More Related Content Similar to CICS Transaction Gateway V9.1 Overview (20) CICS Transaction Gateway V9.1 Overview1. Rob Jones – CICS Strategy, Mobile and Transaction Gateway
12 September 2014
CICS Transaction Gateway
Version 9.1
© 2014 IBM Corporation
2. IBM’s statements regarding its plans, directions, and intent are subject to
change or withdrawal without notice at IBM’s sole discretion. Information
regarding potential future products is intended to outline our general
product direction and it should not be relied on in making a purchasing
decision. The information mentioned regarding potential future products
is not a commitment, promise, or legal obligation to deliver any material,
code or functionality. Information about potential future products may not
be incorporated into any contract. The development, release, and timing
of any future features or functionality described for our products remains
at our sole discretion.
© 2014 IBM Corporation
CICS Transaction Gateway V9.1
Disclaimer
2
3. © 2014 IBM Corporation
CICS Transaction Gateway V9.1
Content
3
Introducing CICS TG product suite
What’s new in CICS Transaction Gateway V9.1?
• Mobile
• Connectivity
• Security
• Foundation
Reference resources
4. Microsoft .NET
Framework
C / C++ Java JEE COBOL
CICS TG
for z/OS
© 2014 IBM Corporation
CICS Transaction Gateway V9.1
The CICS TG Product Suite
4
Capabilities your developers need
Scalable integration with your systems
CICS TG for
Multiplatforms
CICS TG
Desktop Edition
Transactional access to your key business assets
Mobile
CICS TS for i TXSeries CICS TS for VSE CICS TS for z/OS
5. IBM WebSphere Application Server Liberty profile / JCA support
CICS TG JCA resource adapters work with WAS Liberty profile
WAS Liberty profile V8.5.5.2 introduced the new Java EE Connector
Architecture (JCA) repository feature
© 2014 IBM Corporation
CICS Transaction Gateway V9.1
5
–Compatible with resource adapters up to JCA 1.6 spec (JEE6)
CICS TG for z/OS + CICS TG for Multiplatforms releases include resource
adapters at the following spec levels:
JCA 1.6 CICS TG V8.1/V9.0/V9.1
JCA 1.5 CICS TG V8.0
See CICS TG developer blogs for further info https://ibm.biz/cicstg-insights
6. © 2014 IBM Corporation
CICS Transaction Gateway V9.1
6
CICS Transaction Gateway V9.1
Mobile integration, robust connectivity, and strong security options
Release themes
Security
Connectivity
Mobile
Foundation
ibm.biz/cicstg91announce
eGA September 5th 2014
GA September 12th 2014
7. © 2014 IBM Corporation
CICS Transaction Gateway V9.1
Mobile enablement - Highlights
Mobile
Mobile enablement for all CICS TS family
and TXSeries products
• Transform JSON / language structures
COBOL, C or PL/1
• Based on WS BIND files
• z/OS Connect-compatible
• Dynamic routing of mobile workload
• Full monitoring and statistics, CICS PA support
8. CICS on
Multiplatforms
© 2014 IBM Corporation
CICS Transaction Gateway V9.1
Systems of Engagement meet Systems of Record
8
Cloud and
API Economy
API Management
DataPower
CICS TG
WebSphere Application Server
Worklight
Linux on
System z
MQ
IMS
CICS TS
DB2
z/OS
z/OS
Connect
Available as Value Unit Editions
9. © 2014 IBM Corporation
CICS Transaction Gateway V9.1
CICS mobile enablement – overview
9
PROGX
HTTP(S)
JSON
transform
JSON
data
Call
CICS
The “transformation engine” includes
Web Service provider
Data transform services
CICS integration
CICS program
Binary
data
10. © 2014 IBM Corporation
CICS Transaction Gateway V9.1
CICS mobile enablement – tooling and run time
10
Bottom-up example
PROGX
HTTP
JSON
transform
JSON
data
Call
CICS
CICS program
Binary
data
copybook
WS BIND
for
PROGX
“JSON assistants” (or
RD/z) generate the
data binding file and
JSON schema
Offline process
11. © 2014 IBM Corporation
CICS Transaction Gateway V9.1
CICS mobile enablement - options
Product Feature Strengths
CICS Transaction
Server for z/OS
11
V4.2/5.1 Mobile Feature pack
V5.2 JSON web services
Proximity to data
Integrated with CICS admin
CICS Transaction
Gateway products
V9.1 JSON web services CICS TS family + TXSeries
Choice of platforms including
cloud e.g. SoftLayer
WebSphere
Application Server
for z/OS
V8.5.5.2 Liberty profile
repository feature, z/OS
Connect
Multiple z/OS subsystems
CICS, IMS, Batch
Service management + APIM
integration
JSON
transform
JSON Binary
12. Each of these solutions share common code for both tooling
and run time to transform data between JSON and binary
representations.
Data transformation for CICS programs is based around
“WS BIND” files. They represent the SOR data structure and
enable the run-time transformation for JSON web services.
© 2014 IBM Corporation
CICS Transaction Gateway V9.1
Mobile enablement today - options
12
JSON
transform
JSON
Product Vehicle Strengths
CICS TS for z/OS V4.2/5.1 Mobile Feature pack
V5.2 JSON web services
Proximity to data
Integrated with CICS admin
CICS TG products V9.1 JSON web services CICS TS family + TXSeries
Choice of platforms including
cloud e.g. SoftLayer
WAS for z/OS V8.5.5.2 Liberty repository
feature z/OS Connect
Multiple z/OS subsystems
CICS, IMS, Batch
Service management + APIM
integration
Binary
13. IBM intends to deliver WebSphere Liberty z/OS Connect (z/OS Connect) as
a common program component of CICS TG.
