IBM United States Software Announcement 221-201, dated May 4, 2021

IBM z/VSE 6.2 brings storage, processing, security, recovery, and data transfer enhancements

Table of contents 1 Overview 5 Technical information 2 Key requirements 7 Ordering information 2 Planned availability date 7 Terms and conditions 2 Description 8 Order now 5 Program number

Overview

IBM(R) z/VSE(R) is an for the IBM Z(R) platform used for traditional batch and online transaction processing applications.

The following hardware support is available with z/VSE 6.2:

• Exploitation of the latest IBM System Storage technology: – z/VSE 6.2 supports IBM System Storage TS7700 R5.1.

• Exploitation of latest IBM z15TM Model T01 and T02 technology: – z/VSE 6.2 provides native support for System Recovery Boost (APAR DY47832). This enables z/VSE to temporarily boost general-purpose central processors (CPs) running at sub-capacity to full capacity in a (LPAR) during system IPL and shutdown. – z/VSE 6.2 supports the configurable IBM Crypto Express7S (APAR DY47834), which enables data encryption and Secure Sockets Layer (SSL) acceleration. Elliptic Curve Cryptography (ECC) with a Crypto Express7S can result in accelerated data-in-flight encryption.

The following support is already available with z/VSE 6.2: • z/VSE supports the IBM Fibre Connection (FICON(R)) Express16S+ and FICON Express16SA, as well as the OSA-Express6S/7S family. • z/VSE supports IBM Fibre Channel Endpoint Security, which provides authentication and data encryption to protect the integrity and confidentiality of data.

z/VSE support for Transport Layer Security (TLS) 1.3: • TLS 1.3 support (APAR DY30239) is based on VSE Crypto Services/OpenSSL 1.1.1d update (APAR DY47825, in March 2020). • VSE/POWER(R) PNET SSL supports all available ciphers, including TLS 1.3 (APAR DY47842). • CICS(R) TS for z/VSE 2.2 supports TLS 1.3 inbound connections (APAR PH28252). • Interactive User Interface (IUI). Various job skeletons (ICCF library 59) have been updated to include TLS 1.3 cipher suites (APAR PH31756). • Updates for z/VSE Connector components for OpenSSL TLS 1.3 support (APAR PH35841).

IBM Data Language/I (DL/I) VSE 1.12.1 support:

• DL/I 1.12.1 adds utility improvements for database recovery (APAR PH29950).

IBM United States Software Announcement 221-201 IBM is a registered trademark of International Business Machines Corporation 1 VSE/POWER: • PNODE Generation Macro for Networking Support is updated to enable acceleration of data transfer (APAR DY47835).

TCP/IP updates: • IBM TCP/IP for z/VSE 2.2 is updated to the 2.2.8 level (APAR PH27676).

Key requirements

z/VSE 6.2 introduced an Architectural Level Set that requires IBM zEnterprise(R) 196, IBM zEnterprise 114, or later.

Planned availability date

May 4, 2021

Description

With improved ease of use and exploitation of the latest IBM Z and IBM System Storage technology, z/VSE 6.2 can help clients with growing z/VSE workloads, and can enable them to better protect their investments in the z/VSE platform.

z/VSE 6.2 offers the following enhancements:

• Enhancements using continuous delivery: – z/VSE 6.2 and CICS TS for z/VSE 2.2 have been generally available since December 1, 2017. Additional functionality has been introduced for online transaction processing, security, and connectivity. – Clients can better integrate z/VSE in a heterogeneous environment using web- based business solutions and z/VSE connectors. • Exploitation of the latest IBM System Storage technology: – z/VSE 6.2 supports IBM System Storage TS7700 R5.1. • Exploitation of latest IBM z15 and IBM z15 Model T02 technology: – z/VSE 6.2 provides native support for System Recovery Boost (APAR DY47832). This enables z/VSE to temporarily boost general-purpose CPs running at sub-capacity to full capacity in an LPAR. It delivers improved overall system and application availability by minimizing the downtime that results from system shutdown and restart operations. -- The speed boost lasts up to 60 minutes during system IPL as well as stand- alone dump processing and up to 30 minutes during system shutdown. -- After the speed boost ends, the CPs being used by the LPAR return to the sub-capacity model speed. This increase applies only to the LPAR being boosted; all other LPARs not being boosted run at sub-capacity model speed, and the machine itself remains a sub-capacity machine.

