Front cover
Virtualization Cookbook for IBM Z Volume 1 IBM z/VM 7.2
Lydia Parziale Edi Lopes Alves Vic Cross Paul Novak Mauro Cesar de Souza
Redbooks
International Technical Support Organization
Virtualization Cookbook for IBM Z Volume 1
July 2021
SG24-8147-02 Note: Before using this information and the product it supports, read the information in “Notices” on page xiii.
Third Edition (July 2021)
This edition applies to IBM z/VM Version 7, Release 2, Red Hat Enterprise Linux version 8, and SUSE Linux Enterprise Server 15 GA, and Ubuntu Server 20.04.
© Copyright International Business Machines Corporation 2015, 2016, 2021. All rights reserved. Note to U.S. Government Users Restricted Rights -- Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. Contents
Notices ...... xiii Trademarks ...... xiv
Preface ...... 1 Concept of the series ...... 1 Volumes in this series ...... 2 Main parts of this volume ...... 2 Considerations ...... 3 Conventions ...... 3 Font conventions in this cookbook series ...... 3 Command conventions that are used in this cookbook series ...... 3 Operating system releases that are used ...... 3 Authors...... 4 With gratitude ...... 5 Now you can become a published author, too! ...... 7 Comments welcome...... 7 Stay connected to IBM Redbooks ...... 7
Summary of changes...... 9 Summary of changes in this book ...... 9
Part 1. z/VM cloud concepts and planning...... 11
Chapter 1. Conceptual overview ...... 13 1.1 Basic concepts ...... 14 1.2 Why choose this hardware platform, and why z/VM? ...... 15 1.2.1 Virtualization and cloud computing originated here ...... 15 1.2.2 The ultimate virtualization platform ...... 15 1.2.3 Optimized for Linux ...... 16 1.2.4 The hidden secret ...... 17 1.2.5 A community of friends ...... 17 1.3 The philosophy that was adopted in authoring this book ...... 17 1.4 A high-level overview of components and terminology ...... 18 1.4.1 Hardware ...... 18 1.4.2 Software ...... 20 1.4.3 z/VM capabilities and enhancements by version and release ...... 22 1.5 Choices and decisions for this book ...... 27 1.6 Single system image design ...... 29 1.7 Infrastructure design ...... 30 1.8 Usability tests that are performed ...... 31 1.9 Critical differences of LOGOFF versus DISCONNECT...... 31 1.10 Summary of Linux and z/VM similarities ...... 32
Chapter 2. Planning ...... 33 2.1 Hardware operation and interface mode...... 35 2.1.1 Processor Resource/Systems Manager ...... 35 2.1.2 IBM Dynamic Partition Manager ...... 35 2.2 Choosing a z/VM installation method ...... 36 2.2.1 Understanding traditional and upgrade installations ...... 36
© Copyright IBM Corp. 2015, 2016, 2021. All rights reserved. iii 2.2.2 Classifications used in this book ...... 37 2.2.3 New and upgrade installations to DASD...... 37 2.2.4 Installing as VMSSI with live guest relocation...... 38 2.2.5 Planning aids ...... 40 2.3 Bill of materials ...... 40 2.3.1 Hardware ...... 40 2.3.2 Software ...... 41 2.3.3 Networking ...... 42 2.4 Disk planning...... 43 2.4.1 Primary considerations ...... 43 2.5 HiperDispatch planning ...... 48 2.6 Storage planning ...... 48 2.6.1 z/VM 7.2 initial installation and migrations considerations ...... 48 2.6.2 Storage allocation ...... 49 2.6.3 Global aging list ...... 50 2.7 Paging ...... 50 2.7.1 Recommendations, tips, and hints ...... 50 2.7.2 Calculating paging space ...... 51 2.8 Passwords and passphrases ...... 52 2.9 Network ...... 53 2.9.1 Involvement of stakeholders ...... 53 2.9.2 Open Systems Adapters ...... 54 2.9.3 Network attachment options and considerations ...... 54 2.9.4 Maximum transmission unit size matters ...... 55 2.9.5 IBM HiperSockets ...... 56 2.9.6 IPv4 and IPv6 ...... 57 2.10 Channel-to-channel adapter planning ...... 57 2.11 z/VM standardized naming conventions ...... 58 2.11.1 DASD volume labeling convention ...... 