© 2014 IBM Corporation
CICS Transaction Gateway V9.1
Statement of direction (from ENUS214-263, July 1st, 2014)
13
ibm.biz/cicstg91announce
14. CICS TG (and CICS TS) support two styles JSON web services
© 2014 IBM Corporation
CICS Transaction Gateway V9.1
Terminology: RESTful vs non-RESTful web services
14
Both can be invoked using a HTTP/HTTPS connection
Non-RESTful or request/response
The target CICS program is unaware that it is to be invoked as a web
service. It is designed to be invoked by EXEC CICS PROGRAM LINK, or
ECI
Either COMMAREA or Channel/container data interfaces are available
RESTful
The target CICS program is aware that it is to be invoked as a web
service
HTTP method (GET, POST etc.) & headers are required program inputs
Only the Channel/container data interface is available
15. © 2014 IBM Corporation
CICS Transaction Gateway V9.1
Mixed workloads in CICS TG – z/OS example
15
Application machine z/OS
CICS
JEE
application
server
JCA Resource
Adapters
IPIC
Gateway
daemon
Protocol
Handler
IPIC
JCA
Resource
Adapter
EXCI module
WebSphere Application Server
Java clients
ECI v2 C clients
.NET
Framework-based
clients
JSON
web services
Remote clients Local clients
16. © 2014 IBM Corporation
CICS Transaction Gateway V9.1
JSON web services – Overview
Significant new capabilities for CICS TG
New style of remote client and data representation
–No client-side IBM code required
–Active data transformation within the Gateway daemon
–Service-enablement for any release of CICS server
–Exploit the high availability and instrumentation features of CICS TG
Top-down style service enablement
–Generate COBOL, C, PL/1 language structures from a JSON schema
–Non-RESTful can be used with COMMAREA of channel programs
–RESTful must use channel programs (and therefore IPIC)
Bottom-up style service enablement
–Generate JSON schema from COBOL, C, PL/1 language structures
–Target program is not REST-aware, so JSON web service is non-
RESTful; COMMAREA or channel programs supported
17. © 2014 IBM Corporation
CICS Transaction Gateway V9.1
JSON web services – Solution characteristics
Mix, route or isolate mobile workloads
Create Gateway daemons dedicated to purely to web services
–Isolation might be desirable for business, systems management or
technical purposes
Add web services along side “traditional” CICS TG workloads
–Optionally route web service requests to dedicated CICS servers
Mobile pricing initiative for z/OS ENUS214-223
Workloads on z/OS originating from mobile applications through CICS TG
is eligible for the IBM Mobile Workload Pricing for z/OS
SMF 70, 89 and 110 records are required together an agreed profile of
identifiable elements within the overall workload
18. © 2014 IBM Corporation
CICS Transaction Gateway V9.1
JSON Web Services – CICS TG solution architecture
18
WebSphere Liberty
z/OS Connect-compatible
Interoperable
with
IBM Worklight
19. © 2014 IBM Corporation
CICS Transaction Gateway V9.1
JSON web services – Overview
Powered by Liberty, compatible with z/OS Connect and CICS TS JSON
web services support
Based upon proven technologies
– Uses a “private” embedded WebSphere Liberty profile within the
Gateway daemon for the HTTP server
–Uses common data transformation components at run-time from CICS
TS for z/OS (mobile feature pack / JSON web services)
–JSON WS bind files are interoperable with CICS TS, CICS TG V9.1
and z/OS Connect solutions
The JSON web services assistant is included with CICS TG V9.1 products
–Uses common tooling components with a simplified interface for CICS
TG
20. © 2014 IBM Corporation
CICS Transaction Gateway V9.1
JSON web services – Configuration overview
Simple 1-2-3 configuration in production, development or test
CICS TG configuration requires minimal changes
#1 Obtain the required transformation resources
Use existing WS BIND files, or create them using the provided tools
–use your preferred development environment
#2 Specify the network entry point
Add a new HTTP and/or HTTPS protocol handler definition
–Consider HTTP thread pool default value of 100
#3 Create each web service with a minimum of two attributes!
Add a WEBSERVICE definition
–Requires only the location of the WS BIND file, and a URI
–Default values for other 4 attributes are reasonable
21. © 2014 IBM Corporation
CICS Transaction Gateway V9.1
JSON web services – New protocol handlers
New protocol handlers for HTTP and HTTPS
Define at most ONE each of HTTP and HTTPS protocol handlers
Both are compatible with TCPIP port sharing capabilities:
–SHAREPORT
–SHAREPORTWLM with Gateway daemon health reporting
–Sysplex Distributor
New configuration sub-sections HTTP, HTTPS within the GATEWAY section
No timeout values to define
–Defined at the web service level
No user security attributes to define
–Common SSL resources, CICS connections define authentication
22. © 2014 IBM Corporation
CICS Transaction Gateway V9.1
JSON web services - The new http thread pool
New pool of “listener” threads
New pool of “listener” threads
–Logically equivalent to Connection Manager threads
–Shared between HTTP and HTTPS protocol handlers
–Defined in the GATEWAY section by new keyword, maxhttpconnect
maxhttpconnect=100
Define at most ONE each of HTTP and HTTPS protocol handlers
The HTTP thread pool is shared between the HTTP and HTTPS protocol
handlers
–As Connection Manager threads are shared between the tcp and ssl
protocol handlers, if both are defined
The Worker thread pool is shared by ALL protocol handlers
23. © 2014 IBM Corporation
CICS Transaction Gateway V9.1
Configuring JSON web services - The new protocol handlers
The HTTP protocol handler
Simpler syntax compared to tcp, ssl protocol handlers, e.g.
SUBSECTION HTTP
port=2080
bind=my.server.hostname
ENDSUBSECTION
High Availability / Horizontal scaling
–Compatible with z/OS TCPIP port sharing capabilities
• SHAREPORT
• SHAREPORTWLM with Gateway daemon health reporting
• Sysplex Distributor
–CICS TG for Multiplatforms implementations
• Multiple instances can interoperate as a group using external IP
port sharing solutions
24. © 2014 IBM Corporation
CICS Transaction Gateway V9.1
Configuring JSON web services - The new protocol handlers
The HTTPS protocol handler
Shared Gateway daemon SSL resources and configuration
–Common key ring with SSL protocol handler, IPIC SSL connections
–Common NIST SP800-131A settings
–Supports secure HTTP connections up to TLS 1.2, hardware crypto
Common attributes with the HTTP protocol handler, plus
–client authentication, defaults to off
–cipher suite specification, defaults to all available
Common syntax with the HTTP protocol handler, e.g.
