
Fax: +49 511 330 998 65
michael.kni...@set.de
https://secure-web.cisco.com/13l82o2SavKRwtlBGDLf4j3_D3ybgjRIGkZI4S3TTg9XYp8k7Zj2-YnoaNzeP5EYMsWOiVRkU1y5MOkFfWn5VD80yxpI6G2kc4XCISP6OGF2qryTgwuBGZJteIDWU0P7_Uwl9wmgITVoBcn9ZRNmChbWRPr2wwvE1FGu_9LruFjcVVOleoRlx_3i9QkgswCNfy6rZFnXkand-Tw-rU_eg-HGiPIJIJqqVS3yW_4qCLpLoP8Io3GjELpnIdHpwPPgsa6dGZ2G-_S8TE9PkuaRfsGL5Altd8MD0_aREpOdxUKN3r6Ex6j0UiCjFKo2-dB-qO3Qdlj_J9aAuSRSJer1Wy9u_m_ATGsVGvDFVgc0qrzvlxqeEyK_1_xL1magbnmc-g0zip8ITgNFV-YaGmFYcjkebPwCTy5ne7O-Oayfwcdvq5CKw_qlGhWdsKTK2qTxG/https%3A%2F%2Fwww.set.de

Handelsregister: Amtsgericht Hannover HRB 52778
​Geschäftsführer: Dr.-Ing. Tobias Baum, Arthur Brack, Hendrik Leder


Mit freundlichen Grüßen

Michael Knigge



SET GmbH
Rühmkorffstraße 5
30163 Hannover

Telefon: +49 511 330 998 23
Fax: +49 511 330 998 65
michael.kni...@set.de
http://secure-web.cisco.com/1z4WdOg2RFe1HNaPuPdLWTK7ja7FwVJpseaLT1hfWWGcUMYlyjmJHu7pP2Ar4cGdR1EGjuRpvxBa3o3SFg13EH-vtmr_syhrmWrZ7RfYpS8Z0aZkm9AlK3psl_oyhvBpZ0vgPk3nbaM0qBovqwEvHp_SmeTe06Z8MIWkIjX-RTw-HToRpqYbV8AmNXlqcbcKeu0sAtyJhnOoPyteigJPKhyDYTJKcpDHKcgPqelsSUH6xYVx2RVHL3UVg-y7k3bgW0ZHa1t8t6iCsxdQu7fMMTh_5juatUKPdGGNQsCLAS7Duifz367pDocCeYbqkT8TNS7v0beki-BHV3_0FshBn1I2nlNLiXeE6iPnhCQjkudCM7klWsPexFp_UYMmZDw-e3MolvJ8uVuCt8nTEB7TXP02tUoCCjK-twn8et7QZpOx4_G4-WVf2mt5EsWkrIZtr/http%3A%2F%2Fwww.set.de

Handelsregister: Amtsgericht Hannover HRB 52778
​Geschäftsführer: Tobias Baum, Arthur Brack, Hendrik Leder

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

USS "pwd" returns nothing? Maybe file system created wrong?

[Michael Knigge]

All,

have you ever came accross something like that?

I can change into an directory, „ls“ works but „pwd“ returns…. Nothing?!?   
When I’m in this particular directory a „cd ..“ returns „EDC5122I Input/output 
error.“


I’m pretty new to this „USS administration“ (I’m administering a z/OS running 
with an z/PDT)… So let me tell what I’ve done – I might have done something 
really wrong….


I need some space in USS so I’ve created some new fresh volumes (3390-9) for my 
zPDT and formatted them.

INIT UNITADDRESS(0AE0) NOVERIFY VOLID(USS010) -
   STORAGEGROUP -
   VTOC(3,0,50) -
   INDEX(1,0,30)

Now I have some volumes each with 10010 free CYLs.

Then I’ve created a Data Set for the ZFS file system:

DEFINE CLUSTER -
   (NAME (USSSET.DAT.ZFS) -
   VOLUMES (USS002 USS003 USS004 USS005  -
USS006 USS007 USS008 USS009) -
   LINEAR CYL(1 1) SHAREOPTIONS(3))

The idea was that when the file system needs to be enlarged this is done 
automatically (let z/OS allocate an additional extend of 1 CYLs from one of 
the dedicated volumes). I know that every extend neary uses the full volume – 
this is okay for me in this case…

Okay, then I’ve created the file system:

FORMAT EXEC PGM=IOEAGFMT,REGION=0M,
 PARM=(' -aggregate USSSET.DAT.ZFS -compat -perms 775 ')


Mounted… everything all right…. I saw that just one of the volumes was „used“. 
So I filled the mounted file system and saw that after some time the log 
messages

IOEZ00312I Dynamic growth of aggregate USSSET.DAT.ZFS in progress, (by user 
ADCDZ).
IOEZ00309I Aggregate USSSET.DAT.ZFS successfully dynamically grown (by user 
ADCDZ).


So for me I guess everything worked as expected… But now…. This „pwd anomaly“ 
….. Did I something wrong? Any idea how to get thigs working as expected?