58 2.11.2 Virtual network device naming convention ...... 59 2.11.3 Minidisk and virtual disk naming convention for Linux ...... 60 2.11.4 Backup file naming convention ...... 60 2.11.5 Command retrieve convention ...... 61 2.12 Architectural overview of this book’s environment ...... 62 2.13 Example planning worksheet ...... 62 2.13.1 IBM Shop Z ...... 63 2.13.2 Hardware Management Console ...... 63 2.13.3 z/VM installation planning panels ...... 63 2.13.4 z/VM networking resources...... 66 2.13.5 z/VM DASD...... 67 2.13.6 FCP devices ...... 68 2.13.7 Linux resources...... 69 2.13.8 Host names and IP addresses ...... 70
Chapter 3. Security considerations...... 71 3.1 Security policy ...... 72 3.2 External Security Manager ...... 72 3.2.1 How hypervisor security protects you ...... 72 3.2.2 z/VM built-in security...... 73 3.2.3 Improving z/VM security by using an External Security Manager...... 73 3.3 Separation of authority ...... 75 3.3.1 Surrogate logon: Logon-by capability ...... 75 3.3.2 Maintaining separation of administration tasks ...... 76 iv Virtualization Cookbook: Vol 1: IBM z/VM 7.2 3.4 Multifactor authentication ...... 77 3.5 TLS for network traffic ...... 78 3.5.1 Why secure z/VM traffic? ...... 78 3.5.2 Enabling TLS for z/VM TN3270 server ...... 78
Chapter 4. Optional extra features of z/VM...... 83 4.1 IBM Cloud Infrastructure Center ...... 84 4.1.1 Infrastructure management...... 84 4.1.2 Automation ...... 84 4.1.3 Integration ...... 85 4.2 OpenShift ...... 85 4.2.1 Benefits of Red Hat OpenShift Container Platform...... 85 4.2.2 Benefits of RHOCP on IBM Z and IBM LinuxONE ...... 86 4.2.3 Typical RHOCP deployments and Topologies ...... 86 4.2.4 Production environment ...... 86 4.2.5 Virtualization and hypervisors ...... 88 4.3 Operations Manager ...... 88 4.4 Backup and Restore Manager ...... 89 4.5 CMS Pipelines and VM utilities ...... 91 4.5.1 CMS Pipelines ...... 91 4.5.2 VM Utilities ...... 91 4.6 zSecure Manager for RACF z/VM...... 93
Part 2. Installation, configuration, and service ...... 95
Chapter 5. Installing z/VM...... 97 5.1 Obtaining z/VM through electronic download ...... 98 5.1.1 Placing the order...... 98 5.2 Configuring an FTP server for z/VM installation ...... 108 5.2.1 Creating directories on the FTP server and upload the installation image . . . . . 108 5.3 Installing z/VM from a DVD or an FTP server ...... 110 5.4 Starting the z/VM installation...... 111 5.4.1 Logging on to HMC ...... 111 5.4.2 In-memory z/VM system loaded ...... 113 5.5 Installing VMSSI ...... 115 5.5.1 Copying the in-memory z/VM system to DASD ...... 115 5.5.2 IPL the first VMSSI member ...... 120 5.5.3 IPL for the remaining VMSSI members...... 122 5.6 Installing non-SSI z/VM...... 124 5.6.1 Copying in-memory z/VM system to DASD ...... 124 5.6.2 IPL the new z/VM 7.2 ...... 128 5.7 Initial TCP/IP configuration ...... 128 5.7.1 Using the z/VM IPWIZARD tool ...... 128 5.8 Adding CTCAs to an SSI cluster ...... 130 5.8.1 Adding the CTC devices dynamically ...... 132 5.8.2 Adding the CTC devices permanently...... 133 5.8.3 Configuring TCPIP to automatically start during the system IPL ...... 133
Chapter 6. Configuring z/VM ...... 137 6.1 Configuring z/VM...... 139 6.2 Configuring the XEDIT PROFILE ...... 139 6.3 z/VM parm disks ...... 143 6.4 System Configuration file ...... 143 6.5 Editing the z/VM SYSTEM CONFIG file ...... 143