SUBSECTION HTTPS
port=2080
bind=my.server.hostname
ClientAuth=on
CipherSuites=CipherSuite1,CipherSuite2
ENDSUBSECTION
25. © 2014 IBM Corporation
CICS Transaction Gateway V9.1
JSON web services - the JSON web services assistant
Proven data transformation technologies and tooling
JSON web services assistant uses shared components
25
–CICS TS JSON web services (mobile feature pack)
–WebSphere Liberty z/OS Connect
Generates language structure mappings in WS BIND files, and JSON
schemas
The WS BIND files are used to transform data between JSON and binary
representations, for COMMAREA and Channel programs
Enhancements for CICS TG allow interoperability with all CICS TS-family
and TXSeries products
26. CTGLS2JS - Generates a web service binding file and JSON schemas
from a language structure for a non-RESTful (request/response) CICS
program
CTGJS2LS - Generates a web service binding file and language structures
from a JSON schema for non-RESTful (request/response) CICS program
CTGJS2R - Generates a web service binding file and a language structure
from a JSON schema for RESTful CICS programs
© 2014 IBM Corporation
CICS Transaction Gateway V9.1
JSON web services - The JSON web services assistant
JCL samples for z/OS in the PDS, hlq.SCTGSAMP
26
27. “Scriptable” command line utility for Multiplatforms (also in the SDK)
New command ctgassist with sample option files for MAPPING-MODES:
LS2JS - Generates a web service binding file and JSON schemas from a
language structure for a non-RESTful (request/response model) application
JS2LS - Generates a web service binding file and language structures
from a JSON schema to use in your application programs.
© 2014 IBM Corporation
CICS Transaction Gateway V9.1
JSON web services - The JSON web services assistant
27
Options:
•LS-REQUEST/LS-RESPONSE - for non-RESTful (request/response
model) applications
•LS-RESTFUL - for RESTful applications
TARGET-CICS-PLATFORM specifies target CICS platform
zOS/AIX/HP-UX/Solaris/IBM-I/VSE/LinuxI/Windows
–floating point convention, big/little endian encoding etc.
28. © 2014 IBM Corporation
CICS Transaction Gateway V9.1
JSON web services – defining a specific service
The new WEBSERVICE section
Each JSON Web Service requires a single WEBSERVICE section
–Defined in the CICS TG configuration file, e.g.
SECTION WEBSERVICE = inqcust
Uri = customers/inquire
bindfile = LGICUS01.wsbind
server = CICSAOR1
timeout = 30
transactionid = BIZ1
defaultmirror = Y
ENDSECTION
Symbolic name for WS
HTTP uri mapping
Data transform ws-bind
Target CICS server
Maximum wait time
Mirror EIB TRNID value
Attach default or ‘MYMI’
client uri mapping
29. Exploiting Dynamic Server Selection with JSON web services
Separate JSON web service workload to dedicated regions, and exploit the
Gateway daemon’s high availability features
SECTION DSSGROUP = MOBIAORS
Servers = MOBIAOR1,MOBLAOR2
Algorithm = RoundRobin
© 2014 IBM Corporation
CICS Transaction Gateway V9.1
29
ENDSECTION
SECTION WEBSERVICE = inqcust
Uri = customers/inquire
bindfile = LGICUS01.wsbind
server = MOBIAORS
timeout = 30
transactionid = MYMI
defaultmirror = Y
ENDSECTION
Create a DSSGROUP
representing the CICS servers
dedicated to serving the
mobile workload, using
FailOver or RoundRobin
algorithms
Configure the WEBSERVICE
to use the DSSGROUP
30. © 2014 IBM Corporation
CICS Transaction Gateway V9.1
JSON web services - Security with Basic Authentication
Authentication and identity assertion for JSON web services
HTTP(S) client includes an Authorization Request Header
User name and password details are set on the ECI request
Authentication then depends upon the target CICS connection protocol:
–IPIC: IPConn defined with USERAUTH=VERIFY or If the target CICS
uses client authentication, defaults to off
–EXCI: Gateway daemon env-var AUTHUSERPASSWORD=YES
–TCPIP: CICS ECI TCPIPService defined with ATTACHSEC=VERIFY
Identity assertion is also possible (i.e. no password required)
–IPIC: IPConn defined with USERAUTH=IDENTIFY
–EXCI: CONNECTION defined with ATTACHSEC=IDENTIFY
HTTPS combined with Basic Authentication is a likely implementation
31. © 2014 IBM Corporation
CICS Transaction Gateway V9.1
JSON web services - Run-time errors
ECI vs HTTP errors with JSON web services
JSON Web Services support utilize an internal HTTP server within the
Gateway daemon
All responses map to standard HTTP return codes, e.g.:
–200: Everything is OK
–403: Security error – e.g. authentication failure
–404: Not found – e.g. bad URI
–500: Server error – e.g. unknown CICS server
• Possibly a defect if combined with ECI_ERR_SYSTEM_ERROR
–503: Service unavailable – CICS server unavailable
32. © 2014 IBM Corporation
CICS Transaction Gateway V9.1
JSON web services – Run-time errors encoded as JSON
ECI vs HTTP errors with JSON web services
Further details are encapsulated in the JSON response data as a fault
string with reason codes
For example, an ECI_ERR_NO_CICS results in an HTTP 503 error
(Service Unavailable), together with:
{
"Fault":{
"detail":{
"Description":"Communication with the target CICS
server could not be established"
"CICSServer":"<server name>"
},
"faultstring":"ECI_ERR_NO_CICS"
}
}
33. © 2014 IBM Corporation
CICS Transaction Gateway V9.1
32 new statistics for JSON Web Services
34. CICS TG plug-in V3.0 for CICS Explorer V5.2 or z/OS Explorer V2.1
© 2014 IBM Corporation
CICS Transaction Gateway V9.1
New Web Services view
Cut & paste data from the CICS TG perspective
34
35. Request monitoring capabilities have been extended to include unique
attributes of JSON web service requests
The request monitoring exit method, eventFired,receives a Map, with