• z/VSE 6.2 supports the configurable Crypto Express7S (APAR DY47834), which enables data encryption and SSL acceleration. ECC with a CEX7 card can result in accelerated data-in-flight encryption: – Instead of using the CEX7 cards in toleration mode and treating them as Crypto Express6S coprocessors and accelerators, the CEX7 cards are now identified as Crypto Express7S and reported as such in messages and command output (APAR DY47834).

The following support is already available with z/VSE 6.2:

IBM United States Software Announcement 221-201 IBM is a registered trademark of International Business Machines Corporation 2 • z/VSE supports the FICON Express16S+ and FICON Express16SA as well as the OSA-Express6S/7S family. • z/VSE supports IBM Fibre Channel Endpoint Security, which provides server authentication and data encryption to protect the integrity and confidentiality of data.

The capabilities of z/VSE 6.2 are further extended with enhancements delivered through continuous delivery:

z/VSE support for Transport Layer Security (TLS) 1.3

• TLS 1.3 support (APAR DY30239) is based on VSE Crypto Services/OpenSSL 1.1.1d update (APAR DY47825, in March 2020). • VSE/POWER PNET SSL supports all available ciphers, including TLS 1.3 (APAR DY47842). • CICS TS for z/VSE 2.2 supports TLS 1.3 inbound connections (APAR PH28252). • Interactive User Interface (IUI). Various job skeletons (ICCF library 59) have been updated to include TLS 1.3 cipher suites (APAR PH31756). • Updates for z/VSE Connector Workstation components for OpenSSL TLS 1.3 support (APAR PH35841).

With this upgrade, OpenSSL on z/VSE provides support for TLS 1.3.

OpenSSL is an open source project that provides an SSL and TLS implementation as well as key management utilities. See the OpenSSL website for details. OpenSSL on z/VSE provides a z/OS(R) compatible SSL programming interface, which enables existing z/VSE SSL/TLS applications, such as the z/VSE Connector Server and the LDAP client, to run transparently with OpenSSL. Although OpenSSL provides software-based encryption for supported algorithms and key lengths, the z/VSE implementation transparently uses cryptographic hardware, when available, for improved performance. Clients benefit from IBM Z cryptographic hardware and its acceleration of cryptographic operations.

For further information about how to set up SSL/TLS in z/VSE, see the following:

• The z/VSE TCPIP Support manual, especially the section "Selecting the TCP/IP and SSL Implementation to use" • The IBM Redbook Enhanced Networking on IBM z/VSE • The LE/VSE C Run-Time Library Reference manual for further details about the LE/C TCP/IP Socket API Multiplexer

DL/I VSE 1.12.1

DL/I adds improvements for database recovery (APAR PH29950). To enable correct recovery in all situations in which DL/I message DLZ004I (I/O-error) or DLZ005I (out of space) can occur, extensions to the DL/I Log Print utility and DL/I Data Base Backout utility have been provided: • A parameter has been introduced for the DL/I log print utility (DLZLOGP0) that can stop the printing and copying of log records when a DL/I log record with a defined sequence number is reached. This function might be needed when only log records that had been written up to a defined point should be applied during DL/I database recovery. • During DL/I database recovery, it might not be necessary to back out all databases for a Program Specification Block (PSB), but only one or a subset of them. To provide this function, a new input control statement has been introduced for the DL/I Data Base Backout utility (DLZBACK0).

Next to these extensions, a description of the different situations in which message DLZ004I or message DLZ005I can appear together with the appropriate recovery actions has been provided in the DL/I 1.12.1 Release Guide.