Contents v 6.5.1 Modifying features and optimizing parameter settings ...... 144 6.5.2 Enabling and configuring virtual networking components...... 149 6.5.3 Using CPSYNTAX to validate the modified system configuration file...... 151 6.5.4 Initializing the allocated DASD for z/VM Service data...... 152 6.5.5 Service-level validation and subscribing to service notifications...... 154 6.6 Enabling and configuring DirMaint ...... 155 6.7 Enabling and configuring RACF ...... 155 6.7.1 Creating the RACF RPIDIRCT command file ...... 156 6.7.2 Customizing SMF ...... 158 6.7.3 Copying the RACF databases ...... 160 6.7.4 Setting up the AUTOLOG1 and AUTOLOG2 virtual machines...... 165 6.7.5 Enabling RACF ...... 166 6.7.6 Putting RACF into production on all members ...... 167 6.7.7 Configuring SMAPI to work with RACF...... 173 6.7.8 Configuring LogonBy processing ...... 176 6.7.9 Using the RACF SMF data unload utility...... 179 6.8 Implementing more network features ...... 180 6.8.1 Enabling z/VM FTP and Network File System functions...... 180 6.8.2 Reconfiguring TCP/IP for high availability by using a VSWITCH ...... 181 6.9 Shutting down and IPLing the SSI cluster again ...... 183 6.9.1 IPLing the other SSI members ...... 184 6.10 Validating and testing your changes ...... 185 6.11 Adding page volumes and perm (user) volumes...... 186 6.11.1 Formatting volumes for page space ...... 186 6.11.2 Copying the utilities to Shared File System file pools ...... 186 6.11.3 Using the CPFORMAT EXEC...... 190 6.11.4 Formatting DASD for minidisks...... 191 6.11.5 Updating the SYSTEM CONFIG file ...... 192 6.11.6 Attaching minidisk volumes to the system for use ...... 194 6.11.7 Shutting down and IPLing the SSI cluster again...... 195 6.12 Enabling z/VM basic system automation ...... 196 6.12.1 Configuring AUTOLOG1’s PROFILE EXEC ...... 196 6.12.2 Configuring and enabling the programmable operator facility...... 197 6.13 z/VM User Directory ...... 201 6.13.1 z/VM User Directory PROFILEs ...... 202 6.13.2 Role-based access controls and CP privilege classes ...... 206 6.13.3 Creating and using z/VM User Directory prototypes...... 208 6.13.4 Creating CMSPROTO...... 208 6.13.5 Creating LNXPROTO ...... 211 6.13.6 Creating a time-based virtual service machine named CRONSVM ...... 212 6.13.7 Creating a console logs repository ...... 215 6.14 z/VM security and hardening...... 217 6.14.1 Using an external security manager for correct resource security ...... 217 6.14.2 Using LOGONBY for correct accountability ...... 218 6.14.3 High-level z/VM security ...... 221 6.14.4 Encrypting communications by using SSL/TLS on z/VM ...... 221 6.15 Backing up and restoring your z/VM system...... 235 6.16 Creating an SFS file pool for Linux virtual machines ...... 237 6.16.1 SFS file pools characteristics ...... 237 6.16.2 Adding a directory entry for the new SFS server machine ...... 238 6.16.3 Generating the SFS file pool for Linux guest systems ...... 239 6.16.4 Adding a directory entry for the SFS administration machine...... 242 6.16.5 Enrolling the Linux virtual machines as USERS ...... 243 vi Virtualization Cookbook: Vol 1: IBM z/VM 7.2 6.16.6 Adding Linux parm files and REXX EXECs to the LNX file pool...... 244 6.17 Creating identity LNXADMIN for Linux administration...... 246 6.18 Monitoring SFS file pool usage ...... 248
Chapter 7. z/VM live guest relocation ...... 251 7.1 LGR considerations...... 252 7.1.1 General considerations before relocation ...... 252 7.1.2 Mandatory memory checking that is performed during relocation ...... 252 7.1.3 Optional memory checking that is performed during relocation ...... 253 7.1.4 Minimizing link and resource contention ...... 253 7.2 Relocate a Linux system ...... 253
Chapter 8. Servicing z/VM ...... 255 8.1 z/VM release schedule ...... 256 8.2 Recommended service upgrades ...... 257 8.3 Applying a recommended service upgrade...... 259 8.3.1 Getting service from the internet...... 259 8.3.2 Downloading the service files ...... 260 8.3.3 Receive, apply, and build the service ...... 262 8.3.4 Putting the service into production ...... 263 8.4 Applying a program temporary fix ...... 265 8.4.1 Getting service by using Shopz ...... 265 8.4.2 Determining whether a PTF was applied ...... 267 8.4.3 Downloading the service to z/VM ...... 268 8.4.4 Receiving, applying, and building the service ...... 270 8.4.5 Putting the service into production ...... 271 8.4.6 Checking for APARMEMO files...... 272 8.5 Determining the TCP/IP service level ...... 273 8.6 Moving on to Linux ...... 274