attributes defined by enumerated data type:
© 2014 IBM Corporation
CICS Transaction Gateway V9.1
JSON web services - New request monitoring attributes
35
com.ibm.ctg.monitoring.RequestData
New attributes are provided for JSON web service requests:
HttpPayload – payload of mobile requests
HttpVerb – GET|POST|PUT|DELETE
HttpPath – The URI being invoked
HttpStatusCode – The return code sent to the client
36. JSON web services – Knowledge Center scenario (z/OS & Multiplatforms)
© 2014 IBM Corporation
CICS Transaction Gateway V9.1
36
Get started by following the scenario SC11
37. © 2014 IBM Corporation
CICS Transaction Gateway V9.1
CICS Performance Analyzer integration
New Web Services Workload report in CICS PA V5.2
A high-level overview of Web Services workload in terms of
– response time
– request volumes
–data transfer
Broken down by Gateway daemon instance
Provides insight into usage patterns throughout a daily, weekly or monthly
cycle
–Reveal longer term trends with historical data
–Spot unusual events with response time spikes
APAR PI20963
38. © 2014 IBM Corporation
CICS Transaction Gateway V9.1
Modern connectivity - highlights
38
Connectivity
Connection management
• For 24x7 continuous operation
Exploits IPIC heartbeat support
• Improved availability across larger
TCP/IP networks
Local-mode IPIC fail over with WAS V8
Client side port override
39. © 2014 IBM Corporation
CICS Transaction Gateway V9.1
IPIC heartbeat exploitation
Pro-active and continuous verification of connectivity status
Increases reliability of IPIC connections over WANs
39
–Reduces time to discover network issues
Avoids problem of connection being silently dropped by firewall
Communication while connection is idle
Default setting is to send heartbeat every 30 seconds
If response not received from target system
–Connection is closed
40. © 2014 IBM Corporation
CICS Transaction Gateway V9.1
IPIC connection management
Gateway daemon system management for IPIC connections
Ability to stop and start IPIC connections
40
–First time capability for CICS TG on z/OS, not possible with EXCI
Selected and controlled quiesce of workload for a specific CICS server
–Carry out planned maintenance on selected CICS regions
–Avoids the need to shut down the Gateway daemon
Allows for DSS group resilience
–Take a connection out of use before stopping CICS
–DSS algorithms continue to distribute work to alternative CICS servers
41. © 2014 IBM Corporation
CICS Transaction Gateway V9.1
IPIC connection management – operations (z/OS)
New SERVER action for z/OS console commands
/F <jobname>,APPL=SERVER,STOP=<SERVER>
41
–Normal close of connection
–Allows for in-progress transactions to complete
–No new transactions can be started
/F <jobname>,APPL=SERVER,STOP=<SERVER>,IMM
–Immediate stop of an IPIC connection
–In-progress transactions receive an error
/F <jobname>,APPL=SERVER,START=<SERVER>
–Start an IPIC server connection that is currently stopped
42. © 2014 IBM Corporation
CICS Transaction Gateway V9.1
IPIC connection management – operations (Multiplatforms)
New SERVER action for ctgadmin
ctgadmin –a server -stop=<SERVER>
42
–Normal close of connection
–Allows in-progress transactions to complete
–No new transactions can be started
ctgadmin –a server -stop=<SERVER>,immediate|imm
–Immediate stop of an IPIC connection
–In-progress transactions receive an error
ctgadmin –a server -start=<SERVER>
–Start an IPIC server connection that is currently stopped
43. © 2014 IBM Corporation
CICS Transaction Gateway V9.1
IPIC connection management – status visibility
New statistic for specific IPIC connection status
CSx_CSTATUS
43
– Represents the current status of specific IPIC connection “x”
Possible values for CSx_CSTATUS:
NOTSTARTED Initial state of the connection
STARTING Connection is in the process of being established
AVAILABLE Connection is established, Gateway accepts requests
UNAVAILABLE Connection has failed, Gateway rejects requests
STOPPING Connection is closing, Gateway rejects new requests
STOPPED Connection is closed, the Gateway rejects requests
44. Automatic fail over between WAS connection factories
Only available for the V9.1 ECI resource adapter using IPIC local mode
Configuration
© 2014 IBM Corporation
CICS Transaction Gateway V9.1
Fail over for Local mode IPIC with WAS V8
44
WebSphere Application Server V8, or later, provides the facility to
specify an alternative, standby connection factory (by JNDI name)
through custom property, alternateResourceJNDIName
Fail over
In the event of communication failure with the primary CICS server
connection, new transactions are automatically (and transparently)
routed to use the alternative connection factory
Recovery
When the primary CICS server connection recovers, new transactions
are automatically routed to use the primary connection factory
45. Facilitates implementation of firewall pass-through rules
Client-server applications using TCP/IP connections typically specify a
target port number when connecting to the server
© 2014 IBM Corporation
CICS Transaction Gateway V9.1
Java application - client port override
45
e.g. Web browsers connect to a web server using port 80, by default
During connection establishment, an ephemeral port number is also
allocated by the client TCP/IP stack
Ephemeral port numbers are typically unpredictable, and unregarded
CICS TG V9.1 Java base classes allow remote mode client applications
(using TCP or SSL) to override the local port number
This allows the use of firewall rules which grant access on the basis of
the local port of the connecting application.
46. © 2014 IBM Corporation
CICS Transaction Gateway V9.1
Secure connectivity
46
Security
SSL for .NET applications
Full NIST SP800-131A compliance
TLS 1.2 secure connections for
• Java JCA .NET APIs to the Gateway
• Gateway to CICS with IPIC connections
SAF certificate & key ring integration
47. Secure connectivity – SSL for .NET Framework-based applications
–Allows secure connectivity with all of the features offered by the
Gateway daemon e.g. Dynamic Server Selection
–Allows identity assertion (+ID Propagation with WAS) in 3-tier solutions
–The CICS TG API for .NET now also provides SSL connectivity
© 2014 IBM Corporation
CICS Transaction Gateway V9.1
Secure connectivity for 3-tier solutions
47
Previously only with SupportPac CA76
Gateway
daemon
CICS
Remote
mode
Java/JEE
apps
CICS TG
ssl
Remote mode
C/C++ apps
IPIC
ssl
Remote mode
.NET apps
CICS TG
tcp
IPIC
tcp
DSS
New in
CICS TG
CICS TG
tcp
ssl
V9.1 48. CTGSTART_OPTS=-j-Dcom.ibm.jsse2.sp800-131=strict | transition
© 2014 IBM Corporation
CICS Transaction Gateway V9.1
NIST SP800-131A and TLS 1.2
NIST SP800-131A compliance brings TLS 1.2 connectivity
US Government requirement for all new federal projects
48
– “Raises the floor” in terms of cryptographic strength in the wider set of
possible cipher suites
CICS TG V9.0 added support for “transition” mode SP800-131A
–included TLS 1.0, dropped SSL protocols up to SSL v3
CICS TG V9.1 adds support for “strict” mode SP800-131A, which
demands TLS 1.2 protocol
–Requires CICS TS V5.1 APAR PM97207, or CICS TS V5.2 (for IPIC)
Back migrated to CICS TG V9.0
–CICS TG for z/OS V9.0 APAR PM98779
–CICS TG for Multiplatforms V9.0.0.2 (V9.0 fix pack 2)
–CICS TG Desktop Edition V9.0.0.2 (V9.0 fix pack 2)
49. CICS TG for z/OS V9.1 makes SAF-based client authentication much
easier
© 2014 IBM Corporation
CICS Transaction Gateway V9.1
SAF-based certificate mapping for SSL client authentication
CICS TG for z/OS V9.1 adds SAF-based certificate mapping
49
–Removes the need to use security exits for Java / JCA
–Allows .NET-Framework based applications to implement SSL client
authentication
–Enables management of access through standard z/OS ESM controls
Secure, remote-mode (3-tier) connectivity is now available for:
–Java applications, servlet or applets using the CICS TG Java base
classes
–JEE enterprise applications using the CICS TG JCA resource adapters
–.NET Framework-based applications using the CICS TG.NET
assembly (V9.1 / CA76)
50. SAF-based key rings with WebSphere Application Server for z/OS
V9.1 allows use of prefix “ESM:” on the value of the keyRingClass
parameter
© 2014 IBM Corporation
CICS Transaction Gateway V9.1
SAF key ring support for CICS TG resource adapters
50
ESM:<key ring name>
CICS ECI resource adapters previously only supported Java key stores
when deployed to WebSphere Application Server for z/OS
–Central management of security artefacts through your ESM
–Exploits established capabilities, audit requirements and processes
associated with your z/OS ESM products
– Removes the “exception case” which previously required a Java key
store on the z/OS UNIX file system, beyond the scope of the ESM
51. © 2014 IBM Corporation
CICS Transaction Gateway V9.1
Foundation
Foundation
Exploit zEC12/POWER8 with SDK 7.1
Virtualized CICS servers with IBM RTW
OSGi support for Java base classes
CICS TG SDK all-in-one package
Channel data for request monitoring
API support for latest Windows
Knowledge Center
52. z/OS Multi-Threaded 64 bit Java Workload 16-Way
~12x Improvement in Hardware and Software
160
140
120
100
80
60
40
20
0
1 2 4 6 8 10 12 14 16 18 20 22 24 26 28 30 32
~12x aggregate hardware and software improvement comparing Java5SR5 on z9 to Java7SR3 on zEC12
© 2014 IBM Corporation
CICS Transaction Gateway V9.1
z/OS Java SDK 7 on zEC12: 16-Way Performance
Aggregate HW and SDK Improvement z9 Java 5 SR5 to zEC12 Java 7SR3
LP=Large Pages for Java heap CR= Java compressed references
Java7SR3 using -Xaggressive + Flash Express pageable 1Meg large pages
52
(Controlled measurement environment, results may vary)
Threads
Normalized Throughput
zEC12 SDK 7 SR3
Aggressive +
LP Code Cache
zEC12 SDK 7 SR1
z196 SDK 7 SR1
z196 SDK 6 SR8
z10 SDK 6 SR4
z10 SDK 6 GM
NO (CR or Heap LP)
z9 Java 5 SR5
NO (CR or Heap LP)
53. CICS TG V9.1 is based upon IBM SDK V7R1 except HP-UX and Solaris (V7R0)
SDK 7.1 exploits POWER8 and System z hardware; System z highlights include:
© 2014 IBM Corporation
CICS Transaction Gateway V9.1
IBM SDK, Java Technology Edition, Version 7 Release 1
Expand zEC12/zBC12 exploitation
53
– More TX, instruction scheduler, traps, branch preload
Runtime instrumentation exploitation
– zEDC (compression hardware) exploitation through java/util/zip
– Integration of SMC-R giving for exploitation of RoCE network hardware
Improved native data binding - Data Access Accelerator
– Integrated with JZOS native record binding framework
Increased general performance/throughput
– Up-to 19% improvement to throughput (ODM workload)
– Up-to 2.4x savings in CPU-time for record parsing batch application
Improved WLM capabilities, SAF and cryptography support
Announcement
ENUS213-498
54. Continuous integration testing – isolated testing
Ability to “virtualize” CICS back-end enabling isolated, automated
regression testing
© 2014 IBM Corporation
CICS Transaction Gateway V9.1
The Gateway intercept plug-in is available in:
54
–CICS TG V9.1 products
–SupportPac CA5F (based on V8.0 Java/JCA API run-time components)
Provides Java/JCA applications with an optional “intercept” plug-in
–Allows developers to perform meaningful tests prior to promoting code
changes
–Dynamic pass-through on a request-by-request basis
RIT V8.0.1.1 plug-in allows use of “real” recorded data to simulate CICS
responses
RIT(s)
CICS
CICS
TG
TG
JAR/
RAR
Client calling
transaction
intercept
plug-in
55. © 2014 IBM Corporation
CICS Transaction Gateway V9.1
Request monitoring capability to access channel payload data
Access to Channel/container data in request monitoring exits
55
– CICS TG V9.0 provided channel payload meta-data
• Channel name, per-container name, type and size
– CICS TG V9.1 delivers a “data peak” function for channels
• Read-only (equivalent to COMMAREA data access)
– Overhead is proportional to the amount of data requested
Sample com.ibm.ctg.samples.requestexit.BasicMonitor updated:
Channel = SAMPLECHANNEL
INPUTDATA(CHAR) = 9 characters
First 9 characters: 'test code'
INPUTDATACCSID(CHAR) = 8 characters
First 8 characters: ' 437'
OUTPUTMESSAGE(CHAR) = 88 characters
First 32 characters: 'Input data was: test code'
INPUTDATALENGTH(BIT) = 4 bytes
First 4 bytes: 00000009 '????'
