Will it work? Does it have Integrity? Is it Secure?
Those that maintain and support z/OS know that these are not easy questions to answer; questions that are made even harder to answer without the right z/OS support tools.
Image FOCUS, ICE/IFO, answers these and other questions for its users interactively and/or continuously, as part of ongoing monitoring.
Overall z/OS System Inspection
System Inspection, a “Virtual z/OS IPL”, begins like a "Real IPL" with the validation of a discovered or provided IPL Unit Address and LOADPARM. LOADxx is filtered, relationships examined, Members in PARMLIB are checked for syntactical correctness, referential integrity, the existence and attribute characteristics of system datasets are validated. These and other inspections report problems that could result in an IPL failure. Subsystem and Sysplex relationships are inspected and/or cross-checked with other Images to determine overall Sysplex Integrity.
Configuration Change Detection
Your team needs to know what's changed - it's the key to their understanding of the z/OS configuration. To answer this critical question and provide the insight needed, Image FOCUS uses "Baseline Services". Operating as part of ongoing Sysplex monitoring, these services build/store “Blueprints” of viable z/OS configurations.
Each contains the member, or file content, discovered during an Inspection. Continuous updates of these Baseline Files ensure that working copies are available if or when configuration member or file recovery becomes necessary.
One Purpose with Three Different Views
The Workbench View
You start your ICE/IFO session by logging on to the Integrity Control Environment (ICE). In this, the Workbench View, you will discover or define one or more Sysplexs and its Images for full System Inspections or their individual components for Unit Inspections. Your work is interactive and recursive.
The Production View
When finished naming and defining a Sysplex and its Images you will use this, the Production View, to promote the definitions into production. Production in this case is a Background exception process where Sysplex definitions or run and findings distributed on a continuous defined schedule.
The Disaster Recovery View
Always concerned for recovery from a failed z/OS component, in this case TSO, ICE/IFO carries forward the tradition of system recovery set with the Stand Alone Environment, ICE/SAE. In this, the Recovery View, you gain access to true ISPF functions, JOB Submission and System Console.
Moving to a new Release of z/OS
Most z/OS Sites are moving to V2.R3 now!
If you are also, New Release Analysis is an ICE/IFO Application you will want to use to your immediate advantage. VTAM-based, this 3270 application that can accurately simulate the operational environment of every available, documented, release of z/OS. This is really important because it means that you won’t have to install a new release of z/OS before you begin your migration project. Begin when you like, on your schedule, when time is available.
z/OS System Programmers generally want the same thing, to be technically current, not necessarily at the “Bleeding-Edge” but close enough to be knowledgeable of release-to-release changes and the impact they will have on their z/OS systems anthed organizational users. But, daily routine when you start a migration project, new release level research, existing system adaptation, new system testing and QA will eat up chunks of your time. Some organizations fill this “Time Gap” with consultants adding yet additional cost to the migration process. We have a better way.
New Release Analysis is a sub-component ICE/IFO. ICE, The Integrity Controls Environment, and has long been a destination for z/OS System Programmers. Many use ICE as an integral, indispensable part of their z/OS management and migration processes. Based on a foundation of IBM documentation, years of real world experience and industry best practices.
The internal core of ICE – the z/OS Inspection Server – that is used to provide constant vigilance over the integrity of defined z/OS Sysplexes and their Images is the same Inspection Server that makes New Release Analysis possible.
Finally, why is Keeping z/OS Current So Important? Simply put, when your system is back-leveled, you begin to lose your technical knowledge base. Some would say you also lose your competitive footing and your organization misses out on increasingly valuable service improvements in reliability, availability and serviceability (RAS), the foundational elements that make z/OS the most reliable and trusted and secure operating system available.
Download a free copy of our eBook - What's New in z/OS V2R3.
Working with the IBM Health Checker for z/OS
That is IPLCheck?
IPLCheck is a standalone system software product designed to help users of z/OS manage and protect the integrity and security of their operating system environment and critical business applications. Once started, IPLCheck works with and under the control of the Health Checker. On demand or at controlled intervals, IPLCheck performs a detailed inspection of an LPAR's IPL status, reporting discovered weaknesses and/or structural risk in IPL components or pathing to the Health Checker. IPLCheck is built upon NewEra’s proven ICE Inspection Server Technology.
How does it work?
Unlike the Predictive Failure Analysis (PFA) Health Checks introduced by IBM that provide early warning of adverse system trends, IPLCheck predicts IPL failures base on an analysis of the IPL definitions and directives found in the PARMLIB concatenation of a target z/OS LPAR. The analytic processes ensure that future IPL requests will be successful and will provide the facilities and functions required for full system operations post-IPL.
So it's a complete z/OS Health Check, right?
Yes, IPLCheck is a z/OS Health Check. But unlike another available Checks is scope and analytics are not necessarily confined to a single LPAR. IPLCheck-Core will automatically discover the UNIT ADDRESS and LOADPARM of it's 'Running System' and using these values proceed through a full inspection reporting its results to the Health Checker. Just like any other well behaved Check.
Its companion Check, IPLCheck-Alternative, differs in that the UNIT ADDRESS and LOADPARM are specified by your system programmer and thus this check can target systems other than the 'Running System'.
What about the z/OS Subsystems?
Good question. When IPLCheck-Alternate is in use its discovery, inspection may be optionally extended to include JES2/3, VTAM and TCP/IP. In addition at this implementation level IPLCheck will compare the running LPALST, LNKLST, APFLST, SYMLST and BPXPARM values against those defined in their related ParmLib Members and report variations resulting form dynamic system configuration updates.
What Users are saying about ICE/IFO
"We have a little over 80 LPARs spread across 22 Sysplexes. Our internal Best Practices dictate that we check each configuration in detail. Getting it right was easier said them done. For me, avoiding an IPL failure, in part, determines my annual bonus. It used to take six of us 4-6 months to roll out an update. Yes, we had problems. We implemented ICE/IFO Inspection and Baselining and now it's just me rolling out an update in days. No problems so far, with that year-end bonus looking pretty good for me, the wife, and kids."
"I'm the 'Network Girl', considered by my organization as the VTAM & TCP/IP 'Expert'. My z/OS colleagues had been using Image FOCUS for some time. From time to time, they had seen me struggle with network configuration problems and knew ICE/IFO could help. I tried it; I liked it. To tell the truth I was amazed at the amount of 'lint' it found in my configurations that hadn't yet risen to the level of an error but could. The interactive reporting detail allowed me to easily clean it up."
"New compliance requirements seem to popup all the time. First, there was NIST, DOD, then HIPAA, GLBA, and PCI now there's GDPR. With each requirement Image FOCUS stepped up and let our examiners 'Check the Box'. Now there is a new buzz about File Integrity Management (FIM). Honestly, as I understand it and with help from the Image FOCUS Blueprint process, we have been doing just that for years with z/OS Configuration datasets and files. I've told management - 'no worries'."