Chapter 9. z/VM Centralized Service Management ...... 275 9.1 z/VM CSM structure ...... 276 9.1.1 z/VM CSM flow overview ...... 276 9.1.2 z/VM CSM system requirements...... 277 9.2 Setting up z/VM CSM ...... 277 9.2.1 VMPSFS file pool changes ...... 277 9.2.2 User ID privilege class ...... 279 9.2.3 TCP/IP configuration changes ...... 279 9.2.4 VMCSM APAR installation ...... 281 9.3 Working with z/VM CSM ...... 283 9.3.1 Initializing z/VM CSM by using SERVMGR INIT...... 283 9.3.2 Creating a service level...... 286 9.3.3 Adding a managed system ...... 291 9.3.4 Building a service package ...... 294 9.3.5 Sending the service package to the managed systems ...... 296 9.3.6 Putting the service into production ...... 297
Part 3. System management ...... 303
Chapter 10. DirMaint, RACF-connector, and SMAPI ...... 305 10.1 IBM Directory Maintenance Facility...... 306 10.1.1 DirMaint features...... 306 10.1.2 DirMaint structure ...... 307 10.1.3 Finding DirMaint ...... 308
Contents vii 10.1.4 Enabling DirMaint ...... 308 10.2 Tailoring DirMaint ...... 310 10.2.1 Changing default passwords...... 310 10.2.2 Configuring DirMaint ...... 311 10.2.3 Working with DirMaint AUTHFOR file ...... 313 10.2.4 Customizing the EXTENT CONTROL file...... 313 10.2.5 Copy User Direct to be initialized by DirMaint...... 317 10.3 Starting DirMaint ...... 318 10.3.1 Validating DirMaint ...... 319 10.4 DirMaint-RACF Connector ...... 321 10.4.1 Configuring RACF-Connector ...... 321 10.4.2 Adding RACF connector configuration ...... 322 10.4.3 Verifying that DirMaint and RACF work together ...... 323 10.5 Systems Management API ...... 324 10.5.1 Who needs SMAPI ...... 325 10.5.2 Configuring SMAPI to work with RACF...... 325 10.5.3 Shared File System that is used by SMAPI ...... 330 10.5.4 SMAPI requirements...... 332 10.5.5 Configuring DirMaint to support SMAPI ...... 332 10.5.6 Setting up basic SMAPI configuration...... 334 10.5.7 Defining SMAPI on RACF...... 334 10.5.8 Start SMAPI at IPL time ...... 335 10.5.9 Testing SMAPI from the Conversational Monitor System...... 337 10.5.10 Testing SMAPI from Linux by using smaclient ...... 339 10.6 Adding a z/VM user ID ...... 340 10.6.1 DirMaint commands ...... 341
Chapter 11. Deploying and maintaining Linux workloads ...... 345 11.1 Planning a Linux virtual machine ...... 346 11.2 Considerations for disk storage types ...... 346 11.2.1 Direct-attached storage devices (DASD) ...... 346 11.2.2 Direct-attached Fibre Channel ...... 348 11.2.3 Emulated DASD ...... 352 11.2.4 Minidisks ...... 356 11.2.5 HyperPAV ...... 358 11.3 Network attachment options and considerations ...... 361 11.3.1 z/VM virtual switch (VSWITCH) ...... 361 11.3.2 Direct-attached Open Systems Adapter ...... 361 11.3.3 Configuring z/VM to provide direct-attached OSA interfaces ...... 362 11.3.4 Configuring z/VM to provide HiperSockets network interfaces ...... 362 11.4 Common DirMaint tasks ...... 362 11.4.1 DirMaint and the user directory characteristics...... 363 11.4.2 Checking the status of DirMaint and subcomponents...... 363 11.4.3 Adding a USER to z/VM by using a prototype ...... 363 11.4.4 Adding a user to z/VM without the use of a prototype...... 365 11.4.5 Adding an IDENTITY to z/VM by using a prototype ...... 365 11.4.6 Adding an IDENTITY to z/VM without the use of prototypes ...... 365 11.4.7 Changing the amount of memory that is assigned to a user...... 366 11.4.8 Modifying a user ...... 366 11.4.9 Deleting a user ...... 367 11.4.10 Adding a minidisk to a user or identity ...... 367 11.4.11 Getting a copy of the user directory ...... 367 11.4.12 Getting and updating the EXTENT CONTROL file ...... 367 viii Virtualization Cookbook: Vol 1: IBM z/VM 7.2 11.4.13 Cleaning up the work units ...... 368 11.4.14 Checking the DirMaint disk map ...... 368 11.4.15 Dedicating crypto domains ...... 369
