CICS Transaction Gateway for z/OS, Version 7.0 delivers significant enhancements over previous releases, in three key value areas:
- Systems monitoring capability
- Extended networking support
- Advanced security enablement
Systems monitoring capability
CICS Transaction Gateway for z/OS, Version 7.0 can perform real-time monitoring of the gateway systems. This important capability delivers a window into the CICS Transaction Gateway "black-box", enabling its activity to be monitored proactively. This capability enables CICS Transaction Gateway to detect and resolve abnormal occurrences before they cause a problem to production operations. Systems administrators and capacity planners can analyze system utilization metrics, and perform online problem determination of these CICS Transaction Gateway system functions.
CICS Transaction Gateway provides statistics about a number of important metrics, including External Communication Interface (EXCI) pipe usage, configurable system limits, internal thread usage and processed transaction requests. You can also access critical information about connection management and transaction throughput, and obtain information about the proximity of the workload to the levels set in the configurable limits. If necessary, you can take action to reduce the need for planned outages or prevent the occurrence of unplanned downtime.
These statistics are made available through two methods. First, you can access monitoring statistics through the extended z/OS system command-based administration interface. You can also choose to exploit the new external C language application programming interface (API). Using this API enables custom-built solutions or monitoring applications to use the system monitoring statistics and exploit is value within integrated monitoring applications.
Also, monitoring automation is enhanced through the new ability to direct critical CICS Transaction Gateway messages to the z/OS console. This capability provides better and easier automated operations when using IBM Tivoli® System Automation for z/OS by increasing the availability of the CICS Transaction Gateway so that the systems can take predefined courses of action when certain conditions occur, without operator intervention.
Extended networking support
With this release, CICS Transaction Gateway includes the ability to process Internet Protocol, Version 6 (IPv6) connections from remote Java clients, providing for better routing, enhanced security and global scalability delivered in this latest version of the IP standard. TCP/IP, Secure Sockets Layer (SSL) and Transport Layer Security (TLS) connections into the Gateway daemon from remote Java clients can use IPv6 connections along with IPv4 connections. Using IPv6 delivers improved interoperability with CICS applications deployed on the IBM System z™ platform, and enables the enhanced routing and auto-configuration capabilities of IPv6 networks to be seamlessly used within the enterprise.
Also, integration with the z/OS Workload Manager (WLM) now enables intelligent distribution of workload across a sysplex, providing increased systems availability. This capability enables CICS Transaction Gateway for z/OS, Version 7.0 to provide dynamic feedback on CICS region availability to the TCP/IP load-balancing mechanisms on the z/OS platform through the facilities of the z/OS WLM component. These server-specific WLM recommendations can be used Sysplex Distributor, TCP/IP port sharing or the z/OS Load Balancing Advisor to determine which individual Gateway daemon will have priority when any new TCP/IP, SSL or TLS connections are established. This capability can increase the availability of applications and help reduce the likelihood of any one CICS region being overloaded.
Advanced security enablement
Support for the TLS, Version 1.0 protocol now enables more-stringent encryption capabilities and better interoperation with a variety of secure clients. Along with the existing support for SSL, Version 3.0, support is added for the TLS, Version 1.0 protocol for security-rich connections into the Gateway daemon.
The ability to offload other encryption to the cryptographic services of the System z hardware enables increased throughput of SSL and TLS requests. This capability is provided through support for the IBMJSSE2 security provider in the software development kit (SDK) for z/OS. Using IBMJSSE2 can lead to reduced processor usage and increased system throughput through the hardware cryptographic support for the DES, Triple DES, RSA and SHA algorithms, and also provides the option for enhanced protection of encryption key values through highly secure, key cryptographic-coprocessor functional support.
Support for stronger RACF passwords is also included, through the ability to verify a mixed-case password when enabled in RACF. When this function is activated, the Gateway daemon is able to authenticate case-sensitive passwords with RACF, and flow the authenticated user ID onto connected CICS Transaction Server for z/OS regions.
View Version 7.0 technical details
