Last Updated: 31 March 2021
z/VM 7.1 Continuous Delivery Function
This page contains a list of continuous delivery function released on z/VM 7.1 after the General Availability date. The items in this list have been included in the base of z/VM 7.2 and future releases of z/VM.
Characteristics of a New Function APAR
| New Function Information | |
| Name | The name of the project. This can include any previous names the project was known by. |
|---|---|
| Description | A brief summary of what changes, who it effects, and why you would care. |
| Status | Along with the current status, this will give indication of key changes since the last iteration of this page. |
| Target availability | Depending on the project, where it is in the cycle, and other factors, this will list TBD, a quarter, a month, or, in cases where it has become available, a date. This is not a commitment and as more is learned about the work and priorities the target availability date will likely be adjusted. |
| Compatibility | This will describe how compatible an item is. In most cases, this will say 'No known incompatibilities'. It is not meant to list all details like a migration guide, but to give some indication of what to expect. |
| Enablement | This will briefly describe how enablement is managed for this Small Product Enhancement. Can it be enabled or disabled? What is the default? Can it be done dynamically? Is it on a virtual machine basis or system wide basis? It is not meant to describe all details of that process, but to give an idea of what's involved. Will also give indication of whether an IPL of the z/VM system is required, or just recycle of virtual machines or new CMS modules. |
| Effect | Describes what effect enabling the code may have beyond the compatibility statement above. Such as may slightly elongate logoff time or CCW translation code paths changed. These are basically meant to be hints as to how the system may respond or behave differently. |
| ISV impact | Indicates any impacts to ISV related products that are known, such as "If using a directory manager product, see vendor for required updates." |
| Linux or hardware interaction | Indicates whether a special level of Linux or hardware is required because of an interaction or dependency. |
| Environment variable name |
If the CP New Function Indication API (APAR VM66439) is installed, the variable name is
used to determine if the function is present on the z/VM system. Variable names are only present on CP New
Function APARs released after the z/VM 7.2 GA date. For non-CP
function, such as CMS, TCP/IP, Performance Toolkit, etc., or CP APARs released prior to z/VM 7.2, there will be no variable associated with the
function and this field will show "N/A". Some new function APARs may introduce more than one environment
variable and/or add new valid values to existing variables. Please see the z/VM
New function Variable List for more information.
This cell has been intentionally highlighted. Cells with this shading have been recently changed. |
| Release(s) | Indicates the releases planned for this enhancement. |
| Service details | See below for the IBM service information. |
| APAR | Information and link to the Authorized Program Analysis Report. |
| PTF | Information and link to the Program Temporary Fix. |
| RSU | Information and link to the Recommended Service Upgrade. |
| Available new function | Date released | Last updated |
|---|---|---|
| TLS/SSL Certificate Verification | June 16, 2020 | December 10, 2021 |
| CMS Pipelines SSL/TLS Enhancements | June 3, 2020 | August 12, 2021 |
| Multifactor Authentication for z/VM | May 22, 2020 | August 12, 2021 |
| Fast Minidisk Erase | December 5, 2019 | December 12, 2019 |
| Dynamic Crypto | September 20, 2019 | February 24, 2020 |
| 80 Logical Processor Support | August 1, 2019 | February 24, 2020 |
| EAV Paging | June 20, 2019 | September 27, 2019 |
| VSwitch Priority Queuing | May 23, 2019 | September 27, 2019 |
| Elliptic Curve Support | December 13, 2018 | May 14, 2019 |
| RSCS Query System Service | December 4, 2018 | May 14, 2019 |
| Dump Scalability | September 21, 2018 | September 25, 2018 |
| 80 Logical Processor Support | |||
| Name | 80 Logical Processor Support | ||
|---|---|---|---|
| Description | This enhancement will relieve the limitation of 64 logical processors per LPAR by increasing the number of logical processors. The objective is to allow customers to run more workload on z/VM by increasing the number of supported logical processors which is especially important when multithreading is enabled. From the customer's viewpoint, this will allow them to define more logical processors for running more workload on each LPAR and possibly use fewer number of LPARs for the same amount of workload. The new limit will be fenced at 80 logical processors. | ||