VSE/POWER

IBM United States Software Announcement 221-201 IBM is a registered trademark of International Business Machines Corporation 3 PNODE Generation Macro for Networking Support is updated to enable acceleration of data transfer (APAR DY47835). To accelerate data transfer between PNET TCP/ IP nodes by up to 50 times, the system administrator needs to generate the Network Definition Table (NDT) on each system with the new PNODE macro operand SPEED=HIGH for the local node. The PNODE macro is described in the VSE/POWER Administration and Operation manual.

TCP/IP updates

IBM TCP/IP for z/VSE 2.2 is updated to the 2.2.8 level (APAR PH27676).

z/VSE service

z/VSE product and PTF orders from IBM Shopz are available only through the internet and DVD. Recommended Service Levels (RSLs), including January 7, 2021 RSLs, are found on the IBM: z/VSE- Service and support - Preventive web page. z/ VSE V6.2 is the only z/VSE release in service.

z/VSE blogs

For current z/VSE blogs, see the Jens Remus' Blog, which is hosted on the IBM Community Platform within the IBM Z and LinuxONE Community.

z/VSE documentation

For z/VSE product information and documentation, see IBM Documentation.

The following IBM Redbooks(R) are available for z/VSE: • Introduction to the New Mainframe: IBM z/VSE Basics • Security on IBM z/VSE • Migration to CICS Transaction Server for z/VSE V2 • z/VSE Using DB2(R) on Linux(R) for System z(R)

Section 508 of the US Rehabilitation Act

IBM z/VSE 6.2 is capable as of May 4, 2021, when used in accordance with IBM's associated documentation, of satisfying the applicable requirements of Section 508 of the Rehabilitation Act, provided that any assistive technology used with the product properly interoperates with it. A US Section 508 Voluntary Product Accessibility Template (VPAT) can be found on the IBM Accessibility website.

Hardware and software support services

SmoothStart/installation services

IBM SmoothStart Services and Installation Services are not provided.

Reference information

For more information about z/VSE 6.2, see: • Software Announcement 220-123, dated April 14, 2020 • Software Announcement 219-130, dated April 23, 2019 • Software Announcement 218-086, dated April 10, 2018 • Software Announcement 217-203, dated October 10, 2017

For more information about DL/I VSE 1.12.1, see Software Announcement 218-086, dated April 10, 2018.

IBM United States Software Announcement 221-201 IBM is a registered trademark of International Business Machines Corporation 4 For information about IBM z/VM(R) 7.2, see: • Software Announcement 220-305, dated August 4, 2020 • Software Announcement 220-088, dated April 14, 2020

For information about IBM z/VM 7.1, see: • Software Announcement 218-532, dated October 16, 2018 • Software Announcement 218-310, dated August 7, 2018 • Software Announcement 218-150, dated April 10, 2018

For information about z15 Model T01 and T02 enhancements, see Hardware Announcement 121-029, dated May 4, 2021.

For information about z15, see: • Hardware Announcement 120-050, dated August 4, 2020 • Hardware Announcement 120-006, dated April 14, 2020 • Hardware Announcement 120-013, dated January 14, 2020 • Hardware Announcement 119-085, dated November 26, 2019 • Hardware Announcement 119-027, dated September 12, 2019

For information about z14 Model ZR1, see: • Hardware Announcement 118-075, dated October 2, 2018 • Hardware Announcement 118-018, dated April 10, 2018

For information about z14, see:

• Hardware Announcement 118-075, dated October 2, 2018 • Hardware Announcement 117-093, dated November 28, 2017 • Hardware Announcement 117-044, dated July 17, 2017

Business Partner information

If you are a Direct Reseller - System Reseller acquiring products from IBM, you may link directly to Business Partner information for this announcement. A PartnerWorld ID and password are required (use IBMid).