Chapter 12. Monitoring z/VM and Linux ...... 371 12.1 Using basic z/VM commands ...... 372 12.1.1 Using the INDICATE command ...... 372 12.1.2 CP Query commands ...... 375 12.1.3 Other basic and useful z/VM commands ...... 379 12.2 z/VM Performance Toolkit...... 381 12.2.1 Configuring IBM Performance Toolkit for VM ...... 381 12.2.2 Configuring web browser support ...... 382 12.2.3 Configure PERFSVM ...... 384 12.2.4 Starting the IBM Performance Toolkit for VM ...... 386 12.2.5 Using the IBM Performance Toolkit for VM...... 387 12.3 Collecting and using raw CP monitor data ...... 390 12.3.1 Collecting CP monitor data ...... 390 12.3.2 Using CP monitor data ...... 392 12.4 Monitoring Linux performance for troubleshooting ...... 394 12.4.1 Monitoring Linux performance from z/VM ...... 395
Chapter 13. Disk storage administration ...... 397 13.1 Adding disk space to Linux virtual machines ...... 398 13.1.1 Making new minidisks or count key data DASD available in Linux...... 398 13.1.2 Making new emulated DASD available in Linux ...... 400 13.1.3 Making new zFCP LUN available in Linux ...... 401 13.2 Adding a logical volume ...... 404 13.2.1 Creating a logical volume and file system...... 404 13.2.2 Updating the file system table...... 407 13.3 Extending a logical volume ...... 408 13.4 Moving a physical volume ...... 411
Chapter 14. Working with networks ...... 415 14.1 Setting up a private interconnect...... 416 14.1.1 Directory Network Authorization ...... 416 14.1.2 Creating a VSWITCH for interconnect ...... 416 14.1.3 Creating an interconnect VLAN on a VSWITCH...... 417 14.2 Creating a HiperSockets device between logical partitions...... 418 14.2.1 Verifying HiperSockets hardware definitions...... 418 14.2.2 Creating a TCP/IP stack on z/OS ...... 418 14.2.3 Configuring the HiperSockets interface on Linux ...... 419 14.2.4 Verifying connectivity ...... 421 14.3 Configuring a port group by using Link Aggregation Control Protocol ...... 421 14.3.1 Exclusive-mode port group ...... 421 14.3.2 Multiple VSWITCH Link Aggregation ...... 423 14.3.3 Global VSwitch recovery...... 433 14.3.4 Link Aggregation Control Protocol ...... 434 14.4 Linux network commands ...... 437
Chapter 15. Miscellaneous recipes and helpful information...... 439 15.1 Installing a package from the IBM VM Download Library ...... 440 15.1.1 CMS-based z/VM web browser...... 440 15.1.2 Quick and easy display of DIRMAINT directory records...... 441 15.1.3 Automatic closure of spooled consoles...... 441
Contents ix 15.1.4 TOOLSRUN ...... 442 15.1.5 EDEVICE path management ...... 442 15.2 Modifying the z/VM LOGON panel ...... 442 15.3 Using DirMaint to set special passwords for an ID ...... 447 15.4 Resuming a revoked ID in RACF/VM ...... 448 15.5 System modifications for wide-screen terminals ...... 449 15.6 Manually formatting DASD for use ...... 452 15.7 Running Linux under z/VM with restricted permissions...... 454 15.8 Mitigating SSH client timeout disconnects ...... 455 15.9 Sharing IBM WebSphere Application Server binaries...... 457
Part 4. Appendixes ...... 459
Appendix A. Configuring a workstation to deploy and administer z/VM...... 461 Basic requirements ...... 462 3270 terminal emulators...... 462 Linux ...... 462 MacOS ...... 462 Windows ...... 463 TTY clients ...... 463 PuTTY: A no-charge SSH client for Microsoft Windows ...... 463 Save sessions...... 469 SSH client on macOS and Linux...... 469 Setting up a VNC client ...... 470 VNC on Microsoft Windows ...... 470 Apple macOS ...... 471 Linux ...... 471 IBM 3270 emulators ...... 471 Microsoft Windows ...... 471 Apple macOS ...... 471 Linux ...... 472 Mobile applications ...... 472 Web-to-host platforms...... 472 Tips for choosing and using a 3270 emulator ...... 472