Thank you,
Michael


Michael Knigge
Software Engineer

SET GmbH
Rühmkorffstraße 5
30163 Hannover

Telefon: +49 511 330 998 23
Fax: +49 511 330 998 65
michael.kni...@set.de
https://www.set.de

Handelsregister: Amtsgericht Hannover HRB 52778
​Geschäftsführer: Dr.-Ing. Tobias Baum, Arthur Brack, Hendrik Leder


Mit freundlichen Grüßen

Michael Knigge



SET GmbH
Rühmkorffstraße 5
30163 Hannover

Telefon: +49 511 330 998 23
Fax: +49 511 330 998 65
michael.kni...@set.de
www.set.de

Handelsregister: Amtsgericht Hannover HRB 52778
​Geschäftsführer: Tobias Baum, Arthur Brack, Hendrik Leder 

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Installing Java

[David Spiegel]

Hi Gadi AMV"SH,
If later PTFs are truly replacements, the hierarchy of PTFs should be 
that every new PTF should SUPersede any old one.

This means that only the last one actually gets installed.

Regards,
David

On 2020-06-30 03:14, Gadi Ben-Avi wrote:

Hi,
When I ordered z/OS v2.4, I only ordered the 64 bit version of Java.
When we tried to start PFA, it failed. A quick search showed that PFA requires 
the 31 bit version of java.
I ordered it using shopzseries.
The resulting package was over 13GB.
It looks like I have the base version and over 50 PTF's that upgrade it to the 
current version.

Can I prevent SMP/E from installing all of those versions, and just install the 
final fix?
>From past experience I know that each PTF is a full replacement of the who 
java SDK.

Gadi


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
.


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: AT-TLS ?

[Lionel B Dyck]

Sweet - thank you


Lionel B. Dyck <
Website: https://www.lbdsoftware.com

"Worry more about your character than your reputation.  Character is what you 
are, reputation merely what others think you are." - John Wooden

-Original Message-
From: IBM Mainframe Discussion List  On Behalf Of 
kekronbekron
Sent: Tuesday, June 30, 2020 2:34 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: AT-TLS ?

Hi LBD!,

Check these out-


http://www-03.ibm.com/support/techdocs/atsmastr.nsf/WebIndex/PRS5416
http://www-03.ibm.com/support/techdocs/atsmastr.nsf/WebIndex/PRS5415
http://www-03.ibm.com/support/techdocs/atsmastr.nsf/WebIndex/PRS5414

- KB

‐‐‐ Original Message ‐‐‐
On Monday, June 29, 2020 3:56 AM, Lionel B Dyck  wrote:

> Anyone have any pointers for configuring AT-TLS on z/OS?
>
> Lionel B. Dyck <
> Website: https://www.lbdsoftware.com https://www.lbdsoftware.com
>
> "Worry more about your character than your reputation. Character is 
> what you are, reputation merely what others think you are." - John 
> Wooden
>
>
> --
> --
> -
>
> For IBM-MAIN subscribe / signoff / archive access instructions, send 
> email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions, send email to 
lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Installing Java

[kekronbekron]

hi Gadi,


Perhaps the hold data will allow the APPLY job to figure out that only the 
latest ones in the chain actually need to be applied.
Ones in the chain may be superseded, so it's always worth an APPLY CHECK to see 
what's going on.

When downloading, the packaging system may be blindly pulling together related 
fixes, but I'm hoping the SMPHOLD will make the actual apply make sense.


- KB

‐‐‐ Original Message ‐‐‐
On Tuesday, June 30, 2020 12:44 PM, Gadi Ben-Avi  wrote:

> Hi,
> When I ordered z/OS v2.4, I only ordered the 64 bit version of Java.
> When we tried to start PFA, it failed. A quick search showed that PFA 
> requires the 31 bit version of java.
> I ordered it using shopzseries.
> The resulting package was over 13GB.
> It looks like I have the base version and over 50 PTF's that upgrade it to 
> the current version.
>
> Can I prevent SMP/E from installing all of those versions, and just install 
> the final fix?
> From past experience I know that each PTF is a full replacement of the who 
> java SDK.
>
> Gadi
>
>
> -
>
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: AT-TLS ?

[kekronbekron]

Hi LBD!,

Check these out-


http://www-03.ibm.com/support/techdocs/atsmastr.nsf/WebIndex/PRS5416
http://www-03.ibm.com/support/techdocs/atsmastr.nsf/WebIndex/PRS5415
http://www-03.ibm.com/support/techdocs/atsmastr.nsf/WebIndex/PRS5414

- KB

‐‐‐ Original Message ‐‐‐
On Monday, June 29, 2020 3:56 AM, Lionel B Dyck  wrote:

> Anyone have any pointers for configuring AT-TLS on z/OS?
>
> Lionel B. Dyck <
> Website: https://www.lbdsoftware.com https://www.lbdsoftware.com
>
> "Worry more about your character than your reputation. Character is what
> you are, reputation merely what others think you are." - John Wooden
>
>
> -
>
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Installing Java

[Gadi Ben-Avi]

Hi,
When I ordered z/OS v2.4, I only ordered the 64 bit version of Java.
When we tried to start PFA, it failed. A quick search showed that PFA requires 
the 31 bit version of java.
I ordered it using shopzseries.
The resulting package was over 13GB.
It looks like I have the base version and over 50 PTF's that upgrade it to the 
current version.

Can I prevent SMP/E from installing all of those versions, and just install the 
final fix?
>From past experience I know that each PTF is a full replacement of the who 
>java SDK.

Gadi


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN