Hello Paul,
Thanks. So, in pcom session I should use o
992 instead of telnet port 23 which we are currently using it.
If yes, then also suggest what more changes we need to make to have 992 tso
connection work to access tso
On Nov 22, 2016 10:27, "Paul Gilmartin" <
On Tue, 22 Nov 2016 11:22:54 +0530, venkat kulkarni wrote:
>Thanks. As I am in process of setting up open ssh on our zos system and now
>I am able to log in to system on once using my tso I'd with ssh port 22.
>But was not able to connect to tso with port 22 by making changes in pcom
>session
On Tue, 22 Nov 2016 14:20:34 +0800, Timothy Sipples wrote:
>
>In contrast, TN3270E tunneling over SSH is not that common. The
>SSH Tectia Server for z/OS, a commercial product, officially supports 3270
>tunneling over SSH. As far as I know the OpenSSH server included with z/OS
>2.2, and its
That's not how TN3270E protocols typically work. If you want encrypted
TN3270E sessions (you should!), I recommend you enable TLS/SSL-encrypted
TN3270E. That capability has been available for two decades now at no
additional charge, starting way back in the OS/390 days, and progressively
improved
On Mon, 21 Nov 2016 23:03:17 -0700, Jack J. Woehr wrote:
>
>However, on the PCOMM workstation, *if* you have ssh, you can do an ssh port
>redirect first, and then you can get
>through to the Telnet3270E port on your z/OS machine.
>
I believe that requires an ssh *server* on the workstation.
venkat kulkarni wrote:
So, I wanted to take help of expert to make this tso connection work with
port 22. Please correct me if my understanding is wrong
Well, I'm hardly an "expert".
SSH and secure Telnet3270E essentially use the same security technology, that
is, OpenSSL.
Secure Telnet3270E
On Tue, 22 Nov 2016 11:12:51 +0530, venkat kulkarni wrote:
>It's on live system not on zpdt. But as I mentioned before I would like to
>use secure port 22 to connect with tso instead of telnet port 23.
>
>Please suggest me the way to make this connection work.
>
Can you get a secure connection
Thanks. As I am in process of setting up open ssh on our zos system and now
I am able to log in to system on once using my tso I'd with ssh port 22.
But was not able to connect to tso with port 22 by making changes in pcom
session connection.
So, I wanted to take help of expert to make this tso
venkat kulkarni wrote:
It's on live system not on zpdt. But as I mentioned before I would like to
use secure port 22 to connect with tso instead of telnet port 23.
Please suggest me the way to make this connection work.
Don't you just want secure TN3270e? You don't need SSH itself.
On 22/11/2016 1:42 PM, venkat kulkarni wrote:
It's on live system not on zpdt. But as I mentioned before I would like to
use secure port 22 to connect with tso instead of telnet port 23.
Please suggest me the way to make this connection work.
There is no way that I know of. Are you sure you
It's on live system not on zpdt. But as I mentioned before I would like to
use secure port 22 to connect with tso instead of telnet port 23.
Please suggest me the way to make this connection work.
On Nov 22, 2016 08:17, "Amrith" <
00ae6d97fc6e-dmarc-requ...@listserv.ua.edu> wrote:
> I think
I think thats the way it's supposed to be used, you can try using putty if you
want to. Are you on real iron or zPDT ?
On Tuesday, November 22, 2016 10:22 AM, venkat kulkarni
wrote:
Hello,
Thanks for reply. Sorry for not being clear. Basically I want to
On Tue, 22 Nov 2016 10:22:09 +0530, venkat kulkarni wrote:
>
>Thanks for reply. Sorry for not being clear. Basically I want to use SSH
>with port 22 duribg accessing tso using pcom session. Currently we use
>telnet with port 22.
>
Looking at an arbitrarily selected /etc/services I see:
ssh
On Tue, 22 Nov 2016 08:04:06 +0530, venkat kulkarni wrote:
>
>We are setting up open SSH with our z/OS system and we are done with making
>connection to omvs using SFTP and transfer file to the system and vice
>versa.
>
>But, I still not able to find way to setup secure connection to TSO using
Hello,
Thanks for reply. Sorry for not being clear. Basically I want to use SSH
with port 22 duribg accessing tso using pcom session. Currently we use
telnet with port 22.
On Nov 22, 2016 06:11, "Paul Gilmartin" <
000433f07816-dmarc-requ...@listserv.ua.edu> wrote:
> On 2016-11-21 19:34,
On 2016-11-21 19:34, venkat kulkarni wrote:
> Hello Group,
>
> We are setting up open SSH with our z/OS system and we are done with making
> connection to omvs using SFTP and transfer file to the system and vice
> versa.
>
> But, I still not able to find way to setup secure connection to TSO
Hello Group,
We are setting up open SSH with our z/OS system and we are done with making
connection to omvs using SFTP and transfer file to the system and vice
versa.
But, I still not able to find way to setup secure connection to TSO using
port 22 ( SSH). Can you please help me to define this
All of my Sysplexes each have a shared single MCAT per plex. Setting up a
Sysplex is probably where the recommendation to a single MCAT is located. In an
emergency the LOADxx can be edited to point to any other MCAT and they will all
serve to get a system up and running. Additionally in each
So what is the intent of your configuration?
To take advantage of all the wonderfulness that is SYSPLEX :)
Separate but equal? Or are they running from a common SYSRES Set? Other???
We will have 2 systems that are identical. They are going to have a common
SYSRES with a secondary SYSRES to
You can do either and will some associated issues. Here are some:
If you have a MCAT for each LPAR you will have so many MCAT's + its backup to
maintain and garbage in it piles up with time.
If you have a shared MCAT, you need to maintain one MCAT/SYSPLEX and one
backup.At the time of z/OS
By using INDIRECT CATALOG you can use different SYSRES Sets, but the same
SYS1.** names.
Lizette
-Original Message-
>From: Lizette Koehler
>Sent: Nov 21, 2016 3:10 PM
>To: IBM-MAIN@LISTSERV.UA.EDU
>Subject: Re: Catalogs in a SYSPLEX
>
>So the answers are
>
>
Biggest problem I see with multiple master catalogs is that you have to keep
entries in synch. First time you debug a weird problem resulting from
out-of-synch catalogs, I think you'll want a single one.
As for installing software maintenance, you should alternate between (at least)
two
So the answers are
It depends on what you want to do
Your milage May Vary (YMMV)
If you want to access the datasets from either Plex easily, a Shared Master is
okay. Remember the master cat should only have Aliases to usercats, and SYS1
datasets for that environment. If you want
I was doing some research and I cannot seem to find any specific mention of
using a single shared master catalog in the manuals. It doesn't mean I was
looking in the correct manuals it just means that what I had been told may not
be 100% accurate. The manuls do seem to IMPLY that a shared
We currently have a 2 LPAR sysplex and the master catalog in not shared. Prior
to this job I worked at a shop where we supported sysplexes from a single
system to up to 10 LPARs in a single sysplex. The master catalogs were not
shared , I think I would put forth one big reason for not sharing
A lot depends on whether you're creating a net new member or combining two
existing systems into a single plex. As I said in a previous thread, combining
systems is very tough unless you're willing to put up with the vagaries of a
'bronze-plex'.
If you're creating a new system, you can clone
At our shop we have three master catalogs in the same sysplex. We run three
"levels" of lpars and the master catalogs are by level. Our three tech lpars
share a master catalog. Our three application test lpars share a different
master catalog. Our 6 production lpars share a different master
We are creating a SYSPLEX of two systems and there seems to be some debate
about using a single shared master catalog or multiple master catalogs on each
system. The IBM manuals recommend a single shared master catalog but our CE has
been advocating multiple catalogs. What are the pros and cons
On Sun, 20 Nov 2016 22:42:16 +0200, Binyamin Dissen
wrote:
>I am receiving
>
>ASMA033I Storage alignment for @DDNTXTU.S99TUPAR unfavorable
>
>where the value of S99TUPAR is 6, but it is a dependent using and the actual
>offset is at a doubleword boundary.
>
>Working
On Mon, 21 Nov 2016 09:33:20 -0800, Ed Jaffe wrote:
>However, it's not trivial to determine from where you were loaded. It
>could be STEPLIB/JOBLIB, it could be LPA, it could be LNKLST.
It shouldn't be that hard if you know the member name. Create a DCB
for STEPLIB and open it. If that works,
On 11/21/2016 8:27 AM, Charles Mills wrote:
Exactly. That is what I intend to do.
Charles
John McKown wrote:
THE PRODUCT IS NOT APF AUTHORIZED DUE TO THE DSN=SOME.NONAPF.LIBRARY ON VOLUME
volser BEING ON THE STEPLIB/JOBLIB. DSN=SOME.NONAPF.LIBRARY ON volser IS NOT
APF AUTHORIZED.
... or
I believe that's the right approach. For now anyway. You have control. You can
build a common routine that any APF product can call during initialization. If
IBM ever comes up with a more general solution, you can revisit your solution.
.
.