CICSDATETIME(CHAR) = 19 characters
First 19 characters: '20/02/2014 15:40:52'
56. Support for OSGi (Open Service Gateway initiative) applications
Modern Java run time environments implement the OSGi specification
© 2014 IBM Corporation
CICS Transaction Gateway V9.1
OSGi applications get CICS TG Java base classes
56
–OSGi frameworks include Eclipse Equinox, Apache Felix
For new OSGi Java applications, or existing Java applications migrating
to OSGi, all dependencies must also be “OSGi-friendly”
–The existing CICS TG Java base classes (ctgclient.jar) are not
CICS TG V9.1 provides a new OSGi bundle for the Java base classes
Enables CICS TG base classes to be used from OSGi application servers
–e.g. WebSphere Application Server Liberty profile
The OSGi bundle is included ONLY in the new CICS TG SDK archives
apijavaruntimecom.ibm.ctg.client-1.0.0.jar
57. CICS TG products support APIs for multiple programming languages,
applications servers and platforms
© 2014 IBM Corporation
CICS Transaction Gateway V9.1
Introducing the CICS TG SDK
Application developers get everything in one package
Application development and build resources ..
57
–Are installed in various locations within the CICS TG products
• Can be specific build resources
• Can be dual-purpose run-time and build resources
–Documentation packaged separately, or in Knowledge Center
CICS TG V9.1 introduces the CICS TG SDK
Each CICS TG product includes an SDK package containing all resources
–E.g. sdk/CICS_TG_for_Multiplatforms_9.1_SDK.zip
–Fully redistributable, includes binaries for all supported platforms
58. Request monitoring capability to distinguish client type and version
Monitor full details of individual applications in request monitoring
Identify back-level clients applications, and audit your application mix
© 2014 IBM Corporation
CICS Transaction Gateway V9.1
The RequestData map include new fields
58
–ClientType can be Java, ECIv2, CLR, JSON
–ClientVersion can be 6.1, 7.0, …, up to 9.1
–ClientProtocol can be TCP, SSL, HTTP, HTTPS
–V9.0 added details of the client IP address
Sample com.ibm.ctg.samples.requestexit.BasicMonitor
updated:
ClientType = Java
ClientVersion = 9.1
ClientProtocol = TCP
59. Additional Run-time support for the latest Microsoft operating systems
and compilers
© 2014 IBM Corporation
CICS Transaction Gateway V9.1
API support for latest Windows platforms
Windows 8.1 – 32-bit (x86) and 64-bit (x64) Intel
Windows Server 2012 R2 – only available on Intel x64
Microsoft Visual Studio 2013
59
Applies to
–CICS TG for Multiplatforms
–CICS TG Desktop Edition
–Remote-mode applications connecting with any CICS TG product
60. We are listening – 10 Requests For Enhancement (RFEs) in V9.1
RFE Title
22041 Allow an ECI connection factory to use RACF keyrings
22056 Include the name of the Gateway daemon APPLID in all log messages
22086 Capability to define a local IP Port for remote mode ECI applications
24235 Failover capability between WebSphere and multiple CICS regions via CICS TG local
© 2014 IBM Corporation
CICS Transaction Gateway V9.1
60
mode
30961 Request monitoring exits to permit optional read-only access to channel payload data
30962 Provide the Gateway intercept plug-in interface for Java applications from SupportPac
CA5F
32308 CICS TG support for PowerBuilder IDE
32327 SHA-2 support in CICS TS for z/OS and CICS TG products
43303 CICS TG support for OSGi bundles
45199 Allow cut / paste functionality in CICS TG Explorer plugin
Raise your requirement – tinyurl.com/rfe-cicstg
61. Mobile integration, robust connectivity, and strong security options
© 2014 IBM Corporation
CICS Transaction Gateway V9.1
CICS Transaction Gateway V9.1
Foundation
Exploit zEC12 hardware with SDK 7.1
Virtualized CICS servers with IBM RTW
• Build test-suites for Java/JCA ECI applications
Channel data for request monitoring
API support for latest Windows
61 GA April 25th 2014
Secure connectivity
SSL for .NET applications
Full NIST SP800-131A compliance
TLS 1.2 secure connections for
• Java JCA .NET APIs to the Gateway
• Gateway to CICS with IPIC connections
Modern connectivity
Connection management
• For 24x7 continuous operation
Exploits IPIC heartbeat support
• Improved availability across larger
TCP/IP networks
Service enablement
Mobile integration with JSON web services
• Dynamic routing of mobile workload
• Shared tech with CICS TS + z/OS connect
• JSON xform from COBOL, C and PL/1
• Full monitoring and statistics
62. © 2014 IBM Corporation
CICS Transaction Gateway V9.1
Resources & Support - CICS TG V9.1
CICS TG Version 9.1 Announcement letter ENUS214-263
62
https://ibm.biz/cicstg91announce
CICS TG V9.1 - on-line IBM Knowledge Centers
Scenario sections provide useful example topologies with configuration details
CICS TG for z/OS V9.1
http://www.ibm.com/support/knowledgecenter/SSZHJ2_9.1.0
CICS TG for Multiplatforms V9.1 and
CICS TG Desktop Edition V9.1
http://www.ibm.com/support/knowledgecenter/SSZHFX_9.1.0
63. © 2014 IBM Corporation
CICS Transaction Gateway V9.1
Resources & Support – Get social!
Read and interact with blogposts from the experts!