BP Attachment for Announcement Letter 221-201

Program number

Program number VRM Program name 5609-VSE 1.1.0 z/VSE SDO 5686-VS6 6.2.0 z/VSE 5686-CS1 2.2.0 IBM TCP/IP for z/VSE 5746-XX1 1.12.1 DL/I VSE

Technical information

Specified operating environment

Hardware requirements z/VSE 6.2 operates on:

IBM United States Software Announcement 221-201 IBM is a registered trademark of International Business Machines Corporation 5 IBM Z server LPAR image Guest under z/VM 1 IBM z15 (all models) x x IBM z14(R) (all models) x x IBM z13(R) (all models) x x IBM zEnterprise EC12 x x IBM zEnterprise BC12 x x IBM zEnterprise 196 x x IBM zEnterprise 114 x x

Note: x = supported

1 Supported z/VM release required.

Hardware-assisted asymmetric key encryption (RSA only) requires: • Crypto Express7S (in either coprocessor or accelerator mode) on a z15 • Crypto Express6S (in either coprocessor or accelerator mode) on a z14, or z15 • Crypto Express5S (in either coprocessor or accelerator mode) on a z13(R), z13s(R), z14, or z15 • Crypto Express4S (in either coprocessor or accelerator mode) on a zEC12 or zBC12 • Crypto Express3 (in either coprocessor or accelerator mode) on a z196, z114, zEC12, or zBC12

Hardware-assisted symmetric key encryption requires the IBM CPACF feature.

z13, or later, is required for:

• Vector Facility for z/Architecture(R), also referred to as Single Instruction Multiple Data (SIMD)

To support new functions and features, the appropriate machine change levels (MCLs) of IBM Z servers are required. Descriptions of the MCLs are available on the Resource Link(R) website.

Software requirements Many z/VSE clients choose to run under z/VM for operational flexibility or to supplement the capabilities of z/VSE. z/VSE clients who choose to run one or more z/VSE systems as guest systems under z/VM require a supported z/VM release.

For specific functions and for the most current information on z/VM, see the IBM z/ VM virtualization software website.

z/VM enables users to exploit state-of-the-art virtualization technology for one or more of the following reasons: • Multiple z/VSE production, development, or test images • Multiple Linux(R) on IBM Z images to exploit the potential of Integrated Facility for Linux (IFL) specialty engines • Both z/VSE and Linux on IBM Z to extend the z/VSE capabilities with Linux on IBM Z

A z/VM mode logical partition (LPAR) enables clients to run z/VSE images on standard CPs and Linux on IBM Z images on IFLs, all in the same z/VM LPAR for enhanced staff productivity and resource efficiency.

For details, see the Linux on IBM Z mainframe website.

Details of the system requirements for both the CICS Explorer(R) and CICS Explorer SDK are available on the z/VSE operating system and software website.

IBM United States Software Announcement 221-201 IBM is a registered trademark of International Business Machines Corporation 6 Details relating to service and support for CICS Explorer are available on the IBM Support website.

Security, auditability, and control

Some of the announced programs use the security and auditability features of the operating system software.

The client is responsible for evaluation, selection, and implementation of security features, administrative procedures, and appropriate controls in application systems and communication facilities.

Ordering information

Order z/VSE SIPO through the internet

Shopz provides an easy way to plan and order IBM Z software upgrades. Using Shopz, you can quickly generate orders for z/VSE SIPOs. Additionally, Shopz will ensure your order is technically correct (that is, ensures any corequisites or prerequisites or incompatibility conditions are resolved to ensure timely order placement and processing). Shopz is available in all countries. For more details and availability, go to the Shopz website.

Ordering information is unchanged. See Software Announcement 217-203, dated October 10, 2017.

Graduated or processor-based charges: Not applicable.

Basic machine-readable material Ordering information is unchanged. See Software Announcement 217-203, dated October 10, 2017.

Customization options No customization options available.

Publications • For z/VSE product information and documentation, see IBM Documentation. • The following IBM Redbooks(R) are available for z/VSE: – Introduction to the New Mainframe: IBM z/VSE Basics – Security on IBM z/VSE – Migration to CICS Transaction Server for z/VSE V2 – z/VSE Using DB2(R) on Linux for System z(R)

Subsequent updates (technical newsletters or revisions between releases) to the publications shipped with the product will be distributed to the user of record for as long as a license for this software remains in effect. A separate publication order or subscription is not needed.