J.O.Skip Robinson
Southern California Edison Company
One caveat. APF can be modified dynamically without updating PARMLIB. Not
necessarily an error if it's the first try with a new application, although in
practice it's a red flag.
.
.
J.O.Skip Robinson
Southern California Edison Company
Electric Dragon Team Paddler
SHARE MVS Program Co-Manager
Exactly. That is what I intend to do.
Charles
-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf
Of Elardus Engelbrecht
Sent: Monday, November 21, 2016 2:58 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Which STEPLIB concatenation is not
I don't do 64Bit stuff at this point. But, as soon as I can today, I'll go look
at the DSECTs...
Sent from my iPhone
> On Nov 21, 2016, at 12:03 AM, Binyamin Dissen
> wrote:
>
> It is properly aligned in the main dsect.
>
> ZZZ DSECT
>
http://www.ibm.com/support/knowledgecenter/SSLTBW_2.1.0/com.ibm.zos.v2r1.idad400/coefsds.htm
It uses the LBI (Large Block Interface).
On Mon, Nov 21, 2016 at 9:25 AM, R.S. wrote:
> Since (FAIK) z/OS 1.12 times DSS DUMP output dataset can be extended format
> PS.
>
Since (FAIK) z/OS 1.12 times DSS DUMP output dataset can be extended
format PS.
It's strange: When you omit blocksize (use SDB), the blocksize of the
dump dataset will be 27998, for PS, PS-LARGE, and for extended format PS.
However for ext-fmt PS there is *one block per track*. Yes, when you
Not only STEPLIB (and JOBLIB) but also any tasklib, which in fact can be any
ddname.
And then the problem arises: when should the 'non-apf warming' be issued? You
could have a ddname with a concatenation of loadlibraries, that are never going
to be used to LOAD modules from, so the warning is
John McKown wrote:
>But I can see where it would be _very_ nice if an application to do a
>TESTAUTH to make sure that it is APF authorized. And, if not, then put out a
>message similar to:
>THE PRODUCT IS NOT APF AUTHORIZED DUE TO THE DSN=SOME.NONAPF.LIBRARY ON VOLUME
>volser BEING ON THE
On Mon, Nov 21, 2016 at 7:27 AM, Tom Marchant <
000a2a8c2020-dmarc-requ...@listserv.ua.edu> wrote:
> On Sun, 20 Nov 2016 09:28:40 -0600, Walt Farrell wrote:
>
> >... and may seriously hurt the performance, reliability, and availability
> of your z/OS
> >system and the applications running on
On Mon, Nov 21, 2016 at 7:21 AM, Charles Mills wrote:
>
>
> YOU say it's all authorized. z/OS says it's not. Let's think who's
> probably right here.
>
I agree, but I have a couple of friends who are / were in level 1
support. You'd be amazed by stories of ignorance and
On Sun, 20 Nov 2016 09:28:40 -0600, Walt Farrell wrote:
>... and may seriously hurt the performance, reliability, and availability of
>your z/OS
>system and the applications running on it.
Not to mention relying on a platform that is more subject to hacking than a
properly
configured z/OS
YOU say it's all authorized. z/OS says it's not. Let's think who's probably
right here.
CharlesSent from a mobile; please excuse the brevity
Original message
From: Peter Relson
Date: 11/21/16 2:12 PM (GMT+01:00)
To: IBM-MAIN@LISTSERV.UA.EDU
>Would YOU buy a product from a vendor that talked to
>you like that?
Maybe not. But why wouldn't helpful technical support say
"please issue DISPLAY PROG,APF and let me see the output so that I can
help you figure out what is wrong?"
How do you think conversations go for just about anyone when
On Sun, 20 Nov 2016 13:41:20 -0600, Paul Gilmartin wrote:
>On Sun, 20 Nov 2016 17:01:43 +, Jesse 1 Robinson wrote:
>
>>the requirements for APF concatenation were invented to protect the customer
>>
>The particular implementation protects the customer from nothing.
Of course it does. Your
It is frankly a bit scary to have this question being asked like this,
since this is being asked by the owner of authorized code. Karl Schmitz of
IBM has given many presentations to many customers and vendors on system
integrity. This is a very basis system integrity question, the answer to
Although performing validation in your interface routine is never a bad thing,
the real validation must *always* be done in the PC routine itself as someone
might attempt to invoke your PC by crafting the parameter list manually outside
of your interface.
Always access caller data in the key
Does anyone have any experience with the above software, as a tool to
capture updates to a "classic" VSAM file on the mainframe and propagate
them to a open-systems data base?
Thanks,
Steff Gladstone
--
For IBM-MAIN subscribe /
48 matches
Mail list logo