| Status | Available August 1, 2019 | ||
| Target availability | July 2019 | ||
| Compatibility | No known incompatibilities. | ||
| Enablement | APAR VM66301 / PTF UM35496 must be installed as a pre-requisite. Apply PTFs and re-IPL z/VM to activate the code. | ||
| Effect | View the 80 Logical Processors performance report. | ||
| ISV impact | No known ISV impacts. | ||
| Linux or hardware interaction | Requires z14 or higher. No known Linux interaction at this time. | ||
| Environment variable name | N/A | ||
| Release(s) | z/VM 7.1 New Function APAR | ||
| Service details | CP | SAD | Perfkit |
| APAR | VM66265 | VM66296 |
7.1: VM66292 6.4: VM65863 |
| PTF | R710 UM35474 | R710 UM35499 | R710 UM35501 R640 UM35472 |
| RSU | z/VM 7.1 - 2001 | ||
| Additional information | z/VM Spotlight: 80 Logical Processor Support | ||
| CMS Pipelines SSL/TLS Enhancements | |
| Name | CMS Pipelines SSL/TLS Enhancements |
|---|---|
| Description | Enhancements to the CMS Pipelines TCP/IP stages that allow applications to establish secure connections using SSL/TLS. Both implicit SSL/TLS connections (eg HTTPS) and explicit SSL/TLS connections (eg FTP) are supported. A sample stage will be provided to implement a client for FTP with SSL/TLS. |
| Status | Available June 3, 2020 |
| Target availability | June 3, 2020 |
| Compatibility | Upward compatible; existing applications that do not require SSL will continue to work as before. |
| Enablement | Requires a working z/VM System SSL configuration. CMS Pipelines applications need some changes to enable secure connections. |
| Effect | TBD |
| ISV impact | No known impacts at this time. |
| Linux or hardware interaction | N/A |
| Environment variable name | N/A |
| Release(s) | z/VM 7.1 New Function APAR |
| Service details | See below for the IBM service information. |
| APAR | VM66365 |
| PTF | UM35658 |
| RSU | z/VM 7.1 - 2101 |
| Dump Scalability | |
| Name | Dump Scalability |
|---|---|
| Description | Dump processing will be enhanced to reduce the time required to create, process, and transmit data from SNAPDUMP and Hard Abend dumps. A new system default will generate dump data that is usually considerably smaller in size, requiring less space to store these dumps in the system SPOOL and as CMS files. The increased efficiency of dump processing saves time and resources, and removes an inhibitor to the deployment of z/VM configurations with large amounts of memory. |
| Status | Available September 21, 2018 |
| Target availability | September 21, 2018 |
| Compatibility | No known incompatibilities. |
| Enablement | IPL the z/VM system with the dump scalability support to activate. |
| Effect | TBD |
| ISV impact | No known impacts at this time. |
| Linux or hardware interaction | No known Linux or hardware interaction. |
| Environment variable name | N/A |
| Release(s) | z/VM 7.1 |
| Service details | Included as part of z/VM 7.1 release |
| APAR | N/A |
| PTF | N/A |
| RSU | N/A |
| Dynamic Crypto | |
| Name | Dynamic Crypto |
|---|---|
| Description | Dynamic Crypto support will enable dynamic changes to the cryptographic (crypto) environment on a z/VM system. This will allow the addition or removal of Crypto Express adapters, as well as maintenance and repair of Crypto Express adapters, to be less disruptive to the system and guests running on the system. It will also allow the flexibility to change crypto resources between dedicated and shared use. New commands will be added to provide customers with an interface to make these changes without requiring an IPL of z/VM or an IPL of the guest. |
| Status | Available September 20, 2019 |
| Target availability | Third Quarter 2019 |
| Compatibility | QUERY CRYPTO and QUERY VIRTUAL CRYPTO output will have incompatible changes. |
| Enablement | APAR VM66206 / PTF 35449 must be installed as a pre-requisite. This PTF must be installed on all members of an SSI cluster regrardless of whether Dynamic Crypto is on the other systems. Apply Dynamic Crypto PTFs and re-IPL z/VM. Use new crypto commands to execute function. |
| Effect | Allows greater flexibility and less disruption in managing crypto resources. |
| ISV impact | No known impacts at this time. |
| Linux or hardware interaction | For dedicated crypto resources, additional steps may be needed to make a crypto resource offline/online from the guest's perspective (e.g. using Linux commands). |
| Environment variable name | N/A |
| Release(s) | z/VM 7.1 New Function APAR |
| Service details | See below for the IBM service information. |
| APAR | VM66266 |
| PTF | UM35531 |
| RSU | z/VM 7.1 - 2001 |
| Additional information | z/VM Spotlight: Dynamic Crypto |
| EAV Paging | |||
| Name | EAV Paging | ||
|---|---|---|---|