Appendix B. Reference, cheat sheets, blank worksheets, and education...... 475 Related books and publications ...... 476 Online resources ...... 477 Important z/VM files ...... 478 Cheat sheets ...... 479 XEDIT cheat sheet ...... 479 A vi cheat sheet ...... 480 DirMaint cheat sheet ...... 481 Blank planning worksheet ...... 482 IBM Shop Z ...... 482 Hardware Management Console ...... 483 z/VM Installation Planning Panels (INSTPLAN) ...... 483 z/VM networking resources...... 486 z/VM DASD worksheet ...... 486 Linux resources worksheet ...... 487 Host names and IP addresses worksheet...... 488
Appendix C. Additional material ...... 489 Locating the web material ...... 490 x Virtualization Cookbook: Vol 1: IBM z/VM 7.2 Using the web material...... 490 System requirements for downloading the web material ...... 490 Downloading and extracting the web material ...... 491 z/VM REXX EXECs and XEDIT macros ...... 491 CPFORMAT EXEC ...... 491 SSICMD EXEC ...... 496 PROFILE EXEC for Linux virtual machines ...... 497 RHEL64 EXEC ...... 498 SLES11S3 EXEC ...... 498 SWAPGEN EXEC...... 499 Sample files ...... 499 SAMPLE CONF-RH6 file ...... 499 SAMPLE PARM-RH6 file ...... 499 SAMPLE PARM-S11 file...... 499 Linux code ...... 500 RHEL clone script ...... 500 SLES clone.sh script...... 512 SLES boot.clone script ...... 517
Related publications ...... 523 IBM Redbooks ...... 523 Other publications ...... 524 Online resources ...... 524 Help from IBM ...... 525 IBM wants your input ...... 526
Contents xi xii Virtualization Cookbook: Vol 1: IBM z/VM 7.2 Notices
This information was developed for products and services offered in the US. This material might be available from IBM in other languages. However, you may be required to own a copy of the product or product version in that language in order to access it.
IBM may not offer the products, services, or features discussed in this document in other countries. Consult your local IBM representative for information on the products and services currently available in your area. Any reference to an IBM product, program, or service is not intended to state or imply that only that IBM product, program, or service may be used. Any functionally equivalent product, program, or service that does not infringe any IBM intellectual property right may be used instead. However, it is the user’s responsibility to evaluate and verify the operation of any non-IBM product, program, or service.
IBM may have patents or pending patent applications covering subject matter described in this document. The furnishing of this document does not grant you any license to these patents. You can send license inquiries, in writing, to: IBM Director of Licensing, IBM Corporation, North Castle Drive, MD-NC119, Armonk, NY 10504-1785, US
INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THIS PUBLICATION “AS IS” WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Some jurisdictions do not allow disclaimer of express or implied warranties in certain transactions, therefore, this statement may not apply to you.
This information could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein; these changes will be incorporated in new editions of the publication. IBM may make improvements and/or changes in the product(s) and/or the program(s) described in this publication at any time without notice.
Any references in this information to non-IBM websites are provided for convenience only and do not in any manner serve as an endorsement of those websites. The materials at those websites are not part of the materials for this IBM product and use of those websites is at your own risk.
IBM may use or distribute any of the information you provide in any way it believes appropriate without incurring any obligation to you.