Terms and conditions

The terms for z/VSE 6.2, as previously announced in Software Announcement 217-203, dated October 10, 2017, are unaffected by this announcement.

IBM United States Software Announcement 221-201 IBM is a registered trademark of International Business Machines Corporation 7 Statement of good security practices

IT system security involves protecting systems and information through prevention, detection, and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, or misappropriated or can result in misuse of your systems to attack others. Without a comprehensive approach to security, no IT system or product should be considered completely secure and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products, or services to be most effective.

Important: IBM does not warrant that any systems, products, or services are immune from, or will make your enterprise immune from, the malicious or illegal conduct of any party.

IBM Electronic Services

The IBM Electronic Service Agent, in combination with IBM Support, is dedicated to providing fast, exceptional support to organizations that have IBM Systems. The IBM Electronic Service Agent is a no-additional-charge tool that proactively monitors and reports hardware events, such as system errors, performance issues, and inventory. The Electronic Service Agent can help you stay focused on your company's strategic business initiatives, save time, and spend less effort managing day-to-day IT maintenance issues. Servers enabled with the Electronic Service Agent can automatically open a problem with IBM Support when covered under IBM warranty or maintenance agreements.

Integrated into the base operating system of IBM i, AIX(R), Power(R) Linux Tools pack, and the Power hardware management console (HMC), the Electronic Service Agent is designed to automatically and electronically report system failures and utilization issues to IBM, which can result in faster problem resolution and increased availability. The Electronic Service Agent includes a powerful web user interface, giving the administrator easy access to configurations, status, tool settings, problem information, and filters. System configuration and inventory information collected by the Electronic Service Agent also can be viewed on the IBM Support website and used to improve problem determination and resolution by you and the IBM support team.

For more information and documentation on how to configure and use the Electronic Service Agent, go to the IBM Electronic Service Agent website.

IBM Support is a single internet entry point that replaces the multiple entry points traditionally used to access IBM internet services and support. IBM Support enables you to gain easy access to IBM resources for assistance in resolving technical problems. The Call Home web, which is available from the My support menu with links to My systems and My inventory, and premium search functions make it easy for organizations with Electronic Service Agent enabled products to track system inventory and find pertinent fixes.

Order now

To order, contact the IBM Digital Sales Center, your local IBM representative, or your IBM Business Partner. To identify your local IBM representative or IBM Business Partner, call 800-IBM-4YOU (426-4968). For more information, contact the IBM Digital Sales Center.

Phone: 800-IBM-CALL (426-2255)

IBM United States Software Announcement 221-201 IBM is a registered trademark of International Business Machines Corporation 8 Fax: 800-2IBM-FAX (242-6329)

For IBM representative: askibm@ca..com

For IBM Business Partner: [email protected]

IBM Digital Sales Offices 1177 S Belt Line Rd Coppell, TX 75019-4642, US

The IBM Digital Sales Center, our national direct marketing organization, can add your name to the mailing list for catalogs of IBM products.

Note: Shipments will begin after the planned availability date.

Trademarks

z15 is a trademark of IBM Corporation in the United States, other countries, or both. IBM, z/VSE, IBM Z, FICON, POWER, CICS, zEnterprise, z/OS, AIX, z/VM, Redbooks, DB2, System z, IBM z14, IBM z13, z13, z13s, z/Architecture, Resource Link, CICS Explorer and Power are registered trademarks of IBM Corporation in the United States, other countries, or both. The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world- wide basis. Other company, product, and service names may be trademarks or service marks of others.

Terms of use IBM products and services which are announced and available in your country can be ordered under the applicable standard agreements, terms, conditions, and prices in effect at the time. IBM reserves the right to modify or withdraw this announcement at any time without notice. This announcement is provided for your information only.Additional terms of use are located at

Terms of use

For the most current information regarding IBM products, consult your IBM representative or reseller, or go to the IBM worldwide contacts page

IBM United States

IBM United States Software Announcement 221-201 IBM is a registered trademark of International Business Machines Corporation 9