| Description | Support for Extended Address Volumes (EAV) for z/VM paging space. This New Function APAR enhances the z/VM Control Program (CP) by allowing paging space to be located on Extended Address Volumes. As systems continue to grow, the need for paging space has increased. This New Function APAR will allow allocation and use of paging space on ECKD devices above x'FFF0' cylinders. Support for larger paging devices allows customers to define sufficient paging capacity for z/VM partitions with large memory sizes and reduces the burden of managing a large number of smaller paging devices. | ||
| Status | Available June 20, 2019 | ||
| Target availability | July 2019 | ||
| Compatibility | No known incompatibilities. | ||
| Enablement | System would need to be IPLed to pick up code (both CP and the CPFMTXA utility would be updated), Extended Address Volumes would need to be available and formatted for paging space. | ||
| Effect | Expect paging subsystem to have significant updates to code, but the paging rate is not expected to change. | ||
| ISV impact | No known impacts at this time. | ||
| Linux or hardware interaction | No known Linux interaction at this time. Extended Address Volumes would need to be available and formatted for paging space. | ||
| Environment variable name | N/A | ||
| Release(s) | z/VM 7.1 New Function APAR | ||
| Service details | CP | CMS | Perfkit |
| APAR | VM66263 | VM66297 | VM66293 |
| PTF | R710 UM35475 | R710 UM35483 | UM35484 |
| RSU | z/VM 7.1 - 1902 | ||
| Additional information | z/VM Spotlight: EAV Paging | ||
| Elliptic Curve Support | |
| Name | z/VM TCP/IP Elliptic Curve Cryptography (ECC) Cipher Suite Support for Transport Layer Security (TLS) |
|---|---|
| Description | Enable support for the new cryptographic algorithms that were previously added for use by System SSL through the gskkyman interface. These new cryptographic algorithms provide stronger security ciphers for the TLS/SSL server and brings it closer to TLS 1.2 compliance. |
| Status | Available December 13, 2018 |
| Target availability | December 13, 2018 |
| Compatibility | No known incompatibilities |
| Enablement | ECC Ciphers will be enabled by default for use by TLS/SSL (Table 39 in the z/VM TCPIP Planning and Customization will be updated to indicate the ciphers enabled by protocol and mode). In order to use this support, an ECC certificate must be created in the gskkyman database and specified for use on a secure connection. |
| Effect | There may be a slight performance improvement since ECC is considered to be faster than traditional cryptographic algorithms. View the Elliptic Curve Support performance findings. |
| ISV impact | No known impacts at this time. |
| Linux or hardware interaction | No known Linux or hardware interaction. |
| Environment variable name | N/A |
| Release(s) | z/VM 7.1 New Function APAR |
| Service details | See below for the IBM service information. |
| APAR | PI99184 |
| PTF | UI60128 |
| RSU | z/VM TCP/IP 7.1 - 1901 |
| Fast Minidisk Erase | ||
| Name | Fast Minidisk Erase | |
|---|---|---|
| Description | Remove data from minidisks more quickly than current techniques | |
| Status | Available December 5, 2019 | |
| Target availability | Fourth Quarter 2019 | |
| Compatibility | No known incompatibilities. | |
| Enablement | Apply PTFs and replace CPFMTXA exec. Function is enabled through DirMaint or by using a new option on CPFMTXA. Does not require IPL of z/VM CP to pick up changes. | |
| Effect | Reduces elapsed time to delete users with DirMaint and for other activities that require minidisk data erasure. | |
| ISV impact | No known impacts at this time. However, exploitation is possible. | |
| Linux or hardware interaction | No Linux or hardware interaction. | |
| Environment variable name | N/A | |
| Release(s) | z/VM 7.1 New Function APAR | |
| Service details | CP | DirMaint |
| APAR | VM66288 | VM65784 |
| PTF | UM35563 | UV99356 |
| RSU | z/VM 7.1 - 2001 | z/VM 7.1 DirMaint - 2001 |
| Multifactor Authentication for z/VM | |
| Name | Multifactor Authentication for z/VM |
|---|---|
| Description | Introduces support for a z/VM system with an External Security Manager to authenticate a z/VM userid via a non-password token. |
| Status | Available May 22, 2020 |
| Target availability | May 22, 2020 |
| Compatibility | No change to default authentication behaviors. If enabled for MFA use, fallback support will be configurable for emergency-use only. |
| Enablement |
After application of the PTF, use appropriate ESM commands to designate
a z/VM userid as requiring MFA for logon (RAC ALTUSER or similar). Note
that the IBM Z Multifactor Authentication product must be installed in
order to process MFA requests from z/VM; refer to the
announce
letter for IBM Z MFA for more information.