The performance data and client examples cited are presented for illustrative purposes only. Actual performance results may vary depending on specific configurations and operating conditions.
Information concerning non-IBM products was obtained from the suppliers of those products, their published announcements or other publicly available sources. IBM has not tested those products and cannot confirm the accuracy of performance, compatibility or any other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products.
Statements regarding IBM’s future direction or intent are subject to change or withdrawal without notice, and represent goals and objectives only.
This information contains examples of data and reports used in daily business operations. To illustrate them as completely as possible, the examples include the names of individuals, companies, brands, and products. All of these names are fictitious and any similarity to actual people or business enterprises is entirely coincidental.
COPYRIGHT LICENSE:
This information contains sample application programs in source language, which illustrate programming techniques on various operating platforms. You may copy, modify, and distribute these sample programs in any form without payment to IBM, for the purposes of developing, using, marketing or distributing application programs conforming to the application programming interface for the operating platform for which the sample programs are written. These examples have not been thoroughly tested under all conditions. IBM, therefore, cannot guarantee or imply reliability, serviceability, or function of these programs. The sample programs are provided “AS IS”, without warranty of any kind. IBM shall not be liable for any damages arising out of your use of the sample programs.
© Copyright IBM Corp. 2015, 2016, 2021. xiii Trademarks
IBM, the IBM logo, and ibm.com are trademarks or registered trademarks of International Business Machines Corporation, registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the web at “Copyright and trademark information” at http://www.ibm.com/legal/copytrade.shtml
The following terms are trademarks or registered trademarks of International Business Machines Corporation, and might also be trademarks or registered trademarks in other countries.
AIX® IBM Security™ VTAM® DB2® IBM Z® WebSphere® DS8000® IBM z Systems® XIV® eServer™ IBM z13® z Systems® FICON® OMEGAMON® z/Architecture® FlashCopy® Parallel Sysplex® z/OS® GDPS® RACF® z/VM® Global Technology Services® Redbooks® z/VSE® IBM® Redbooks (logo) ® z13® IBM Blue® S/390® z15™ IBM Cloud® Satellite™ zEnterprise® IBM FlashSystem® System z® IBM Garage™ Tivoli®
The following terms are trademarks of other companies:
ITIL is a Registered Trade Mark of AXELOS Limited.
The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a worldwide basis.
Microsoft, Windows, and the Windows logo are trademarks of Microsoft Corporation in the United States, other countries, or both.
Java, and all Java-based trademarks and logos are trademarks or registered trademarks of Oracle and/or its affiliates.
Ansible, Fedora, OpenShift, Red Hat, are trademarks or registered trademarks of Red Hat, Inc. or its subsidiaries in the United States and other countries.
UNIX is a registered trademark of The Open Group in the United States and other countries.
Other company, product, or service names may be trademarks or service marks of others.
xiv Virtualization Cookbook: Vol 1: IBM z/VM 7.2 Preface
This IBM® Redbooks® publication is volume one of five in a series of books entitled The Virtualization Cookbook for IBM Z.
The series includes the following volume: The Virtualization Cookbook for IBM z Systems® Volume 1: IBM z/VM® 7.2, SG24-8147 The Virtualization Cookbook for IBM Z Volume 2: Red Hat Enterprise Linux 8.2 Servers, SG24-8303 The Virtualization Cookbook for IBM z Systems Volume 3: SUSE Linux Enterprise Server 12, SG24-8890 The Virtualization Cookbook for IBM z Systems Volume 4: Ubuntu Server 16.04, SG24-8354 Virtualization Cookbook for IBM Z Volume 5: KVM, SG24-8463
It is recommended that you start with Volume 1 of this series because the IBM z/VM hypervisor is the foundation (or base “layer”) for installing Linux on IBM Z®. All of the volumes are described next.
Concept of the series
This book series assumes that you are generally familiar with IBM Z technology and terminology. It does not assume an in-depth understanding of z/VM or Linux. It is written for individuals who want to start quickly with z/VM and Linux, and get virtual servers up and running in a short time (days, not weeks or months).
Volume 1 starts with a solution orientation, discusses planning and security, and then, describes z/VM installation methods, configuration, hardening, automation, servicing, networking, optional features, and more.