63
https://ibm.biz/cicstg_insights
Follow latest news and announcements
Twitter
@IBM_CICS @IBM_System_Z @ibmmobile @UkRobJones
#cicstg #mobilemake #cics
Youtube channel
CICS Hursley
Facebook
IBMCICS cicstg
64. © 2014 IBM Corporation
CICS Transaction Gateway V9.1
IBM® CICS® Modernization Solution Pack for z/OS V5.2
64
65. © 2014 IBM Corporation
CICS Transaction Gateway V9.1
Resources & Support - ITSO Redbooks / Red Papers
CICS TG
65
– The Complete Guide to CICS Transaction Gateway, Volume 1, Configuration
and Administration, SG24-8160 (Published 2Q14)
– Using CICS Transaction Gateway with High Availability and
the CICS Explorer, REDP4782
– Developer Connector Applications for CICS, SG24-7714
– CICS TG V7.1 Systems Monitoring, SG24-7562
– CICS TG for z/OS V6.1 (XA, WAS z/OS, security), SG24-7161
CICS TS and z/OS
– Event Processing with CICS, SG24-7792 (3Q2013)
– CICS on System z for Architects, SG24-8067 (4Q2012)
–A CPU Study of Ways into CICS, REDP4906 (1Q2013)
– The Value of IBM System z and z/OS in an SOA, REDP4152
– z/OS Identity Propagation, SG24-7850
– Architecting Access to CICS within an SOA, SG24-5466
– J2C Security on z/OS, REDP4202
66. © 2014 IBM Corporation
CICS Transaction Gateway V9.1
More Resources & Support
66
Announcement Letters
Datasheets/Brochures
Redbooks
Whitepapers
Presentations
Technical Library
APAR RSS feed
and more….
www.ibm.com/cics/ctg
CICS TG Strategy & Planning
rcjones@uk.ibm.com
+44 (0)1962 818588
View existing requirements
http://tinyurl.com/CICSTG-RFE
67. © 2014 IBM Corporation
CICS Transaction Gateway V9.1
Reference resources
67
68. © 2014 IBM Corporation
CICS Transaction Gateway V9.1
Resources & Support - CICS TG articles
68
DeveloperWorks
“CICS Transaction Gateway and AIX workload partitions”
http://www.ibm.com/developerworks/websphere/library/techarticles/1111_mawer/1111_mawer.html
“Accessing CICS from Microsoft .NET applications using CICS Transaction
Gateway”
http://www.ibm.com/developerworks/websphere/library/techarticles/1012_crockett/1012_crockett.html
“Exploiting the J2EE Connector Architecture: Integrating CICS and
WebSphere Application Server using XA global transactions”
http://www.ibm.com/developerworks/websphere/techjournal/0607_wakelin/0607_wakelin.html
“Connecting from Groovy to CICS using the CICS Transaction Gateway”
http://www.ibm.com/developerworks/websphere/library/techarticles/1010_knights/1010_knights.html
69. © 2014 IBM Corporation
CICS Transaction Gateway V9.1
Resources & Support - CICS TG articles
69
Whitepapers
“IBM CICS IP interconnectivity: New features in Version 4.2”
ftp://public.dhe.ibm.com/software/htp/cics/pdf/CICS_TS_V4.2_Connectivity_paper_final.pdf
“Delivering quick access to CICS systems using strategic integration
options”
http://publib.boulder.ibm.com/infocenter/ieduasst/stgv1r0/topic/com.ibm.iea.cicsts/cicsts/3.1z/Resources/G
224-7557-00.pdf
“Integrating WebSphere Application Server and CICS using the JCA”
ftp://ftp.software.ibm.com/software/htp/cics/pdf/WSW14013-USEN-00.pdf
“Transactional integration of WebSphere Application Server and CICS with
the JCA”
ftp://ftp.software.ibm.com/software/htp/cics/pdf/WSW14013-USEN-00.pdf
70. © 2014 IBM Corporation
CICS Transaction Gateway V9.1
Resources & Support - CICS TG articles
70
Enterprise Tech Journal (formerly zJournal)
“CICS Transaction Gateway V9.0: Handling the Demands of the Modern
Enterprise”
http://enterprisesystemsmedia.com/article/cics-transaction-gateway-v9.0-handling-the-demands-of-the-modern-
enterprise
“CICS Transaction Gateway V8.1: What’s New and Why It Matters”
http://enterprisesystemsmedia.com/article/cics-transaction-gateway-v8.1-whats-new-and-why-it-matters
“High Availability Using CICS Transaction Gateway and CICS Transaction
Server”
http://enterprisesystemsmedia.com/article/high-availability-using-cics-transaction-gateway-and-cics-transaction-
serve
“CICS and Identity Propagation: Solving the End-to-End Security
Challenge”
http://enterprisesystemsmedia.com/article/cics-and-identity-propagation-solving-the-end-to-end-security-challeng
“Peering Into the IBM CICS Transaction Gateway Black Box”
http://enterprisesystemsmedia.com/article/peering-into-the-ibm-cics-transaction-gateway-black-box
71. IBM, the IBM logo, and ibm.com are trademarks or registered trademarks of
International Business Machines Corp., registered in many jurisdictions
worldwide. Other product and service names might be trademarks of IBM
or other companies. A current list of IBM trademarks is available at
© 2014 IBM Corporation
CICS Transaction Gateway V9.1
Trademarks
71
http://www.ibm.com/legal/copytrade.shtml
72. © 2014 IBM Corporation
CICS Transaction Gateway V9.1
Acknowledgements
For a list of IBM trademarks see the url at:
72
http://www.ibm.com/legal/copytrade.shtml
– Java and all Java-based trademarks and logos are trademarks or
registered trademarks of Oracle and/or its affiliates.
– Microsoft, Windows, Windows NT, and the Windows logo are
trademarks of Microsoft Corporation in the United States, other
countries, or both.
– UNIX is a registered trademark of The Open Group in the United
States and other countries.
– Linux is a registered trademark of Linus Torvalds in the United States,
other countries, or both.
– Intel, Intel logo, Intel Inside, Intel Inside logo, Intel Centrino, Intel
Centrino logo, Celeron, Intel Xeon, Intel SpeedStep, Itanium, and
Pentium are trademarks or registered trademarks of Intel Corporation
or its subsidiaries in the United States and other countries.