For information regarding set-up and configuration, consult the IBM Z MFA documentation. |
| Effect | No effect for any z/VM guest which is not marked as requiring MFA support. Users of MFA support will need to acquire a derived credential from the MFA web service in order to logon via TN3270 (Telnet) or FTPS. The time of validity for this credential, as well as its reuse, is configurable. Administrators should only enable MFA for human users, as technical users (service virtual machines) or existing applications may not be able to acquire derived credentials in an appropriate time window. |
| ISV impact | If you have an ISV product for ESM, please see your vendor for appropriate updates. |
| Linux or hardware interaction | The MFA web service must run inside a Linux on Z guest. It is recommended that this Linux guest be configured exclusively for MFA use, in order to prevent any potential security or privacy issues in sharing a guest for multiple functions. Please consult appropriate product information (5655-MA1) for details regarding minimum service levels, package requirements, and supported distributions. |
| Environment variable name | N/A |
| Release(s) | z/VM 7.1 with the PTF for CP APAR VM66324 applied |
| Service details | See below for the IBM service information. |
| APAR | VM66338 |
| PTF | UV99363 |
| RSU | z/VM 7.1 RACF - 2101 |
| Additional information | July 7, 2021: MFA fixpack is now available. See z/VM Service APAR VM66528: RACF FIXPACK TO ADDRESS MFA ISSUES / PTFs UV99401 (7.1), UV99401 (7.2) for more information. |
| RSCS Query System Service | |
| Name | RSCS Query System Service |
|---|---|
| Description | This provides a means for querying the latest APAR applied to each part that makes up the RSCS LOADLIB. |
| Status | Available December 4, 2018 |
| Target availability | December 2018 |
| Compatibility | No known incompatibilities. |
| Enablement | Apply PTF and re-IPL the RSCS server to activate the code. |
| Effect | None |
| ISV impact | No known impacts at this time. |
| Linux or hardware interaction | No known Linux or hardware interaction. |
| Environment variable name | N/A |
| Release(s) | z/VM 7.1 New Function APAR |
| Service details | See below for the IBM service information. |
| APAR | VM66174 |
| PTF | UV99342 |
| RSU | z/VM RSCS 7.1 - 1901 |
| TLS/SSL Certificate Verification | |||
| Name | TLS/SSL Certificate Verification | ||
|---|---|---|---|
| Description |
Add support to allow authentication of client certificates, host
name validation and extraction of fields from a certificate.
Client certificate authentication support will allow a server to verify a client by examining the client certificate to ensure it has been signed by a certificate authority that the server trusts and that it has not expired, The client authentication support that was previously added to dynamically secured Telnet connections will be expanded to the z/VM FTP and SMTP servers. Additionally, the PORT statement in the TCPIP Config file will be updated to allow client certificate authentication for statically secured connections. Host Name Validation support will allow a client to verify the identity of a server by passing a string containing a Host Name, Domain Name or IP Address on the handshake request. The string will be compared to fields in the server certificate. If the string is not contained within the server certificate, the client may decide to fail the handshake. In addition to the above support, new APIs will be provided to allow fields to be extracted from a client or server certificate. Finally, this PTF also changes the z/VM Telnet server's default CLIENTCERTCHECK setting from NONE to PREFERRED. |
||
| Status | Available June 16, 2020 | ||
| Target availability | Second Quarter 2020 | ||
| Compatibility |
LE APAR VM66349 changes the definition of the SecureDetail structure.