It adopts a “cookbook-style” format that provides a concise, repeatable set of procedures for installing, configuring, administering, and maintaining z/VM. This volume also includes a chapter on monitoring z/VM and the Linux virtual servers that are hosted.
Volumes 2, 3, and 4 assume that you completed all of the steps that are described in Volume 1. From that common foundation, these volumes describe how to create your own Linux virtual servers on IBM Z hardware under IBM z/VM. The cookbook format continues with installing and customizing Linux.
Volume 5 provides an explanation of the kernel-based virtual machine (KVM) on IBM Z and how it can use the z/Architecture®. It focuses on the planning of the environment and provides installation and configuration definitions that are necessary to build, manage, and monitor a KVM on Z environment. This publication applies to the supported Linux on Z distributions (Red Hat, SUSE, and Ubuntu).
© Copyright IBM Corp. 2015, 2016, 2021. All rights reserved. 1 Volumes in this series
This book series consists of the following volumes: The Virtualization Cookbook for IBM z Systems Volume 1: IBM z/VM 6.3, SG24-8147 introduces the entire concept of the IBM virtualization solution by using z/VM to run Linux servers on an IBM Z system. It also describes the z/VM functions, planning, installation, and configuration of a two-member SSI with z/VM 7.2. For Volume 1, you need at least two IBM Z logical partitions (LPARs) with associated resources and z/VM 7.2 installation media. The Virtualization Cookbook for IBM Z Volume 2: Red Hat Enterprise Linux 8.2 Servers, SG24-8303 describes the installation and customization of RHEL. For Volume 2, you need the Red Hat Enterprise Linux Server (RHEL) version 8.2 installation media. The Virtualization Cookbook for IBM z Systems Volume 3: SUSE Linux Enterprise Server 12, SG24-8890 describes the installation and customization of SLES. For Volume 3, the SUSE Linux Enterprise Server (SLES) version 12 media. The Virtualization Cookbook for IBM z Systems Volume 4: Ubuntu Server 16.04, SG24-8354 describes the installation and customization of SLES. For Volume 4, the initial Ubuntu Server 16.04 LTS media plus resources for mirroring. Virtualization Cookbook for IBM Z Volume 5: KVM describes the kernel-based virtual machine (KVM) on IBM Z and how it can use the z/Architecture. For Volume 5, you need KVM distribution installation media.
Main parts of this volume
This volume consists of the following main parts: Part 1, “z/VM cloud concepts and planning” on page 11 In this part, we provide a conceptual overview of how z/VM plays a unique role in virtualization and cloud infrastructures. We also discuss the planning of hardware, software, and networking resources that are needed before you attempt to install z/VM and Linux. We also provide security topics that you should consider before installation. Part 2, “Installation, configuration, and service” on page 95 In this part, we describe how to install and configure z/VM. We discuss live guest relocation and how to service z/VM. We also describe the Centralized Service Management (z/VM CSM) that allows you to manage distinct levels of service for a specific group of z/VM systems. Part 3, “System management” on page 303, includes chapters on the following subjects: – Implementing live guest relocation (LGR) between SSI members – Configuring the Systems Management API (SMAPI) – Enabling IBM RACF® as the External Security Manager (ESM) – Monitoring z/VM and Linux – Describing the Linux system suite of system management daemons, and libraries
2 Virtualization Cookbook: Vol 1: IBM z/VM 7.2 Considerations
The “recipes” that are published in this cookbook are meant to teach your brain how to cook: that is, suitable techniques, methodologies, safety, and what order things must occur. When you know the how, you can more readily understand the why. Than, you can choose to tweak and personalize your “menu.”
It is important to realize that the recommendations and examples that are presented in this book and the others in the series are intended to spark thoughtfulness and meaningful awareness of the entire process. In situations where required, things can and should be adapted to suit your specific needs.
Conventions
The conventions that are described in this section are used in this book and others in the series.
Font conventions in this cookbook series
Monospace and bold Commands entered by the user on the command line monospace Linux file names, directories, and commands MONOSPACE CAPITALS z/VM files, virtual machine and minidisk names, and commands Monospace bold italics Values that were used to test this book, such as TCP/IP addresses. This font convention is used to signify that you need to replace the example value with the correct value for your system or enterprise. Monospace reversed Keys and key combinations that are used to invoke functions or respond.
Command conventions that are used in this cookbook series