73. © 2014 IBM Corporation
CICS Transaction Gateway V9.1
Backup
73
74. © 2014 IBM Corporation
CICS Transaction Gateway V9.1
zAAP offload rates for IPIC vs EXCI / 31-bit vs 64-bit with V9.0
74
(z10 2097-763 model E64)
C
P
z
A
A
P z
C
P
A
A
P
Source: SupportPac CP01: CICS Transaction Gateway Performance Reports
Approx 20%
CP saving
with IPIC
75. Scaling payload size (1MB increments) with IPIC and V9.0 (100 clients)
© 2014 IBM Corporation
CICS Transaction Gateway V9.1
75
(z10 2097-763 model E64)
Source: SupportPac CP01: CICS Transaction Gateway Performance Reports
76. CICS TG for z/OS – CICS connectivity performance options (z196)
© 2014 IBM Corporation
CICS Transaction Gateway V9.1
76
Source: ITSO RedPaper 4906
77. © 2014 IBM Corporation
CICS Transaction Gateway V9.1
JSON web services – New statistics
New statistics in the Protocol Handler (PH) resource group
Port numbers
PH_SPORTHTTP
–HTTP protocol handler port number
PH_SPORTHTTPS
–HTTPS protocol handler port number
Bind address
PH_SBINDHTTP
–HTTP protocol handler bind address
PH_SBINDHTTPS
–HTTPS protocol handler bind address
78. © 2014 IBM Corporation
CICS Transaction Gateway V9.1
JSON web services – New statistics
The new WebServices (WS) statistics resource group
WS_SCOUNT, WS_SLIST, WS_ILIST, WS_LLIST
–Number and list of defined web services, lists of active web services
WS_IALLREQ, WS_LALLREQ
–Total number of web service requests processed
WS_IAVRESP, WS_LAVRESP
–Average Web Service response times
WS_IREQDATA, WS_LREQDATA, WS_IRESPDATA, WS_LRESPDATA
–Total amount of web service request and response data transferred
WS_IREQHI, WS_LREQHI, WS_SMAXHTTP
–Peak and maximum concurrent Web Service requests
WS_CREQ, WS_CWAITING
–Web service requests waiting for CICS, waiting for a Worker thread
79. © 2014 IBM Corporation
CICS Transaction Gateway V9.1
JSON web services – New statistics
The new specific WebServices (WSx) statistics resource group
WSx_SURI
– The HTTP uri mapping for Web Service “x”
WSx_SSERVER
– The actual or logical CICS server to call for Web Service “x”
WSx_SPROGRAM
– The target CICS program associated with Web Service “x”
–Derived from the WS BIND file
WSx_SEIBTRNID, WSx_SMIRROR
– Mirror transaction attributes for Web Service “x”
80. © 2014 IBM Corporation
CICS Transaction Gateway V9.1
JSON web services – New statistics
The new specific WebServices (WSx) statistics resource group
WSx_IALLREQ, WSx_LALLREQ
– Number of requests for web service “x” processed
WSx_IAVRESP, WSx_LAVRESP
– Average response times for web service “x”
WSx_IREQDATA, WSx_LREQDATA, WSx_IRESPDATA,
WSx_LRESPDATA
– Amount of request and response data transferred for web service “x”
WSx_IREQHI, WSx_LREQHI
– High water marks for concurrent requests to web service “x”
WSx_CREQ
–Web service “x” requests waiting for CICS
Editor's Notes &lt;number&gt;
&lt;number&gt;
&lt;number&gt;
&lt;number&gt;
&lt;number&gt;
&lt;number&gt;
&lt;number&gt;
&lt;number&gt;
&lt;number&gt;
&lt;number&gt;
&lt;number&gt;
&lt;number&gt;
&lt;number&gt;
&lt;number&gt;
Other attributes of interest (from http://www-01.ibm.com/support/knowledgecenter/SS7K4U_8.5.5/com.ibm.websphere.zseries.doc/ae/cdat_dsfailover.html?cp=SS7K4U_8.5.5%2F1-3-0-22-3-0-0-2):
failureThreshold
Values: Must be an integer and &gt; 0.
Description: The failureThreshold property is only read if the failureNotificationActionCode or alternateResourceJNDIName property is set to valid value. If the failureThreshold property is not set or is set to an invalid number the default value of 5 is used. The integer value specified for the failureThreshold is the number of consecutive resource exceptions that must occur for a particular resource before notification is sent or failover occurs.
The following is an example of how this value works: If the failureThreshold property is set to 5 for data source B, then data source B must get five consecutive resource exceptions while attempting to establish connections, with no successful attempts in-between these failures, before notification is sent or the resource can fail over. An attempt to send the notification or fail over is made after five consecutive resource exceptions occur. However, in a multi-threaded environment, after the failure threshold value is reached, the timing of the notification or fail over might occur after additional resource exceptions.Attention: Resource exception counters are not shared between resources. Resource exceptions must be consecutive to reach failure threshold.
alternateResourceJNDIName
Values: String value containing a direct JNDI name.
Description: An alternate connection factory or data source resource should be like the primary resource. Provide the JNDI name of the alternate resource to enable the fail over feature.
Advanced fail over properties
resourceAvailabilityTestRetryInterval
Values: int value, default is 10.
Description: The test connection interval by default is 10 seconds. Every 10 seconds, the test connection thread attempts to test the primary resource. Depending on system resources, this value can be change from 1 -MAXINIT seconds.
enablePartialResourceAdapterFailoverSupport
Values: boolean value, default is false.
Description: If this value is true, fail over to the alternate resource occurs, but fail back to the primary is manual. This property can be set if the resource adapter being used does not meet the requirements for connection fail over, for example, it does not have testConnection implemented or it throws a not supported exception.
disableResourceFailOver
Values: boolean value, default is false.
Description: If this value is true, automatic fail over does not occur.
disableResourceFailBack
Values: boolean value, default is false.
Description: If this value is true, automatic fail back does not occur.
populateAlternateResource
Values: boolean value, default is false.
Description: If this value is true, the alternate resource is populated with connections to maximum connections. Every attempt is made to keep the alternate resource at maximum connections. If the database goes down for the alternate resource, the stale connections are removed and the populate thread repopulates the alternate resource when the database is available. You can dynamically enable and disable the populate alternate resource using the Mbean operations, disablePopulateAlternateResource and enablePopulateAlternateResource.Attention: You might see performance gains during a failover with populate alternate resource enabled, but, the cost is high to keep the alternate resource populated. Most of the cost is in keeping twice the number of connections typically required for one data source. Because connections are large objects, keeping the connections uses additional memory resource on the server and extra resource on the database.
&lt;number&gt;
The Common Language Runtime (CLR) is the virtual machine component of Microsoft&apos;s .NET framework
Point to John’s library page.. As it has public links to all TG related articles…
&lt;number&gt;
&lt;number&gt;
&lt;number&gt;
&lt;number&gt;
&lt;number&gt;