Any programs currently using the SecureDetail structure may need to be
modified. When Host Name Verification is enabled, values inside your server's digital certificate will be checked against the hostname or IP address of the TCP/IP stack. Use of this option may potentially require new or updated digital certificates, if such fields have not already been included. |
||
| Enablement |
New configuration options will be added to the SECURE statements in the
FTP and SMTP server configuration files to request verification of
client certificates. For statically secured connections, new options
will be added to the PORT statement.
New APIs will allow fields to be requested from a local or partner certificate. The new APIs include a TCPSCERTDATA call for Pascal routines and a new SIOCGCERTDATA ioctl code for IUCV and C routines. For Host Name Verification, the SecureDetailType structure has been updated with a new Version field. When the Version is set to 1, a new SecureDetailExtension can be included on a secure client call to specify an FQDN, host name or IP Address to be compared against a server certificate to verify the identity of the server. The z/VM Telnet client will be updated to use the new SecureDetailExtension. The above support requires new TCPIP, SSLSERV, NETSTAT, SRVRFTP, SMTP, FTP and TELNET modules. In addition, a new version of CMS and LE is required for the SSL servers and any users that will be issuing the new SIOCGCERTDATA ioctl. A restart of all of these clients and servers will be required. No restart of z/VM itself is required. |
||
| Effect | Because of the change to the z/VM Telnet server's default CLIENTCERTCHECK setting, connections to the z/VM Telnet server might take longer to establish and CPU consumption in the z/VM TLS/SSL servers might increase. | ||
| ISV impact | No known impacts at this time. | ||
| Linux or hardware interaction | No known Linux or hardware interaction. | ||
| Environment variable name | N/A | ||
| Release(s) | z/VM 7.1 New Function APAR | ||
| Service details | TCP/IP | CMS | LE |
| APAR | PH18435 | VM66348 | VM66349 |
| PTF | UI69975 | UM35651 | UM35650 |
| RSU | z/VM 7.1 TCP/IP - 2101 | z/VM 7.1 - 2101 | z/VM 7.1 - 2001 |
| VSwitch Priority Queuing | |||
| Name | VSwitch Priority Queuing | ||
|---|---|---|---|
| Description | Currently all VSwitch outbound traffic to the external network is transmitted at the same priority. When VSwitch Priority Queuing is enabled, z/VM will establish multiple OSA QDIO Output queues, and transmit data to the external network at different priorities. | ||
| Status | Available May 23, 2019 | ||
| Target availability | June 2019 | ||
| Compatibility | No known incompatibilities. | ||
| Enablement | Apply PTFs and re-IPL z/VM. Enablement can be handled through DEFINE VSWITCH command. Priorities can be set via NICDEF or SET VSWITCH. Priority queueing on the OSA card is enabled by default. | ||
| Effect | View the VSwitch Priority Queuing performance report. | ||
| ISV impact | ISV directory maintenance support products may require changes for the new option on the NICDEF directory statement. ISV performance monitoring products may require changes for the new Monitor record fields. | ||
| Linux or hardware interaction | Priority queueing is supported on all available OSA-Express features. It does require an OSA configuration change via IOCP or HCD. No known Linux interaction. | ||
| Environment variable name | N/A | ||
| Release(s) | z/VM 7.1 New Function APAR | ||
| Service details | CP | TCPIP | DirMaint |
| APAR | VM66219 | PH04703 | VM66223 |
| PTF | UM35465 | UI62768 | UV99352 |
| RSU | z/VM 7.1 - 1902 | z/VM 7.1 TCP/IP - 1902 | z/VM 7.1 DirMaint - 1901 |
| Additional information |
z/VM Spotlight: Virtual Priority Queuing Virtual Switch Priority Queuing PDF presentation (16 slides, 1MB) |
||